Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
This group should mostly be dealing with how web applications enable networking security issues that are otherwise not there. Everything is being tunneled over port 80 now so what does that enable and how do we fix it? 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Cisco exploits
Posted by: hackathology
Date: March 14, 2007 11:57AM

Anyone here does audit for cisco devices and research for cisco exploits? I am a researcher for cisco exploits myself and i would love to know if anyone here shares the same field as me.

http://hackathology.blogspot.com

Options: ReplyQuote
Re: Cisco exploits
Posted by: id
Date: March 14, 2007 04:27PM

I audit Cisco and just about anything you may connect to a network. From time to time I will find an 0day, but I don't actively search for flaws, mostly just don't have the time.

-id

Options: ReplyQuote
Re: Cisco exploits
Posted by: ntp
Date: March 14, 2007 09:26PM

get a copy of BinNavi and go to town. Cisco makes the most buggy and insecure code on the planet.

anyone who would like to work with me and can provide a license/support for both IDA and BinNavi - please post here or message me privately. i am desperately seeking to work on many Cisco vulnerability ideas I've had for the past 10+ years, but lack the tools necessary to complete the task.

however, i don't wish to work on exploits - only vulnerabilities with limited and/or crippled PoC's. however, it would be interesting to work with a shellcode / reliable exploit expert (preferably something like Mosquito, but that can go polymorphic / cross-platform) to extend Metasploit (or CANVAS, CORE Impact, etc) for Cisco/etc.

Also - anyone willing to work on an elsenot.com project for any networking-related companies, especially Cisco, Juniper, and Check Point - also please contact me.

I'm also looking for resources on ScreenOS or IPSO internals (I have tons of material on CatOS, IOS, JunOS, etc) if anyone has any pointers.

Lots to be said about this subject.

Options: ReplyQuote
Re: Cisco exploits
Posted by: hackathology
Date: March 14, 2007 11:01PM

id, care to share some 0 day?

http://hackathology.blogspot.com

Options: ReplyQuote
Re: Cisco exploits
Posted by: id
Date: March 15, 2007 02:48AM

The only current ones I have are dos's, and I would rather not share them. However if I come across something that isn't a dos, and isn't live on a customer site, I will.

-id

Options: ReplyQuote
Re: Cisco exploits
Posted by: hackathology
Date: March 15, 2007 02:58AM

thank you so much. I see if i can find myself some vulnerabilies too, but i guess its hard for me because i dun read binaries. Any new stuff, i will post it in http://hackathology.blogspot.com

http://hackathology.blogspot.com

Options: ReplyQuote
Re: Cisco exploits
Posted by: Halvar
Date: September 11, 2007 12:53PM

Hey there,

if the research is sufficiently cool, we'll provide the tool.
Can you drop me an email ?

Cheers,
Halvar

Options: ReplyQuote
Re: Cisco exploits
Posted by: hackathology
Date: September 23, 2007 08:06AM

Wat do u mean Halvar? U wanna write a tool based on the exploits?

http://hackathology.blogspot.com

Options: ReplyQuote
Re: Cisco exploits
Posted by: ntp
Date: November 23, 2007 09:51PM

hackathology Wrote:
-------------------------------------------------------
> Wat do u mean Halvar? U wanna write a tool based
> on the exploits?

I think he means that he can provide BinNavi, etc to people who have very interesting research.

I'd consider but I have too many projects right now and would have to re-assemble my Cisco exploit resources. Also, this is more trivial now that the Shellcoder's Handbook, 2nd Edition became available. In Chapter 13, FX has a section on reverse engineering IOS where he demonstrates how to take the IOS images apart.

My stopping point the last time that I played with IOS images under IDA Pro Advanced was to try and get named functions from the symbol table (but this didn't work even for images that included a full symbol table) in order to do Michael Lynn style analysis. It turns out that because Cisco builds their code using the GNU toolchain, the next function starts exactly where the last one ended. This has the problem where IDA fails to identify functions. On page 350, an IDAPython script is provided to convert all non-function blocks into functions that IDA can read. I left off here in June 2006, and would have to backtrack quite a bit to get to that point again. I had spent months with my head in PowerPC assembly and Cisco IOS images and bugs - and haven't spent any cycles in any of that, since its not as useful to me anymore (especially with the whole Apple Intel transition that was also going on at the time).

If I ever have any time to spend on this sort of large project again, maybe I'll contact Halvar or post more about my interest/success.

Options: ReplyQuote


Sorry, only registered users may post in this forum.