From Camp_2015_Wiki
Jump to: navigation, search

Description The goal of this talk is present a way to abuse a default feature of Cisco routers. The feature mentioned is the Embedded Packet Capture (EPC), described by the Cisco: "... a powerful troubleshooting and tracing tool. The feature allows for network administrators to capture data packets flowing through, to, and from, a Cisco router." We were able to abuse this feature and build a system to collecting massive data and store them for analysis purpose.

The PoC developed uses multiple Cisco routers configured with default accounts to send their data traffic (input, output or both) to our repository and finally we are able to starting the processes to transform these raw data packet files in useful information. Such as user credentials, pre-shared key keys, URLs and many other potential sensitive data can be extracted, but additional "features", like cyber attacks, are planned for the future. The subject presented by the researchers would help a simple penetration tester during a usual engagement , additionally it's possible configure a larger set of routers to collect data and build a huge database, hack the planet style.

Slides - Joaquim Espinhara and Rafael Silva - MIMOSAWRITERROUTER - Abusing EPC on Cisco Routers.pdf
Tags cisco, pentest, hacking, surveillance
Person organizing User:rfdslabs
Language en - English
en - English
Duration 5
Desired session Day 2
Desired timeframe 16:30

Rafael Silva CTO at @EstuárioTI. He works focused on penetration testing, incident response, web application security, Anti Phishing and coding. He has thirteen years experience and has done security research and security awareness, ,Network Penetration Testing, Database Security. Also has an interest in reverse code engineering and vulnerability research. Enthusiast in cyberwar and also a businessman. Recent presentations include Hack In The Box Amsterdam, Infiltrate Conference, Confidence Conference, You Shoot The Sheriff, Mind The Sec.