Discovering secret OSPF information on Cisco routers – part 2
Discovering secret OSPF information on Cisco routers – part 2
In a previous blog, I discussed OSPF authentication. In that blog, I covered the configuration of simple password protection. At the end of that blog I mentioned that the password when using this method is sent across the wire in clear text. Let us use that fact to our advantage as we delve into part two of discovering secret OSPF information in Cisco routers. Part 1 covered how to obtain the area ID from a neighboring router. This blog will explore the ease with which a simple password can be pulled off the wire, without so much as a packet sniffer in sight. Let’s begin by observing the network diagram.
LEFT router has simple password authentication configured on F0/0. The objective is to log in to the console of RIGHT router and determine the password in use, configure our side to match, and create an adjacency between the two routers. We will have administrative power on RIGHT, but we are not permitted to access LEFT router. Let’s begin.
First, let’s see how close we are to success in our current configuration.
So we are already running OSPF – that’s one less thing to cross off our list. Let’s check the status of this OSPF process.
One of the pieces of information that was given to us is that LEFT router is already running simple (plain-text) authentication. We see from the above output that RIGHT router is not participating in authentication and the status in Inactive. Let’s see what it takes to snag that secret password while accessing only RIGHT router. The first step is to configure an extended access-list that watches for the information we want, which is hello packets (addressed to the multicast address 224.0.0.5). It looks like this:
Now to craft the debug command which will expose the information we seek. The command is debug ip packet detail 150 dump
Focus your attention on the received (rcvd) hello packet. Within the raw dump to the screen is the plain-text password we seek. (It is on two lines, so follow the word-wrap to get it all.) We believe the password is secretid. Let’s try configuring it on our side. If it is correct, our neighbor relationship should spring up shortly after we configure it.
How about that? No WireShark and we captured everything we needed to get our router to speak the correct password on its OSPF interface. Not so difficult at all. It also shows the importance of avoiding plain-text password authentication and using the stronger md5 option supported by OSPF.
Some of the debug tricks are pretty cool and occasionally can come in handy on your certification exams by allowing you to extract seemingly secret information. Just think, someday you can be a great debugger! While that may not sound so impressive, the result most certainly is!
Until next time, debug away…when it is safe to do so, of course.
Mark Jacob
Cisco Instructor – Interface Technical Training
Phoenix, AZ
You May Also Like
debug ip packet, dump, hello packet, md5 authentication, OSPF authentication, plain-text authentication, raw output
A Simple Introduction to Cisco CML2
0 3955 0Mark Jacob, Cisco Instructor, presents an introduction to Cisco Modeling Labs 2.0 or CML2.0, an upgrade to Cisco’s VIRL Personal Edition. Mark demonstrates Terminal Emulator access to console, as well as console access from within the CML2.0 product. Hello, I’m Mark Jacob, a Cisco Instructor and Network Instructor at Interface Technical Training. I’ve been using … Continue reading A Simple Introduction to Cisco CML2
Creating Dynamic DNS in Network Environments
0 649 1This content is from our CompTIA Network + Video Certification Training Course. Start training today! In this video, CompTIA Network + instructor Rick Trader teaches how to create Dynamic DNS zones in Network Environments. Video Transcription: Now that we’ve installed DNS, we’ve created our DNS zones, the next step is now, how do we produce those … Continue reading Creating Dynamic DNS in Network Environments
Cable Testers and How to Use them in Network Environments
0 753 1This content is from our CompTIA Network + Video Certification Training Course. Start training today! In this video, CompTIA Network + instructor Rick Trader demonstrates how to use cable testers in network environments. Let’s look at some tools that we can use to test our different cables in our environment. Cable Testers Properly Wired Connectivity … Continue reading Cable Testers and How to Use them in Network Environments