SlideShare uma empresa Scribd logo

Owning nx os-sec-t_2010

Transferir como PPTX, PDF
B
blh42

Slides presented at SEC-T September 10th, 2010.

Educação
1 de 17
Owning the data centre, Cisco NX-OS George Hedfors Working for Cybercom Sweden East AB(http://www.cybercomgroup.com) 12 years as IT- and information security consultant Previously worked for iX Security, Defcom, NetSec, n.runs and Pinion Contact george.hedfors@cybercomgroup.com Web page http://george.hedfors.com 2010-08-10 SEC-T 2010 1
Short intro to Cisco NX-OS History of research Overview of underlying Linux Disclosure of vulnerabilities Undocumented CLi commands Command line interface escape Layer 2 attack Undocumented user account 2ndCLi escape (delayed) FAQ Topics 2010-08-10 SEC-T 2
Based on MontaVista (http://www.mvista.com)embedded Linux with kernel 2.6.10 VDC Virtualization, Virtual Device Context What is NX-OS? 2010-08-10 SEC-T 2010 3 Nexus 4000 (for IBM BladeCenter) Nexus 5000 Nexus 7000 MDS 9500 FC Directors MDS 9222i FC Switch MDS 9100 FC Switches
Accidentally made a Cisco-7020 fall over due to an 9 years old denial of service attack Was able to recover CORE dumps from the attack Able to extract all files from the Cisco .bin installation package Found a number of exploitable vulnerabilities To do Dig deeper into Cisco VDC/VRF security What has been done 2010-08-10 SEC-T 4
Typical environment Banking/finance Other large data centers Impact Full exposure of interconnected networks and VLAN’s Possibility to eavesdrop and trafficmodification Switch based rootkit installation? Cisco 7000-series 2010-08-10 SEC-T 5
Overview 2010-08-10 SEC-T 6 Linux
Teh Linux 2010-08-10 SEC-T 7 root?!?
DC3 Shell ‘the regular Cisco cli’ Configurations contain ‘hidden’ commands Hidden commands 2010-08-10 SEC-T 8
Escaping CLi 2010-08-10 SEC-T 9
How could that happened?! 2010-08-10 SEC-T 10 What could possibly go wrong here? /usr/bin/gdbserver
Cisco Discovery Protocol (CDP) 2001, FX crafted the first CDP DoS attack 2010, the CDP attack was rediscovered in NX-OS What about layer 2? 2010-08-10 SEC-T 11 ,[object Object],[object Object]
So, where ‘ftpuser’ come from? Default user? Backdoor? Easter egg? Recovered password ‘nbv123’ Undocumented user account 2010-08-10 SEC-T 13
Searching for ‘nbv123’ 2010-08-10 SEC-T 14
CSCti03724 – CLI escape in NX-OS using GDB Workaround: None Fixed in NX-OS 4.1(4) CSCti04026 – Undocumented user available with default password on NX-OS system Workaround: None CSCtf08873 – CDP with long hostname crashes CDPD on N7k Workaround: Disable CDP CSCti85295 – NX-OS: SUDO privilege escalation Workaround: None Bug tracking 2010-08-10 SEC-T 15
Special thanks to Juan-Manuel Gonzales, PSIRT Incident Manager <juagonza@cisco.com> Thanks 2010-08-10 SEC-T 16
Questions? Contact george.hedfors@cybercomgroup.com FAQ 2010-08-10 SEC-T 17
Owning nx os-sec-t_2010

Recomendados

Owning NX-OS - t2 2010
Owning NX-OS - t2 2010Owning NX-OS - t2 2010
Owning NX-OS - t2 2010blh42
 
HWallet: The simplest Bitcoin hardware wallet
HWallet: The simplest Bitcoin hardware walletHWallet: The simplest Bitcoin hardware wallet
HWallet: The simplest Bitcoin hardware walletNemanja Nikodijević
 
Full disclosure-vulnerabilities
Full disclosure-vulnerabilitiesFull disclosure-vulnerabilities
Full disclosure-vulnerabilitiesslideseces
 
1142996034 597183
1142996034 5971831142996034 597183
1142996034 597183smumbahelp
 
Low-cost Protection against Cold Boot Attacks for an Authentication Token
Low-cost Protection against Cold Boot Attacks for an Authentication TokenLow-cost Protection against Cold Boot Attacks for an Authentication Token
Low-cost Protection against Cold Boot Attacks for an Authentication TokenGraeme Jenkinson
 
Security Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesSecurity Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesbsidesaugusta
 
データーベース - SELECT文入門
データーベース - SELECT文入門 データーベース - SELECT文入門
データーベース - SELECT文入門金沢工業高等専門学校
 
Workplace gardening philosophy for frontline leaders
Workplace gardening philosophy for frontline leadersWorkplace gardening philosophy for frontline leaders
Workplace gardening philosophy for frontline leadersletsgrow
 

Recomendados

Owning NX-OS - t2 2010
Owning NX-OS - t2 2010Owning NX-OS - t2 2010
Owning NX-OS - t2 2010blh42
 
HWallet: The simplest Bitcoin hardware wallet
HWallet: The simplest Bitcoin hardware walletHWallet: The simplest Bitcoin hardware wallet
HWallet: The simplest Bitcoin hardware walletNemanja Nikodijević
 
Full disclosure-vulnerabilities
Full disclosure-vulnerabilitiesFull disclosure-vulnerabilities
Full disclosure-vulnerabilitiesslideseces
 
1142996034 597183
1142996034 5971831142996034 597183
1142996034 597183smumbahelp
 
Low-cost Protection against Cold Boot Attacks for an Authentication Token
Low-cost Protection against Cold Boot Attacks for an Authentication TokenLow-cost Protection against Cold Boot Attacks for an Authentication Token
Low-cost Protection against Cold Boot Attacks for an Authentication TokenGraeme Jenkinson
 
Security Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesSecurity Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesbsidesaugusta
 
データーベース - SELECT文入門
データーベース - SELECT文入門 データーベース - SELECT文入門
データーベース - SELECT文入門金沢工業高等専門学校
 
Workplace gardening philosophy for frontline leaders
Workplace gardening philosophy for frontline leadersWorkplace gardening philosophy for frontline leaders
Workplace gardening philosophy for frontline leadersletsgrow
 
A Practical Look At Symfony2
A Practical Look At Symfony2A Practical Look At Symfony2
A Practical Look At Symfony2Stefan Koopmanschap
 
以實用寫作培訓通用技能
以實用寫作培訓通用技能以實用寫作培訓通用技能
以實用寫作培訓通用技能kaikwong
 
대신리포트_모닝미팅_141015
대신리포트_모닝미팅_141015대신리포트_모닝미팅_141015
대신리포트_모닝미팅_141015DaishinSecurities
 
Толока добрих ідей. інформація для партнерів і благодійників
Толока добрих ідей. інформація для партнерів і благодійниківТолока добрих ідей. інформація для партнерів і благодійників
Толока добрих ідей. інформація для партнерів і благодійниківMedvedska
 
The State of Content: Expectations on the Rise
The State of Content: Expectations on the RiseThe State of Content: Expectations on the Rise
The State of Content: Expectations on the RiseAdobe
 
บทนำ1
บทนำ1บทนำ1
บทนำ1Pipat Chooto
 
Seminar: Cost-effective Solutions for Complying with the CARE Act
Seminar: Cost-effective Solutions for Complying with the CARE ActSeminar: Cost-effective Solutions for Complying with the CARE Act
Seminar: Cost-effective Solutions for Complying with the CARE ActGold Group Enterprises
 
Nutritionlabels
NutritionlabelsNutritionlabels
Nutritionlabelsnaziasadat
 
Household items
Household itemsHousehold items
Household itemscmasdeva
 
Ificpptspanish2013 131203092059-phpapp01
Ificpptspanish2013 131203092059-phpapp01Ificpptspanish2013 131203092059-phpapp01
Ificpptspanish2013 131203092059-phpapp01Food Insight
 
Informes de practica neuro
Informes de practica neuroInformes de practica neuro
Informes de practica neuroJohn Molina
 
una visión crítica del manejo del riesgo cardiovascular
una visión crítica del manejo del riesgo cardiovascularuna visión crítica del manejo del riesgo cardiovascular
una visión crítica del manejo del riesgo cardiovascularfguiraos
 
预言启示全家族修炼李洪志大师的法轮功
预言启示全家族修炼李洪志大师的法轮功预言启示全家族修炼李洪志大师的法轮功
预言启示全家族修炼李洪志大师的法轮功bialontu97497
 
Alma de ciudad
Alma de ciudadAlma de ciudad
Alma de ciudadFermin Chavez Mego
 
2015 RJI Mobile Media Research Report 2
2015 RJI Mobile Media Research Report 22015 RJI Mobile Media Research Report 2
2015 RJI Mobile Media Research Report 2Reynolds Journalism Institute (RJI)
 
Warsztaty - Projektowanie aplikacji mobilnych - GeekGirls Carrots Poznań 2013
Warsztaty - Projektowanie aplikacji mobilnych - GeekGirls Carrots Poznań 2013Warsztaty - Projektowanie aplikacji mobilnych - GeekGirls Carrots Poznań 2013
Warsztaty - Projektowanie aplikacji mobilnych - GeekGirls Carrots Poznań 2013Piotr Biegun
 
Webinar: Motivate Action with iBeacons
Webinar: Motivate Action with iBeaconsWebinar: Motivate Action with iBeacons
Webinar: Motivate Action with iBeaconsGold Group Enterprises
 
L i n g k a r a n
L i n g k a r a nL i n g k a r a n
L i n g k a r a nFina Nurmita
 
Presentation data center partner technical
Presentation data center partner technicalPresentation data center partner technical
Presentation data center partner technicalxKinAnx
 
Illustrated Accomplishments 1999 - present 080814
Illustrated Accomplishments 1999 - present 080814Illustrated Accomplishments 1999 - present 080814
Illustrated Accomplishments 1999 - present 080814Timothy R. (Tim) Loftus
 
2011 cisco icons 6_8_11
2011 cisco icons 6_8_112011 cisco icons 6_8_11
2011 cisco icons 6_8_11Quoc Khanh Pham
 
End-to-End Data Center Virtualization
End-to-End Data Center VirtualizationEnd-to-End Data Center Virtualization
End-to-End Data Center VirtualizationCisco Canada
 

Mais conteúdo relacionado

Destaque

以實用寫作培訓通用技能
以實用寫作培訓通用技能以實用寫作培訓通用技能
以實用寫作培訓通用技能kaikwong
 
대신리포트_모닝미팅_141015
대신리포트_모닝미팅_141015대신리포트_모닝미팅_141015
대신리포트_모닝미팅_141015DaishinSecurities
 
Толока добрих ідей. інформація для партнерів і благодійників
Толока добрих ідей. інформація для партнерів і благодійниківТолока добрих ідей. інформація для партнерів і благодійників
Толока добрих ідей. інформація для партнерів і благодійниківMedvedska
 
The State of Content: Expectations on the Rise
The State of Content: Expectations on the RiseThe State of Content: Expectations on the Rise
The State of Content: Expectations on the RiseAdobe
 
Seminar: Cost-effective Solutions for Complying with the CARE Act
Seminar: Cost-effective Solutions for Complying with the CARE ActSeminar: Cost-effective Solutions for Complying with the CARE Act
Seminar: Cost-effective Solutions for Complying with the CARE ActGold Group Enterprises
 
Nutritionlabels
NutritionlabelsNutritionlabels
Nutritionlabelsnaziasadat
 
Household items
Household itemsHousehold items
Household itemscmasdeva
 
Ificpptspanish2013 131203092059-phpapp01
Ificpptspanish2013 131203092059-phpapp01Ificpptspanish2013 131203092059-phpapp01
Ificpptspanish2013 131203092059-phpapp01Food Insight
 
Informes de practica neuro
Informes de practica neuroInformes de practica neuro
Informes de practica neuroJohn Molina
 
una visión crítica del manejo del riesgo cardiovascular
una visión crítica del manejo del riesgo cardiovascularuna visión crítica del manejo del riesgo cardiovascular
una visión crítica del manejo del riesgo cardiovascularfguiraos
 
预言启示全家族修炼李洪志大师的法轮功
预言启示全家族修炼李洪志大师的法轮功预言启示全家族修炼李洪志大师的法轮功
预言启示全家族修炼李洪志大师的法轮功bialontu97497
 
Warsztaty - Projektowanie aplikacji mobilnych - GeekGirls Carrots Poznań 2013
Warsztaty - Projektowanie aplikacji mobilnych - GeekGirls Carrots Poznań 2013Warsztaty - Projektowanie aplikacji mobilnych - GeekGirls Carrots Poznań 2013
Warsztaty - Projektowanie aplikacji mobilnych - GeekGirls Carrots Poznań 2013Piotr Biegun
 
Webinar: Motivate Action with iBeacons
Webinar: Motivate Action with iBeaconsWebinar: Motivate Action with iBeacons
Webinar: Motivate Action with iBeaconsGold Group Enterprises
 

Destaque (18)

A Practical Look At Symfony2
A Practical Look At Symfony2A Practical Look At Symfony2
A Practical Look At Symfony2
 
以實用寫作培訓通用技能
以實用寫作培訓通用技能以實用寫作培訓通用技能
以實用寫作培訓通用技能
 
대신리포트_모닝미팅_141015
대신리포트_모닝미팅_141015대신리포트_모닝미팅_141015
대신리포트_모닝미팅_141015
 
Толока добрих ідей. інформація для партнерів і благодійників
Толока добрих ідей. інформація для партнерів і благодійниківТолока добрих ідей. інформація для партнерів і благодійників
Толока добрих ідей. інформація для партнерів і благодійників
 
The State of Content: Expectations on the Rise
The State of Content: Expectations on the RiseThe State of Content: Expectations on the Rise
The State of Content: Expectations on the Rise
 
บทนำ1
บทนำ1บทนำ1
บทนำ1
 
Seminar: Cost-effective Solutions for Complying with the CARE Act
Seminar: Cost-effective Solutions for Complying with the CARE ActSeminar: Cost-effective Solutions for Complying with the CARE Act
Seminar: Cost-effective Solutions for Complying with the CARE Act
 
Nutritionlabels
NutritionlabelsNutritionlabels
Nutritionlabels
 
Household items
Household itemsHousehold items
Household items
 
Ificpptspanish2013 131203092059-phpapp01
Ificpptspanish2013 131203092059-phpapp01Ificpptspanish2013 131203092059-phpapp01
Ificpptspanish2013 131203092059-phpapp01
 
Informes de practica neuro
Informes de practica neuroInformes de practica neuro
Informes de practica neuro
 
una visión crítica del manejo del riesgo cardiovascular
una visión crítica del manejo del riesgo cardiovascularuna visión crítica del manejo del riesgo cardiovascular
una visión crítica del manejo del riesgo cardiovascular
 
预言启示全家族修炼李洪志大师的法轮功
预言启示全家族修炼李洪志大师的法轮功预言启示全家族修炼李洪志大师的法轮功
预言启示全家族修炼李洪志大师的法轮功
 
Alma de ciudad
Alma de ciudadAlma de ciudad
Alma de ciudad
 
2015 RJI Mobile Media Research Report 2
2015 RJI Mobile Media Research Report 22015 RJI Mobile Media Research Report 2
2015 RJI Mobile Media Research Report 2
 
Warsztaty - Projektowanie aplikacji mobilnych - GeekGirls Carrots Poznań 2013
Warsztaty - Projektowanie aplikacji mobilnych - GeekGirls Carrots Poznań 2013Warsztaty - Projektowanie aplikacji mobilnych - GeekGirls Carrots Poznań 2013
Warsztaty - Projektowanie aplikacji mobilnych - GeekGirls Carrots Poznań 2013
 
Webinar: Motivate Action with iBeacons
Webinar: Motivate Action with iBeaconsWebinar: Motivate Action with iBeacons
Webinar: Motivate Action with iBeacons
 
L i n g k a r a n
L i n g k a r a nL i n g k a r a n
L i n g k a r a n
 

Semelhante a Owning nx os-sec-t_2010

Presentation data center partner technical
Presentation data center partner technicalPresentation data center partner technical
Presentation data center partner technicalxKinAnx
 
Illustrated Accomplishments 1999 - present 080814
Illustrated Accomplishments 1999 - present 080814Illustrated Accomplishments 1999 - present 080814
Illustrated Accomplishments 1999 - present 080814Timothy R. (Tim) Loftus
 
End-to-End Data Center Virtualization
End-to-End Data Center VirtualizationEnd-to-End Data Center Virtualization
End-to-End Data Center VirtualizationCisco Canada
 
Presentation deploying cloud based services
Presentation deploying cloud based servicesPresentation deploying cloud based services
Presentation deploying cloud based servicesxKinAnx
 
Signal Planning Considerations and Network Designs
Signal Planning Considerations and Network DesignsSignal Planning Considerations and Network Designs
Signal Planning Considerations and Network DesignsScott Wagner
 
Presentation cloud computing and the internet
Presentation cloud computing and the internetPresentation cloud computing and the internet
Presentation cloud computing and the internetxKinAnx
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATCisco Russia
 
IoT関連技術の動向@IETF87
IoT関連技術の動向@IETF87IoT関連技術の動向@IETF87
IoT関連技術の動向@IETF87Shoichi Sakane
 
Presentation cisco plus tech datacenter virtualisering
Presentation cisco plus tech datacenter virtualiseringPresentation cisco plus tech datacenter virtualisering
Presentation cisco plus tech datacenter virtualiseringxKinAnx
 
Full disclosure-vulnerabilities
Full disclosure-vulnerabilitiesFull disclosure-vulnerabilities
Full disclosure-vulnerabilitiesslideseces
 
Presentation capturing the cloud opportunity
Presentation capturing the cloud opportunityPresentation capturing the cloud opportunity
Presentation capturing the cloud opportunityxKinAnx
 
Presentation cisco prime for ip ngn technical education series introduction...
Presentation cisco prime for ip ngn technical education series introduction...Presentation cisco prime for ip ngn technical education series introduction...
Presentation cisco prime for ip ngn technical education series introduction...xKinAnx
 
CCNA 2 Routing and Switching v5.0 Chapter 1
CCNA 2 Routing and Switching v5.0 Chapter 1CCNA 2 Routing and Switching v5.0 Chapter 1
CCNA 2 Routing and Switching v5.0 Chapter 1Nil Menon
 
Deploying Applications in Today’s Network Infrastructure
Deploying Applications in Today’s Network InfrastructureDeploying Applications in Today’s Network Infrastructure
Deploying Applications in Today’s Network InfrastructureCisco Canada
 
Hack.lu 2006 - All your Bluetooth is belong to us
Hack.lu 2006 - All your Bluetooth is belong to usHack.lu 2006 - All your Bluetooth is belong to us
Hack.lu 2006 - All your Bluetooth is belong to usThierry Zoller
 

Semelhante a Owning nx os-sec-t_2010 (20)

Presentation data center partner technical
Presentation data center partner technicalPresentation data center partner technical
Presentation data center partner technical
 
Illustrated Accomplishments 1999 - present 080814
Illustrated Accomplishments 1999 - present 080814Illustrated Accomplishments 1999 - present 080814
Illustrated Accomplishments 1999 - present 080814
 
2011 cisco icons 6_8_11
2011 cisco icons 6_8_112011 cisco icons 6_8_11
2011 cisco icons 6_8_11
 
End-to-End Data Center Virtualization
End-to-End Data Center VirtualizationEnd-to-End Data Center Virtualization
End-to-End Data Center Virtualization
 
Presentation deploying cloud based services
Presentation deploying cloud based servicesPresentation deploying cloud based services
Presentation deploying cloud based services
 
Signal Planning Considerations and Network Designs
Signal Planning Considerations and Network DesignsSignal Planning Considerations and Network Designs
Signal Planning Considerations and Network Designs
 
Presentation cloud computing and the internet
Presentation cloud computing and the internetPresentation cloud computing and the internet
Presentation cloud computing and the internet
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NAT
 
Cisco Icons
Cisco IconsCisco Icons
Cisco Icons
 
IoT関連技術の動向@IETF87
IoT関連技術の動向@IETF87IoT関連技術の動向@IETF87
IoT関連技術の動向@IETF87
 
Presentation cisco plus tech datacenter virtualisering
Presentation cisco plus tech datacenter virtualiseringPresentation cisco plus tech datacenter virtualisering
Presentation cisco plus tech datacenter virtualisering
 
Full disclosure-vulnerabilities
Full disclosure-vulnerabilitiesFull disclosure-vulnerabilities
Full disclosure-vulnerabilities
 
NetX
NetXNetX
NetX
 
Presentation capturing the cloud opportunity
Presentation capturing the cloud opportunityPresentation capturing the cloud opportunity
Presentation capturing the cloud opportunity
 
Presentation cisco prime for ip ngn technical education series introduction...
Presentation cisco prime for ip ngn technical education series introduction...Presentation cisco prime for ip ngn technical education series introduction...
Presentation cisco prime for ip ngn technical education series introduction...
 
L2 Attacks.pdf
L2 Attacks.pdfL2 Attacks.pdf
L2 Attacks.pdf
 
Protegendo sua cloud
Protegendo sua cloud Protegendo sua cloud
Protegendo sua cloud
 
CCNA 2 Routing and Switching v5.0 Chapter 1
CCNA 2 Routing and Switching v5.0 Chapter 1CCNA 2 Routing and Switching v5.0 Chapter 1
CCNA 2 Routing and Switching v5.0 Chapter 1
 
Deploying Applications in Today’s Network Infrastructure
Deploying Applications in Today’s Network InfrastructureDeploying Applications in Today’s Network Infrastructure
Deploying Applications in Today’s Network Infrastructure
 
Hack.lu 2006 - All your Bluetooth is belong to us
Hack.lu 2006 - All your Bluetooth is belong to usHack.lu 2006 - All your Bluetooth is belong to us
Hack.lu 2006 - All your Bluetooth is belong to us
 

Último

Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Pooja Nehwal
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 

Último (20)

Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 

Owning nx os-sec-t_2010

  • 1. Owning the data centre, Cisco NX-OS George Hedfors Working for Cybercom Sweden East AB(http://www.cybercomgroup.com) 12 years as IT- and information security consultant Previously worked for iX Security, Defcom, NetSec, n.runs and Pinion Contact george.hedfors@cybercomgroup.com Web page http://george.hedfors.com 2010-08-10 SEC-T 2010 1
  • 2. Short intro to Cisco NX-OS History of research Overview of underlying Linux Disclosure of vulnerabilities Undocumented CLi commands Command line interface escape Layer 2 attack Undocumented user account 2ndCLi escape (delayed) FAQ Topics 2010-08-10 SEC-T 2
  • 3. Based on MontaVista (http://www.mvista.com)embedded Linux with kernel 2.6.10 VDC Virtualization, Virtual Device Context What is NX-OS? 2010-08-10 SEC-T 2010 3 Nexus 4000 (for IBM BladeCenter) Nexus 5000 Nexus 7000 MDS 9500 FC Directors MDS 9222i FC Switch MDS 9100 FC Switches
  • 4. Accidentally made a Cisco-7020 fall over due to an 9 years old denial of service attack Was able to recover CORE dumps from the attack Able to extract all files from the Cisco .bin installation package Found a number of exploitable vulnerabilities To do Dig deeper into Cisco VDC/VRF security What has been done 2010-08-10 SEC-T 4
  • 5. Typical environment Banking/finance Other large data centers Impact Full exposure of interconnected networks and VLAN’s Possibility to eavesdrop and trafficmodification Switch based rootkit installation? Cisco 7000-series 2010-08-10 SEC-T 5
  • 7. Teh Linux 2010-08-10 SEC-T 7 root?!?
  • 8. DC3 Shell ‘the regular Cisco cli’ Configurations contain ‘hidden’ commands Hidden commands 2010-08-10 SEC-T 8
  • 10. How could that happened?! 2010-08-10 SEC-T 10 What could possibly go wrong here? /usr/bin/gdbserver
  • 11.
  • 12. So, where ‘ftpuser’ come from? Default user? Backdoor? Easter egg? Recovered password ‘nbv123’ Undocumented user account 2010-08-10 SEC-T 13
  • 13. Searching for ‘nbv123’ 2010-08-10 SEC-T 14
  • 14. CSCti03724 – CLI escape in NX-OS using GDB Workaround: None Fixed in NX-OS 4.1(4) CSCti04026 – Undocumented user available with default password on NX-OS system Workaround: None CSCtf08873 – CDP with long hostname crashes CDPD on N7k Workaround: Disable CDP CSCti85295 – NX-OS: SUDO privilege escalation Workaround: None Bug tracking 2010-08-10 SEC-T 15
  • 15. Special thanks to Juan-Manuel Gonzales, PSIRT Incident Manager <juagonza@cisco.com> Thanks 2010-08-10 SEC-T 16

Notas do Editor

  1. Each VDC runs as each own entity within the device