Discovering secret OSPF information on Cisco routers – part 2

Home > Blogs > Cisco > Discovering secret OSPF information on Cisco routers – part 2

Discovering secret OSPF information on Cisco routers – part 2

Like This Blog 0 Mark Jacob
Added by March 31, 2014

In a previous blog, I discussed OSPF authentication. In that blog, I covered the configuration of simple password protection. At the end of that blog I mentioned that the password when using this method is sent across the wire in clear text. Let us use that fact to our advantage as we delve into part two of discovering secret OSPF information in Cisco routers. Part 1 covered how to obtain the area ID from a neighboring router. This blog will explore the ease with which a simple password can be pulled off the wire, without so much as a packet sniffer in sight. Let’s begin by observing the network diagram.

001-Discovering-secret-OSPF-information-on-Cisco-routers

LEFT router has simple password authentication configured on F0/0. The objective is to log in to the console of RIGHT router and determine the password in use, configure our side to match, and create an adjacency between the two routers. We will have administrative power on RIGHT, but we are not permitted to access LEFT router. Let’s begin.

First, let’s see how close we are to success in our current configuration.

002-current-configuration-OSPF-information-on-Cisco-routers

So we are already running OSPF – that’s one less thing to cross off our list. Let’s check the status of this OSPF process.

003-current-configuration-OSPF-information-on-Cisco-routers

One of the pieces of information that was given to us is that LEFT router is already running simple (plain-text) authentication. We see from the above output that RIGHT router is not participating in authentication and the status in Inactive. Let’s see what it takes to snag that secret password while accessing only RIGHT router. The first step is to configure an extended access-list that watches for the information we want, which is hello packets (addressed to the multicast address 224.0.0.5). It looks like this:

004-packet-configuration-OSPF-information-on-Cisco-routers

Now to craft the debug command which will expose the information we seek. The command is debug ip packet detail 150 dump

005-debug-ip-configuration-OSPF-information-on-Cisco-routers

Focus your attention on the received (rcvd) hello packet. Within the raw dump to the screen is the plain-text password we seek. (It is on two lines, so follow the word-wrap to get it all.) We believe the password is secretid. Let’s try configuring it on our side. If it is correct, our neighbor relationship should spring up shortly after we configure it.

006-secrete-ip-configuration-OSPF-information-on-Cisco-routers

How about that? No WireShark and we captured everything we needed to get our router to speak the correct password on its OSPF interface. Not so difficult at all. It also shows the importance of avoiding plain-text password authentication and using the stronger md5 option supported by OSPF.

Some of the debug tricks are pretty cool and occasionally can come in handy on your certification exams by allowing you to extract seemingly secret information. Just think, someday you can be a great debugger! While that may not sound so impressive, the result most certainly is!

Until next time, debug away…when it is safe to do so, of course.

Mark Jacob
Cisco Instructor – Interface Technical Training
Phoenix, AZ

Videos You May Like

OSPF Adjacency Troubleshooting Solution – Getting Close to the OSPF adj

0 228 1

In this video, Cisco CCNA & CCNP instructor Mark Jacob shows how to troubleshoot OSPF Adjacency issues by showing the distance between routers with the show ip ospf neighbor command.

Creating Users and Managing Passwords in Microsoft Office 365

0 740 4

In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.   For instructor-led Office 365 training classes, see our course schedulle: Spike Xavier SharePoint Instructor – Interface Technical Training Phoenix, AZ 20347: Enabling and Managing Office 365    

IPv6 Port Redirection

0 378 0

In this video, Cisco CCNA and CompTIA Network + Instructor Mark Jacob demonstrates how to do port redirections in IPv6. If you have any questions or comments, please feel free to post them. Until next time. Mark Jacob Cisco and CompTIA Network + Instructor – Interface Technical Training Phoenix, AZ

Write a Comment

Share your thoughts...

Please fill out the comment form below to post a reply.