Cisco
From Rory.wiki
Contents |
General
Reseting a Cisco Router
If you get a router which you have physical access to but don't have the passwords for there's a procedure to get access here on Cisco's site.
Additional notes.
PuTTy (downloadable from here) can be used for serial connections to Cisco devices. The break key sequence (which you need in the recovery process) is CTRL-Break (Other potential break sequences here or here ). The link describes reseting the enable password but not reseting the initial username/password. That can be done by entering username <user> password <new-password> at the config prompt (same time as reseting the enable password.
Cisco PIX Stuff
- access-lists can be paired with a number of different statements depending on the context. Usual is to pair with access-group statements, but also nat statements as NAT exemption lists and crypto map match address statements to determine what traffic needs encryption.
- show running-config - shows the current config
- wr term - shows the current stored config
- conf t - enters configuration mode on the terminal you're connected to.
- sh run | include <string> - shows just the part of the running config with string in it
Configuration options
- global (outside) 1 interface & nat (inside) 1 0 0 set-up to enable dynamic nat from inside-->outside (for clients on the inside interface to connect to the "outside world"
Links & Resources
Cisco PIX 6.3 configuration guide
Cisco PIX 6.3 command reference
Cisco ASA 8.2 Command reference
Sample SOHO PIX config commands
Nipper Config. analysis tool for Cisco and other network devices/firewalls. Produces a really readable report from a config file...
john and Cisco enable Tip on reformatting Cisco enable passwords to a format that John the ripper understands.
Cisco CIS benchmark direct link
article on scanning tools mostly that don't work unfortunately..
fwconfigparser php script which parses pix configs.
