Time
5 minutes
Difficulty
Intermediate

Video Transcription

00:03
Hello, everyone, welcome back to breaking stuff with Joe, I as always, and you're eponymous host Joe Perry. I'm the director of research here at Psy Berry, and it is my very good fortune to be the person creating the breaking stuff with Joe Siri's today's tool. Today's topic is going to be Cisco CS, A built in Cali utility.
00:23
It is specifically used for identifying and exploiting Cisco
00:27
Technologies. Routers, switches, all Cisco networking tools Now Cisco CS. For those of you who are in security, I have heard of it before. You'll probably know that this is a very old were talking on the order of about a decade old. Now it's targeting, you know,
00:42
older versions of Cisco Devices. It's not as updated as a lot of the pen testing tools,
00:48
and the reason why it still gets a place in the breaking stuff with Joe Cannon is because it is still shockingly effective. One of the things that I always teach young pen testers that I always want security experts to understand is that if a target is using all brand new, top of the line systems that are carefully configure with a security expert, you're probably not going to get in, but
01:07
no one's doing that.
01:08
Even in a start up, even a tiny company. There's gonna be old technology. There's gonna be somebody's router from their house. You're going to find outdated tech and almost all the time. That is the easiest and fastest way into a system. Which is why I, like I said, we're still gonna talk about Cisco CS because just because the tool is old doesn't mean its targets are gone.
01:27
So, of course, this tool, as I said, it looks for Cisco Devices. You just feed it a range of addresses. That's all you give. It is an argument, and it runs through. Each of those addresses tries to make a connection and determines if the device to which it is connected is a Cisco tool. If it is a Cisco tool than it's going to come back and it's going to try and explain some of the basic vulnerabilities,
01:47
there are tons and tons of potential vulnerabilities that can be exploited, open ports,
01:52
default configurations, the default Cisco password, tons and tons of potential vulnerabilities in a given Cisco device and this tool, the Cisco CS is going to look for all of them. So again, over the course of the next several minutes, this is gonna be one of the shorter breaking stuff with Joe videos because it's a single line command that does all of your work for you.
02:09
But over the course, the next couple of minutes, we're going to see how we can use this Cisco Zs
02:14
toe, identify and exploit Cisco devices on our target network. And, of course, by the end of this video, you're going to see how you can use Cisco CS to break stuff every day.
02:23
So as I mentioned in the intro to this video, the Cisco Oh siesta is kind of dated. It's one of the older tools you're going to see a video on here on breaking stuff, Joe, but it's still a great pool to use, and I still use it because, as I've said before, I will stop using a tool. When I stop getting results with it and because I still get results with this one, I'm gonna keep using it.
02:44
Fortunately, the great news about this is that the Cisco CS Tool
02:46
is one of the easiest will use and fastest to learn. So in order to actually run it, all we're gonna do is we're in Texas Co that tack O C s. And we're just gonna give it the help command. And you could see kind of ugly print out here. All zoom out a little bit.
03:02
You can't clean it up. There you go. So you can see this is all of the documentation there is for Cisco C s U Just give it you just run that command and then you give it to I p s start and the end of the range that you're going to search on. So to kind of break down what this tool is actually doing. I kind of talked about in the intro, but I want to really make it clear
03:21
this is going to search over this. I p range from your start to your end
03:23
and it's going to attempt and identify. Excuse me. It's going to
03:28
attempts to identify. There we go every single Cisco tool that is on that network. If it finds one, it will then perform a series of sort of basic vulnerability. Assessments against it will see if the admin or if the user name and password, or Cisco, which is a default. It's going to see if it's got any weak or any of the well known vulnerabilities on it
03:46
just sort of break down piece by piece.
03:47
Is there anything we can do to this target Cisco Device in an automated fashion that will get us access? And whether or not it finds a way to get an exploit, it will still report back that at Francisco Tool. So to do this to run it, we're just going to Sisko First player a screen because here on breaking stuff with Joe compulsively clear screens Cisco Tack O. C. S.
04:08
We're gonna do
04:10
local host
04:11
through
04:15
that
04:15
0.0 to 5.
04:17
It is worth noting that a typo over here in one of these octuplets can cause you to run an extremely long and possibly dangerous scan. Because if you're given an I P range that's outside of your target scope, it's just gonna keep hunting intuitively until it gets there so you can get into a lot of trouble if you type of one of those objects. So it's definitely worth double checking.
04:36
Once we've given it a start and finish I p. Then we're just going to go ahead and run
04:44
and you could see it very, very quickly poured through all these and did not actually find a Cisco device, which is totally to be expected running this on a V M network, so it's not necessarily going to find any. But the key here is that we were able to perform that scan in extremely rapid fashion. Identify across 250 different
05:01
255 different pieces performed an initial scan,
05:04
and it did not find anything.
05:06
So that's all there's going to be. You saw the reporting function, how easily it comes back. If you wanted to get that into a more easily readable fashion, you could obviously type the input to sisko docs dot that or any other filing that you chose and run almost instantly.
05:23
That's gonna be the end of this video, though that's how you run the tool. That's how it is input back. And that's sort of the purpose of this Cisco CS one of our shorter videos, one of our older tools still valuable information that I think it's great for you when you're performing that initial information gathering about your target network.
05:40
Fastest out of the gate is to just skin a given set of targets and see if they've got any low hanging fruit.
05:45
So thank you all for watching. I hope to see you back here next time on breaking stuff with Joe here on Cyber Eri on.

How to Use Cisco-OCS (BSWJ)

In the world of networking, few names are so ubiquitous as Cisco. Cisco devices are at the heart of many of the largest and most critical networks in the world, and the ability to work with and configure those devices is critical in almost every networking role.

Instructed By

Instructor Profile Image
Joe Perry
Senior Technical Instructor at FireEye, Inc
Instructor