Rocksolid Light

Welcome to Rocksolid Light

mail  files  register  newsreader  groups  login

Message-ID:  

Counting in octal is just like counting in decimal--if you don't use your thumbs. -- Tom Lehrer


computers / Hacking / Cisco strikes again

SubjectAuthor
* Cisco strikes againanon
+- Re: Cisco strikes againAnonUser
+- telnet hoAnonymous
`* and Cisco once moreAnonymous
 `- Re: and Cisco once moreAnonymous

1
Cisco strikes again

<17b15dd14db3acf58a1075a572feb04b@def4>

 copy mid

https://news.novabbs.org/computers/article-flat.php?id=159&group=rocksolid.shared.hacking#159

 copy link   Newsgroups: rocksolid.shared.hacking
Path: i2pn2.org!rocksolid2!def5!POSTED.localhost!not-for-mail
From: anon@anon.com (anon)
Newsgroups: rocksolid.shared.hacking
Message-ID: <17b15dd14db3acf58a1075a572feb04b@def4>
Subject: Cisco strikes again
Date: Sat, 27 Jun 2020 18:14:31+0000
Organization: def5
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
 by: anon - Sat, 27 Jun 2020 18:14 UTC

I think they are an NSA shill, that's the only reasonable explanation:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telnetd-EFJrEzPx#details

A critical vuln in their telnet server module which ships with a lot of their routers.
Yes you read correctly, Cisco is still using telnet on their boxes to do administrative tasks. And this is not an exception, neither, but standard policy for Cisco, because you need to pay extra license money if you want to use ssh (https://community.cisco.com/t5/network-management/ios-license-questions-also-ssh/td-p/4015572).

LMAO. What kind of victims still buy this shit ?

--
Posted on def4

Re: Cisco strikes again

<83fd34f9c7cc325b5e6804dcddfdb182$1@www.novabbs.com>

 copy mid

https://news.novabbs.org/computers/article-flat.php?id=160&group=rocksolid.shared.hacking#160

 copy link   Newsgroups: rocksolid.shared.hacking
Path: i2pn2.org!.POSTED!not-for-mail
From: AnonUser@rslight.i2p (AnonUser)
Newsgroups: rocksolid.shared.hacking
Subject: Re: Cisco strikes again
Date: Sun, 28 Jun 2020 06:11:10 +0000
Organization: Rocksolid Light
Message-ID: <83fd34f9c7cc325b5e6804dcddfdb182$1@www.novabbs.com>
References: <17b15dd14db3acf58a1075a572feb04b@def4>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org; posting-account="retrobbs1";
logging-data="11779"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.com
X-Spam-Level: *
X-Rslight-Site: $2y$10$TfbQ5XKGEkhHMNUNHm1QN.TgWj62EpRTbRgFMWq7edQZbagHumsbC
 by: AnonUser - Sun, 28 Jun 2020 06:11 UTC

anon wrote:

> I think they are an NSA shill, that's the only reasonable explanation:

> https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telnetd-EFJrEzPx#details

> A critical vuln in their telnet server module which ships with a lot of their routers.
> Yes you read correctly, Cisco is still using telnet on their boxes to do administrative tasks. And this is not an exception, neither, but standard policy for Cisco, because you need to pay extra license money if you want to use ssh (https://community.cisco.com/t5/network-management/ios-license-questions-also-ssh/td-p/4015572).

> LMAO. What kind of victims still buy this shit ?

"The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory."

What's the exploit code, a telnet client?

So the problem is that if you run the telnet server, you're vulnerable. I could see this 30 years ago, but in 2020 I can only think something intentional is going on, as previous poster says. Put in intentional vulnerabilities then when caught, claim it's a bug.

--
Posted on: Rocksolid Light
www.novabbs.com

telnet ho

<ha.834.26ary8@anon.com>

 copy mid

https://news.novabbs.org/computers/article-flat.php?id=162&group=rocksolid.shared.hacking#162

 copy link   Newsgroups: rocksolid.shared.hacking
Path: i2pn2.org!.POSTED!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.shared.hacking
Subject: telnet ho
Date: Sun, 28 Jun 2020 03:50:41 -0700
Organization: i2pn2 (i2pn.org)
Message-ID: <ha.834.26ary8@anon.com>
References: <17b15dd14db3acf58a1075a572feb04b@def4>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary=630eae1f96586357627a3e89725e15bea99bc8af
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="15273"; mail-complaints-to="usenet@i2pn2.org"
 by: Anonymous - Sun, 28 Jun 2020 10:50 UTC
Attachments: 904d784e06cbd7d6cd968e42de87b054b2e4e0accaea6da39067e3d4225b3afd.jpeg (image/jpeg)

>So the problem is that if you run the telnet server, you're vulnerable.

that. but these fuckers even manage to fuck up the fuck up.

Attachments: 904d784e06cbd7d6cd968e42de87b054b2e4e0accaea6da39067e3d4225b3afd.jpeg 
and Cisco once more

<ha.845.3fra8u@anon.com>

 copy mid

https://news.novabbs.org/computers/article-flat.php?id=171&group=rocksolid.shared.hacking#171

 copy link   Newsgroups: rocksolid.shared.hacking
Path: i2pn2.org!rocksolid2!def5!.POSTED.bogusentry!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.shared.hacking
Subject: and Cisco once more
Date: Fri, 21 Aug 2020 10:39:19 -0700
Organization: def5
Message-ID: <ha.845.3fra8u@anon.com>
References: <17b15dd14db3acf58a1075a572feb04b@def4>
Content-Type: text/plain; charset=UTF-8
Injection-Info: def5.org; posting-host="bogusentry:192.168.1.189";
logging-data="26680"; mail-complaints-to="usenet@def5.org"
 by: Anonymous - Fri, 21 Aug 2020 17:39 UTC

a pretty impressive list that they patch right now:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-waas-encsw-cspw-cred-hZzL29A7
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smart-priv-esca-nqwxXWBu
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcameras-rce-dos-uPyJYxN3
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmx-prvesc-6g37hjAL
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-desktop-app-OVSfpVMj
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-memleak-k5Z7m55t
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-bypass-auth-mVDR6ygT
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-authbypass-YVJzqgk2
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-auth-bypass-MYeFpFcF
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvdsd-rbac-y9LM5jw4
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-xss-stored-w4rJZJtO
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-patrav-pW9RkhyW
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vdsd-W7mnkwj7
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-file-path-6PKONjHe
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbss-ipv6-dos-tsgqbffW
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmx-rshell-esc-L6hBwjbg
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvdsd-pathtrv-5tLJRrFn
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-mlt-xss-zUzbcdEV
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-pa-trav-bMdfSTTq
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-HYP-WSV-yT3j5hSB

yep, nsa shill for sure.

--
Posted on def2

Re: and Cisco once more

<c966d58d394e7772f918e0d077cc5296$1@dkzerogt6z6ybhcj.onion>

 copy mid

https://news.novabbs.org/computers/article-flat.php?id=301&group=rocksolid.shared.hacking#301

 copy link   Newsgroups: rocksolid.shared.hacking
Path: i2pn2.org!.POSTED!not-for-mail
From: Anonymous@rslight.i2p (Anonymous)
Newsgroups: rocksolid.shared.hacking
Subject: Re: and Cisco once more
Date: Sun, 21 Feb 2021 07:08:11 +0000
Organization: Rocksolid Light
Message-ID: <c966d58d394e7772f918e0d077cc5296$1@dkzerogt6z6ybhcj.onion>
References: <17b15dd14db3acf58a1075a572feb04b@def4> <ha.845.3fra8u@anon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org; posting-account="retrobbs1";
logging-data="22550"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.org
X-Spam-Level: **
X-Rslight-Site: $2y$10$MyAI.xdkZ9Ki93uT3uXhPed7E9vQ4ZNzm65P7/6I.2AWG6UrXB8Nu
 by: Anonymous - Sun, 21 Feb 2021 07:08 UTC

There are many other ports open besides telnet on Cisco routers/switches. Most lazy engineers just enable the default telnet while configuring routers and then enable SSH etc + harden the router config when they are done. I used to portscan to check if port 80,8080 etc (enabled on newer devices by default). There are many other vulnerabilities that you can use besides telnet to access/DoS Cisco devices.
--
Posted on Rocksolid Light
dkzerogt6z6ybhcj.onion

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor