Cisco IOS Shellcode Demonstration

Cisco IOS Shellcode Demonstration

13.11.2007, 20:54

Fugitif

Постоянный

Регистрация: 23.09.2007

Сообщений: 416

С нами: 9806786

Репутация: 869

Cisco IOS Shellcode Demonstration

Embedded Systems Security

High quality versions of the three Cisco IOS shellcode demonstration

Цитата:

Please note that each shellcode (written in PowerPC assembly language) is being launched from GDB within a development environment rather than as the payload to an exploit. The "Development server" is connected to the Cisco router (2600 Series) via a serial cable (for GDB debugging) and via Ethernet (for TCP/IP communications).

It takes a short while for the shellcode to start functioning as it has been hooked into the IOS image checksumming routine that runs every 30-60 seconds. When each starts running, the arbitrary text "<args-warning>" is displayed on the console to indicate successful execution of the shellcode.

Bind Shell

· Requires four hard-coded addresses of functions within IOS

· Creates a new VTY

· Sets a password on the VTY

· Privilege escalates to level 15

Video: Bind Shell

http://www.irmplc.com/content/videos...bindshell.html

Reverse Shell

· Requires five hard-coded addresses of functions within IOS

· Creates a new VTY

· Privilege escalates to level 15

· Opens a new TCP connection

· Binds the VTY to the TCP connection

Video: Reverse Shell

http://www.irmplc.com/content/videos...ell_final.html

Two byte rootshell or Tiny Shell

· Requires up to one (sometimes none) hard-coded addresses within IOS

· Removes the requirement to authenticate to a currently active VTY

· Privilege escalates to level 15

Video: "Two byte rootshell" or Tiny Shell

http://www.irmplc.com/content/videos...ell_final.html

More Info:

http://www.irmplc.com/index.php/153-...stems-Security

𝕏 Twitter Reddit Telegram Копировать ссылку