Owning IOS at Black Hat 2005

After the Cisco Tussle about Michael Lynn at the ablackhat conference and the pages of the blackhat conference handbook torn out to evade the information from being leaked out, TomsNetworking has posted some slides of the cisco exploitaton proces, though they are just crude photographs, they still give enough information for any advanced hacker.
Some of the slides are here:

Being arrested or sued is not positive experience, but for speakers at Black Hat and Defcon, it is a badge of honor. On July 27, Michael Lynn, a computer security expert, demonstrated how to gain administrator access to many Cisco routers and switches. This demonstration occured during Lynn's scheduled talk on the vulnerabilities of Cisco IOS at the 2005 Black Hat Briefings in Las Vegas.

As a result of the talk, Lynn incurred the wrath of his former employer Internet Security Solutions (ISS) and Cisco Systems. In the space of a few hours, Lynn became unemployed and was also served with a lawsuit.





Misconceptions about IOS Slide


The realites of Cisco IOS Slide


At first glance, an overflow attack may be hard


IOS doesn't crash if it thinks it's crashing already


Check Heap slide


Shellcode Check List Slide


End of the World?


Read the full article @ Toms

very intresting , although didnt have much info from the slides , but they should be useful to advanced h4x0r , and cisco router users should upgrade their firmware before a universal catastrophe occurs ..

two words from me ...f**k cisco... see attached pdf

and here's another nice thing to see..

http://www.siliconvalleysleuth.com/files/s..._injunction.DOC


This is one of reasons why so many white / grey hats became black hats..

Just so you guys know, this is a huge story that will be bigger and bigger as more people exploit this.

However, we won't be able to chat about it here as all the routers will be down.

Careful buddy, their trying to protect the internet infrastructure, just like a mother would - at all costs - try and protect their child. A comment like that isnt appropriate at this time, if your basing your comment on Cisco and ISS's involvement with Lynn.

On a better note, thats for those links, very informative, for those that didnt look at them, scroll back up and read them...

But its not like Cisco have never had a vulnerability before in their IOS, but this is just starting to get interesting...

I think they're just trying to protect their money and don't care about internet

this is paper is very interresting, i'm asking myself howlong it will take until the first
exploit is released.

setthesun: if they want to protect their money they have to protect the internet,
because the most isp use cisco systems.
if they lose control over their sold routers and other hardware they will lose all/much
customers.

myth: maybe im wrong but hiding the truth and masking own mistakes does not look like democracy to me, besides hiding the truth is not fair to their customers. Im glad that M.Lynn maked this article public at BH2k5 because sooner or later someone might found it and use for bad purbose (its still possible), such things like Cisco did should never happened. Finding bugs makes the software/hardware more stable and vulnproof . Sometimes it may also bring a great breakthrough.
As for Cisco it's available globally and like M$ its policy is to earn money and as everyone already noticed they doesn't care about us, they care only on their profit.


"just like a mother would - at all costs try and protect their child" yea but when the child is ill , the mother won't hide it in the closet.

http://www.milw0rm.com/sploits/lynn-cisco.pdf

This is the slide show in question I think.....The second page cracks me up

I saw Raven from NMRC at DEFCON doing a talk on Pentesting the Backbone. About halfway through her presentation it shifted to a talk about Lynn's presentation. She reiterated Lynn's work and told everyone to start mirroring his slides. She also presented us with a wonderful t-shirt which sported "F**K CISCO" across the front.

Her big point was that Cisco was good about admitting the first ever remote code execution vuln in there IOS but they shouldn't have tried to cover it all up and gag Lynn.

She ended her talk with a big "thank you" to her lawyer and EFF in the front row.

You are wrong !! Cisco is a very responsible company, Do you think 70% of this Internet runs on their Hardware for nothing, Its just now Juniper is catching up, But they should patch this problem as soon as possible with wide spead coverage of this problem to the public. If they have to protect their Vested Interests they have to protect the Internet.

wow after reading all the slides....wow...lol Cisco is screwed for a few customers i think...hopefully they make a patch fast.

could this shellcode be used as a basis for PIX exploits?

The 33 slide is great, World Domination would crazy if alot of main cisco routers were compromised.

Tolf: PIX is and entirely different operating system made by a different company and purchased by Cisco. It has never actually been fully IOSized so I assume this would not affect them.

--P>G>>