Time
5 minutes
Difficulty
Intermediate

Video Transcription

00:00
hello and welcome back to breaking stuff with Joe. Today's video is going to be another short when we're gonna be using the Cisco Auditing tool, a really awesome automated utility for finding vulnerabilities in Cisco products. Be they routers, switches What have you? It goes through a series of password guessing processes,
00:18
basic vulnerability, exploitation and searching. Just a really great sort of first past tool
00:23
at cracking Cisco devices. So that's what we're going to cover today in breaking Stuff with Joe shouldn't take very long. It's a one line command really easy to do, and then you'll be able to take that and go break some stuff on your own. So stay tuned for the Cisco auditing tool.
00:40
Here we are, as always, in our Callie V. M. And again I mentioned, this is a pretty easy tool to run. It's another automated tool, and you know how we love those here on breaking stuff with Joe. So it's one that's mostly this video is to make sure that you know about it and know that it's a great tool tohave in your toolbox for dealing with Cisco products.
00:57
So from our sister from our system from our
00:59
Callie command line to say it more correctly there from Cali command line. We're just gonna go ahead and run capped. Now, it's important to note that the command for the Cisco auditing tool is all cat. If you run lower case, it's a very different tool
01:11
that may not actually do anything now because I haven't given it something to Cat.
01:15
But if we look at here, for example, cat,
01:21
there you go.
01:23
So
01:23
we're gonna do this in all caps, and that's a very important gotcha.
01:26
And we're just gonna run the command. There we go.
01:30
And you could see here. It's got a very short list of auctions. I mentioned that one of the things that it does the best is password guessing s O. The tool that I have set up on the other side that we're gonna be aiming this at is actually a really simple network utility. I don't have a full Cisco router because actually trying to get in to break one of their tools on the areas.
01:49
A bit of a
01:51
a bit of a challenge, but a hurdle and I got in a bunch of trouble the last time I targeted something that was actually on our real development network. So I set up a simple network utility so that you can see this tool being run without us, you know, violating any computer fraud and abuse. That's so all you're gonna give it as arguments are going to be the host name or the host file. Depending on
02:09
if you're scamming a single host or multiple today, we're gonna be skating a single host,
02:14
and they're going to give it a default port. Generally speaking, the default port is 23. They're going to give it a port. The default port is 23 on. Then you'll have word lists, password lists for pastor guessing and community named guessing. Uh, there's an IOS history bug that's really interesting that you can try and target
02:30
andan. Of course you got your standard. Do we want to log us to the screen or to a file? And do we want quiet mode?
02:36
So when I run this, it's gonna execute very, very quickly because the network utility that it hits is gonna fall apart on basically, just break a soon as this tool attacks it, which is totally fine, because I don't give us the chance to see this in motion. Now, you noticed that file that I just did a cat against a second ago. The top 12,000 passwords. We're gonna go ahead and use that as our password list for this tool.
02:54
So we're gonna go ahead and say cat
02:57
and we're going to target a single host, which is going to be 10 dot owed up
03:01
2.15
03:04
and a password list of top
03:06
12,000. Probable. So, like I said, once we run this, it's gonna just hit that utility and break into 1000 pieces, and it should time out almost immediately. Once it's finished the connection on dhe, you'll be able to see this Sort of the very easy. What does it actually looked like when you hit?
03:21
Enter.
03:22
So you go, it's gonna spit out the tool. It's gonna tell you the host, and that's gonna try and guess passwords. Uh, I think I gave it the wrong. Are you in there?
03:30
Yep. It should be Tak es not tech piece. So we'll fix that. Run it again
03:38
due to their low tech a there, you know? So now tries to guess passwords, and you can see that it took that cool down pretty quickly, and the pattern match ended up timing out after just a few password attempts. So that's how it runs. If you actually run it against a fully fledged Cisco router instead of the very small Web service that I set up,
03:55
it'll run for a lot longer. Obviously, it will attempt to get all of the passwords
04:00
and community names. We've got bios giver for that. And then it's going to look for some basic Cisco vulnerabilities. So, like I said, this is a really useful tool to run it very quickly. Once you identified a Cisco device is just hit it with this and try and cracks and passwords. I use it pretty often when I'm targeting networks that are very Cisco heavier, Cisco based which, given the prominence of obviously not just Cisco but
04:19
all of the Cisco networking certifications tends to be most of them
04:23
people are running bare metal systems. You can pretty much bet that they're routers are gonna be Cisco,
04:28
And so whenever I see those, I run cat against that target with a password list, usually 10 to 12,000 passwords. I pulled this one right off. Get hub. You confined tons of them. They're very, very easy to track down. As I've mentioned in previous password cracking videos.
04:43
That's all there is for today for breaking stuff with Joe. You now see this. You have not seen this Cisco auditing tool.
04:47
You've learned about it. What? What it's useful for and you could target with. And you've learned what the command actually looks like being run. So go ahead, take this tool, go out there and break stuff, and we'll see you back here next time on breaking stuff with Joe on Cyber Eri on demand.

How to Use CAT (BSWJ)

The Cisco Auditing Tool is a Kali utility used for scanning Cisco devices to identify common vulnerabilities, weak passwords, and guessable group names. It's a handy way to quickly work through a list of Cisco appliances in search of new attack vectors.

Instructed By

Instructor Profile Image
Joe Perry
Senior Technical Instructor at FireEye, Inc
Instructor