# Switching between different VLANs

Introduction

The goal is to do switching between VLAN 10 and VLAN 20.
VLAN 10 is on Switch1, VLAN20 is on Switch2, and VLAN30 is on both switches.

Native VLAN
Switch1(config)# vtp mode transparent
Switch1(config)# interface gi0/1
Switch1(config-if)# switchport
Switch1(config-if)# switchport mode trunk
Switch1(config-if)# switchport trunk encapsulation dot1q
Switch1(config-if)# switchport trunk allowed vlan 10,30
Switch1(config-if)# switchport trunk native vlan 10
Switch1(config-if)# no cdp enable
Switch1(config-if)# spanning-tree bpdufilter enable

Switch2(config)# vtp mode transparent
Switch2(config)# interface gi0/1
Switch2(config-if)# switchport
Switch2(config-if)# switchport mode trunk
Switch2(config-if)# switchport trunk encapsulation dot1q
Switch2(config-if)# switchport trunk allowed vlan 20,30
Switch2(config-if)# switchport trunk native vlan 20
Switch1(config-if)# no cdp enable
Switch2(config-if)# spanning-tree bpdufilter enable
VLAN translation (mapping)
Switch1(config)# vtp mode transparent
Switch1(config)# interface gi0/1
Switch1(config-if)# switchport
Switch1(config-if)# switchport mode trunk
Switch1(config-if)# switchport trunk encapsulation dot1q
Switch1(config-if)# switchport trunk allowed vlan 10,30

Switch2(config)# vtp mode transparent
Switch2(config)# interface gi0/1
Switch2(config-if)# switchport
Switch2(config-if)# switchport mode trunk
Switch2(config-if)# switchport trunk encapsulation dot1q
Switch2(config-if)# switchport trunk allowed vlan 20,30
Switch2(config-if)# switchport vlan mapping enable
Switch2(config-if)# switchport vlan mapping 10 20

# EIGRP summary

Basic
Router(config)#router eigrp 65000
Router(config-router)#network 192.168.0.0 0.0.255.255
Router(config)#ip default-network 192.168.1.0
Router(config-router)#passive-interface default
Router(config-router)#no passive-interface Ethernet0
Summarization
Router(config-router)# ! Transmit subprefix information
Router(config-router)#no auto-summary
Router(config-if)# ! Manual summarization
Router(config-if)#ip summary-address eigrp 65000 172.16.0.0 255.255.0.0
Load balancing
Router(config-router)# ! Unequal cost path load balancing
Router(config-router)# ! Metric < 2*best_metric
Router(config-router)#variance 2
Router(config-router)# ! Proportionately to the ratios of the metrics
Router(config-router)#traffic-share balanced
Bandwidth utilization
Router(config-if)#bandwidth 100000
Router(config-if)# ! 25Mbps for EIGRP traffic (default 50%)
Router(config-if)#ip bandwidth-percent eigrp 65000 25
Stub routing
HubRouter(config-router)#eigrp stub
HubRouter(config-router)#neighbor 192.168.1.1 Ethernet 0
SpokeRouter(config-router)#no ip split-horizon 65000
SpokeRouter(config-router)#neighbor 192.168.1.2 Ethernet 0
Timers
Router(config-if)#ip hello-interval eigrp 65000 2
Router(config-if)#ip hold-time eigrp 65000 8 ! ~ 3*hello-interval
Authentication
Router(config-if)#ip authentication mode eigrp 65000 md5
Router(config-if)#ip authentication key-chain eigrp 65000 eigrp_key
Verification
Router#show ip eigrp neighbors
Router#show ip eigrp topology
Router#show ip eigrp traffic
Router#debug ip eigrp packet
Router#debug ip eigrp neighbors
Router#debug ip eigrp summary
Router#debug ip eigrp

# Cisco IOS scheduling with Kron

Introduction

Cisco documentation.

Kron does not allow the execution of commands from global configuration mode, only from privileged EXEC mode.

Oneshot

Router(config)# kron policy-list kpl-reload
Router(config-kron-policy)# cli reload
Router(config-kron-policy)# exit
Router(config)# kron occurrence ko-reload in 1 oneshot
Router(config-kron-occurrence)# policy-list kpl-reload
Router(config-kron-occurrence)# exit
Router# show kron schedule

At time and recurring

Router(config)# kron policy-list kpl-clear_arp
Router(config-kron-policy)# cli send log Clear ARP cache
Router(config-kron-policy)# cli clear arp-cache interface fa0/1
Router(config-kron-policy)# exit
Router(config)# kron occurrence ko-clear_arp-07:00h at 07:00 recurring
Router(config-kron-occurrence)# policy-list kpl-clear_arp
Router(config-kron-occurrence)# exit
Router(config)# kron occurrence ko-clear_arp-15:00h at 15:00 recurring
Router(config-kron-occurrence)# policy-list kpl-clear_arp
Router(config-kron-occurrence)# exit
Router# show kron schedule

# Windows command line

Help
C:\>help dir
C:\>dir /?
Echo
C:\>echo on
C:\>echo off
C:\>echo Test
C:\>echo.
C:\>@help rem
Regular expressions
C:\>dir *.txt
C:\>dir ???.txt
Redirections
C:\>echo x > file01.txt
C:\>pause < file01.txt
C:\>type file02.txt 2> error.txt
C:\>type file03.txt > output_error.txt 2>&1
Filters
C:\>echo x | pause
C:\>dir | more
C:\>dir | sort | more
C:\>findstr "good night" file04.txt
Environment variables
C:\>set | more
C:\>set var1=1
C:\>ser var2=2
C:\>set var
C:\>set var1=
C:\>set var2=
C:\>set path=%path%;dir01
C:\>echo %computername%
C:\>echo %date%
C:\>echo %time%
C:\>echo %errorlevel%
C:\>echo %number_of_processors%
C:\>echo %os%
C:\>echo %path%
C:\>echo %pathext%
C:\>echo %processor_architecture%
C:\>echo %processor_identifier%
C:\>echo %processor_level%
C:\>echo %processor_revision%
C:\>echo %random%
Copy files
C:\>rem Copy files and directories recursively
C:\>xcopy /?
Compare files
C:\>rem Compare
C:\>comp file1 file2
C:\>rem Compare
C:\>fc file1 file2
Adjusting de cmd
C:\>rem Size
C:\>mode 120x120
C:\>rem Color [0xbackground, 0xforeground]
C:\>color 0a
C:\>rem Window title
C:\>title Network info
Directory listing
C:\>tree /a /f C:\
Scripts
C:\>type script.cmd
@echo off
rem script.cmd
cls
echo.
echo Script name: %0
echo First parameter: %1
echo Second parameter: %2
for %%i in (*.txt) do type %%i
C:\>script p1 p2
Escape
C:\>echo a is ^> than b
Flux control
C:\>call script.cmd %1 %2
C:\>cmd /k dir
C:\>start dir
C:\>for %i in (*.txt) do type %i
C:\>for /D /r %i in (*) do @echo dir: %i
C:\>for /R %i in (*.bak) do del %i
C:\>for /L %i in (1,1,10) do @echo %i
C:\>echo "a 1" >> file05.txt
C:\>echo "b 2" >> file05.txt
C:\>echo "c 3" >> file05.txt
C:\>for /F "tokens=1,2" %i in (file05.txt) do @echo t2=%j t1=%i
C:\>for /F "delims=: tokens=1-2 usebackq" %i in (`time /t`) do @echo %i:%j
C:\>type file06.txt
@echo off
goto message2
echo message1
:message2
echo message2
C:\>if not exist file07.txt echo "No file"
C:\>exit /b 0

# TCL scripting for IOS

Introduction

Documentation

Loops
Router#tclsh
Router(tcl)#for {set i 1} {$i<10} {incr i} {
+> for {set j 1} {$j<3} {incr j} {
+>  ping 192.168.$i.$j repeat 1 timeout 1
+> }
+>}

Router(tcl)#foreach address {
+>192.168.0.1
+>192.168.0.10
+>192.168.0.100
+>} {ping $address}
Procedures
Router(tcl)#proc p {text} {
+> puts $text
+>}

Router(tcl)#p "Hello world!"

# Network performance tools

iperf
server# apt-get install iperf
server# iperf -s -p 5001 -f m
client# apt-get install iperf
client# iperf -c 192.168.1.100 -p 5001 -f m -L 5002 -d
nttcp
server# apt-get install nttcp
server# nttcp -i -p 5001
client# apt-get install nttcp
client# nttcp -T -t -p 5001 -v 192.168.1.100 # transmit
client# nttcp -T -r -p 5001 -v 192.168.1.100 # receive
ttcp
server_router#ttcp receive
client_router#ttcp transmit 192.168.1.200

# Scapy

Introduction

Documentation

Execution
# apt-get install python-scapy
# scapy
>>> ### Basic
>>>
>>> ls() # list available packets
>>> ls(IP) # list attributes of an IP packet
>>> lsc() # list of commands
>>> conf # list the configuration
>>> conf.iface = "eth0" # set values in configuration
>>>
>>> ### Sniffing
>>>
>>> # In one terminal
>>> arping("192.168.1.0/24")
>>> # In another terminal
>>> sniff(filter = "arp")
>>> _.display()
>>>
>>> ### Read pcaps
>>>
>>> rdpcap("icmp.pcap")
>>> _.display()
>>> icmp=_
>>> icmp.display()
>>> icmp[0][IP].src

# Sockets in python

Execution
server# cat pyserver 
#!/usr/bin/python

import socket
import sys

HOST = 'localhost'
PORT = 1024

server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

server_socket = (HOST, PORT)
server.bind(server_socket)
print 'Starting up on %s port %s' % server_socket

server.listen(5)

while True:
 try:
  connection, client_socket = server.accept()
  print 'Connection from', client_socket

  data = connection.recv(4096)

  if data:
   print 'Received', data
   data = data.strip()
   connection.send('%s\n%s ack\n%s' % ('-'*15, data, '-'*15))

  connection.shutdown(socket.SHUT_RD | socket.SHUT_WR)

 except KeyboardInterrupt, e: # CTRL+C
  print ''
  break

connection.close()
print 'Connection closed'

server.close()

server# ./pyserver
client# cat client 
#!/usr/bin/python

import socket
import sys

HOST = 'localhost'
PORT = 1024

client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

server_socket = (HOST, PORT)
client.connect(server_socket)

client.send(sys.argv[1])
data = client.recv(1024)

client.close()

print 'Received:'
print data

client# ./pyclient

# Hydra: network password cracker

Introduction

Hydra
Default password list

Execution
# apt-get install libssh-dev
# wget http://freeworld.thc.org/releases/hydra-6.3-src.tar.gz
# tar xvzf hydra-6.3-src.tar.gz
# cd hydra-6.3-src
# ./configure
# make
# ./hydra -h
# ./hydra -l foo -p bar -f 127.0.0.1 http-get -m /
# ./hydra -l root -P john_password.lst 127.0.0.1 ssh -s 2222
# ./hydra -l root 8:8:a -f 127.0.0.1 mysql

# Cracking wep

Introduction

Wi-Fi Challenge 3a

Execution
# wget http://code.securitytube.net/Challenge-3a
# file Challenge-3a
# scapy
>>> ch3a = rdpcap("Challenge-3a")
>>> ch3a.display()
>>> ch3a[0]
>>> ch3a[1]
>>> exit()
# cat wepcrack
#!/usr/bin/python

import sys
from scapy.all import *
import Crypto.Cipher.ARC4 as ARC4

pcap = rdpcap("Challenge-3a")
wordlist = open('passwd.lst', 'r')

info = pcap[0].info
iv = pcap[1].iv
wepdata = pcap[1].wepdata

for line in wordlist:
 line = line.strip()
 ivkey = iv + line
 arc4 = ARC4.new(ivkey)
 clear = arc4.decrypt(wepdata)
 
 print 'Trying key', line

 if info in clear:
  print '\nFound Key:', line
  wordlist.close()
  sys.exit()

# ./wepcrack

# Hex encoder and decoder

# cat hexcoder.sh 
#!/bin/bash

function decode {
    echo -n "$1" | sed 's/%\(..\)/\1/g' | xxd -p -r
    echo
}

function encode {
    echo -n "$1" | xxd -p | tr -d '\n' | sed 's/\(..\)/%\1/g'
    echo
}

case $1 in
    "-d") decode $2;;
    "-e") encode $2;;
esac
# ./hexcoder.sh -e hacktracking
%68%61%63%6b%74%72%61%63%6b%69%6e%67
# ./hexcoder.sh -d %68%61%63%6b%74%72%61%63%6b%69%6e%67
hacktracking

# Intel microprocessors quickref

Introduction

Microprocessor Quick Reference Guide

Execution
Name            Clock     Year   Transistors    Width   Addressable memory
--------------------------------------------------------------------------
4004            108 KHz   1971     2300          4 b    640 B
8008            200 KHz   1971     3500          8 b     16 KB   
8080              2 MHz   1974     6000          8 b     64 KB
8085              2 MHz   1976     6500          8 b     64 KB
8086            4'7 MHz   1978    29000         16 b      1 MB
80286             6 MHz   1982   134000         32 b     16 MB   
80386            16 MHz   1986   275000         32 b      4 GB
80486            25 MHz   1989     1'2M         32 b      4 GB
Pentium          60 MHz   1993     3'1M         32 b      4 GB
Pentium Pro     150 MHz   1995     5'5M         32 b     64 GB
Pentium II      233 MHz   1997     7'5M         32 b     64 GB
Pentium III     450 MHz   1999      28M         32 b     64 GB
Pentium 4       1'4 GHz   2000      42M         32 b     64 GB
Pentium D       2'8 GHz   2005     230M         32 b     64 GB
Core 2            3 GHz   2006     291M         64 b     64 GB
Core 2 Quad       3 GHz   2007     582M         64 b     64 GB
Core 2 Extreme  3'2 GHz   2008     820M         64 b     64 GB

# Base converter

Execution
# cat bconv 
#!/bin/bash

function char2dec {
 case $1 in
  b) echo "2" ;;
  o) echo "8" ;;
  d) echo "10";;
  x) echo "16";;
  *) echo $1  ;;
 esac
}

n=`echo $1 | tr [:lower:] [:upper:]`
ib=`char2dec $2`
ob=`char2dec $3`

echo "obase=$ob;ibase=$ib;$n" | bc -l | tr [:upper:] [:lower:]
# ./bconv 1001100110111 b x
1337

# ip nat outside

Introduction

The ip nat inside command allows to do source nat.
The ip nat outside command allows to do destination nat.

Execution
R1#show run
interface FastEthernet0/0
 description to_R2-fa0/0
 ip address 192.168.0.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 192.168.0.2

R2#show run
interface FastEthernet0/0
 description to_R1-fa0/0
 ip address 192.168.0.2 255.255.255.0
!
interface FastEthernet0/1
 description to_R3-fa0/1
 ip address 192.168.1.2 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 192.168.1.3

R3#show run
interface FastEthernet0/1
 description to_R2-fa0/1
 ip address 192.168.1.3 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 192.168.1.2

R1#ping 8.8.8.8
.....
Success rate is 0 percent (0/5)

R2(config)#int fa0/0
R2(config-if)#ip nat inside
R2(config)#int fa0/1
R2(config-if)#ip nat outside
R2(config)#ip nat inside source static 192.168.0.1 192.168.1.2
R2(config)#ip nat outside source static 192.168.1.3 8.8.8.8

R1#ping 8.8.8.8
!!!!!
Success rate is 100 percent (5/5)

# Plotting dionaea's statistics with gnuplot

Introduction

Dionaea
Gnuplot
SQLite

Execution
# cat sqlite.query
select
 strftime('%Y-%m-%d',c.connection_timestamp,'unixepoch','localtime') as date,
 count(distinct c.connection), count(distinct d.connection)
from connections c
left outer join downloads d
on (c.connection==d.connection)
group by date
order by date asc;
# sqlite3 /opt/dionaea/var/dionaea/logsql.sqlite
sqlite> .output data.txt
sqlite> .read sqlite.query
sqlite> .exit
# cat data.txt
2011-02-10|125|11
2011-02-11|541|9
2011-02-12|1487|6
2011-02-13|207|5
2011-02-14|611|11
2011-02-15|99|10
2011-02-16|131|12
2011-02-17|128|12
# apt-get install gnuplot
# gnuplot
gnuplot> set terminal png size 640,480 nocrop butt font \
> "/usr/share/fonts/truetype/ttf-liberation/LiberationSans-Regular.ttf"
gnuplot> set output "dionaea.png"
gnuplot> set xdata time
gnuplot> set timefmt "%Y-%m-%d"
gnuplot> set format x "%b %d"
gnuplot> set ylabel "attacks"
gnuplot> set y2label "binaries"
gnuplot> set y2tics
gnuplot> set datafile separator "|"
gnuplot> plot "./data.txt" using 1:2 title "attacks" with lines,\
> "./data.txt" using 1:3 title "binaries" with lines axes x1y2
gnuplot> exit
# eog dionaea.png

# Privoxy server together with Tor

Introduction

Privoxy user manual
Tor on Ubuntu

Execution
server# apt-get install privoxy tor
server# netstat -tan | grep -e 8118 -e 9050
server# cat /etc/privoxy/config | grep -v -e ^# -e ^$
server# sed -i 's/listen-address  localhost:8118/listen-address  192.168.0.100:8118/' /etc/privoxy/config
server# sed -i 's/#        forward-socks5   \/               127.0.0.1:9050 ./forward-socks5 \/ 127.0.0.1:9050 ./' /etc/privoxy/config
server# /etc/init.d/privoxy restart

client# export http_proxy='192.168.0.100:8118'
client# env | grep -i proxy
client# wget -q -O - http://ip-addr.es
137.56.163.64 (tory.uvt.nl)

# Highly anonymous proxy from command-line

Introduction

AliveProxy

Execution
server# cat header_check.php
<?php
 $get_headers=apache_request_headers();
 echo $_SERVER['REQUEST_METHOD']." ".
 $_SERVER['REQUEST_URI']." ".
 $_SERVER['SERVER_PROTOCOL']."\n";
 foreach($get_headers as $header=>$value){
  echo "$header: $value\n";
 }
 echo "Your IP address is:  ".$_SERVER['REMOTE_ADDR'];
?>

client# cat get_proxy_list.sh
#!/bin/bash

wget -q -O - http://aliveproxy.com/high-anonymity-proxy-list/ \
| sed -e 's/?i=/\n%/g' -e 's/ target=_/\n/g' | grep ^% \
| sed -e 's/^%//' -e 's/&p=/:/'

client# export http_proxy=''
client# wget -q -U "Mozilla/5.0 (Windows NT 5.1)" -O - \
> http://foo.bar.net/header_check.php
GET /header_check.php HTTP/1.0
User-Agent: Mozilla/5.0 (Windows NT 5.1)
Accept: */*
Host: foo.bar.net
Connection: Keep-Alive
Your IP address is: x.x.17.53

client# export http_proxy=`./get_proxy_list.sh | head -n 1`
client# env | grep -i proxy
client# wget -q -U "Mozilla/5.0 (Windows NT 5.1)" -O - \
> http://foo.bar.net/header_check.php
GET /header_check.php HTTP/1.0
User-Agent: Mozilla/5.0 (Windows NT 5.1)
Accept: */*
Host: foo.bar.net
Connection: close
Your IP address is: 202.108.5.35

# Tor from command-line

Introduction

Tor on Ubuntu

Execution
# echo "deb http://deb.torproject.org/torproject.org `lsb_release -cs` main" >> /etc/apt/sources.list
# gpg --keyserver keys.gnupg.net --recv 886DDD89
# gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -
# apt-get update
# apt-get install tor tor-geoipdb
# apt-get install torsocks
# wget -q -O - http://ip-addr.es
x.x.62.13
# usewithtor wget -q -O - http://ip-addr.es
192.251.226.206 ( anonymizer2.blutmagie.de )
# usewithtor ssh foo@bar.net

# C HTTP client


Introduction

HTTP client that does a head request to the server indicated as first argument.
Note: 209.85.146.99 == 0xd1559263 == 3512046179

Code and example
# cat httpclient.c
#include <netdb.h>
#include <stdio.h>
#include <string.h>
#include <sys/socket.h>

int main(int argc,char *argv[]){
 struct addrinfo server_hints;
 struct addrinfo *server_result;
 memset(&server_hints,0,sizeof(struct addrinfo));
 server_hints.ai_family=AF_UNSPEC;
 server_hints.ai_socktype=SOCK_STREAM;
 server_hints.ai_protocol=0;
 int sfd,s;
 printf("%s\n",argv[1]);
 s=getaddrinfo(argv[1],"80",&server_hints,&server_result);
 if(s==0){
  sfd=socket(server_result->ai_family,server_result->ai_socktype,server_result->ai_protocol);
  if(sfd>0){
   struct timeval timeout;
   timeout.tv_sec=0;
   timeout.tv_usec=500000;
   setsockopt(sfd,SOL_SOCKET,SO_SNDTIMEO,(char*)&timeout,sizeof(timeout));
   setsockopt(sfd,SOL_SOCKET,SO_RCVTIMEO,(char*)&timeout,sizeof(timeout));
   if(connect(sfd,server_result->ai_addr,server_result->ai_addrlen)!=-1){
    freeaddrinfo(server_result);
    char msg[20]="HEAD / HTTP/1.0\r\n\r\n\0";
    send(sfd,msg,strlen(msg),0);
    char buffer[4096];
    bzero(buffer,sizeof(buffer));
    recv(sfd,buffer,sizeof(buffer),0);
    close(sfd);
    printf("%s\n",buffer);
   }
  }
 }
 return 0;
}
# gcc -o httpclient httpclient.c
# ./httpclient 3512046179

# Configuración del IOS con snmp

Introducción

Cisco MIB files
SNMP Object Navigator

Obtener información del dispositivo
# cat devinfo.sh
#!/bin/bash

# $1 = Read-only community
# $2 = Cisco device IP address

swalk="snmpwalk -v1 -c "
oid_sysname=".1.3.6.1.2.1.1.5.0"
oid_sysuptime=".1.3.6.1.2.1.1.3.0"
oid_sysdescr=".1.3.6.1.2.1.1.1.0"
oid_syscontact=".1.3.6.1.2.1.1.4.0"
oid_syslocation=".1.3.6.1.2.1.1.6.0"
oid_iosversion=".1.3.6.1.4.1.9.9.25.1.1.1.2.5"
oid_iosfeatures=".1.3.6.1.4.1.9.9.25.1.1.1.2.4"
oid_avgbusy1=".1.3.6.1.4.1.9.2.1.57.0"
oid_avgbusy5=".1.3.6.1.4.1.9.2.1.58.0"
oid_freemem=".1.3.6.1.4.1.9.2.1.8.0"
oid_whyreload=".1.3.6.1.4.1.9.2.1.2.0"

echo "Hostname    = `$swalk $1 $2 $oid_sysname | cut -d' ' -f4`"
echo "Uptime      = `$swalk $1 $2 $oid_sysuptime | cut -d' ' -f5`"
echo "Description = `$swalk $1 $2 $oid_sysdescr | sed 's/^.*STRING: //'`"
echo "Contact     = `$swalk $1 $2 $oid_syscontact | sed 's/^.*STRING: //'`"
echo "Location    = `$swalk $1 $2 $oid_syslocation | sed 's/^.*STRING: //'`"
echo "CPU 1 min   = `$swalk $1 $2 $oid_avgbusy1 | cut -d' ' -f4`"
echo "CPU 5 min   = `$swalk $1 $2 $oid_avgbusy5 | cut -d' ' -f4`"
echo "Free mem    = $[`$swalk $1 $2 $oid_freemem | cut -d' ' -f4`/1048576] MB"
echo "Last reload = `$swalk $1 $2 $oid_whyreload | sed 's/^.*STRING: //'`"
# ./devinfo.sh rosnmpc 192.168.1.1
Subir y bajar la running-config
# cat getsetrun.sh
#!/bin/bash

# $1 = Read-write community
# $2 = Cisco device IP address
# $3 = TFTP server IP address
# $4 = Configuration file name
# $5 = Action (get|set)

sset="snmpset -v2c -c "
oid_protocol=". .666"
oid_source=".1.3.6.1.4.1.9.9.96.1.1.1.1.3.666"
oid_dest=".1.3.6.1.4.1.9.9.96.1.1.1.1.4.666"
oid_server=".1.3.6.1.4.1.9.9.96.1.1.1.1.5.666"
oid_name=".1.3.6.1.4.1.9.9.96.1.1.1.1.6.666"
oid_status=".1.3.6.1.4.1.9.9.96.1.1.1.1.14.666"

if [ "$5" == "get" ]
then
 src=4;dst=1
elif [ "$5" == "set" ]
then
 src=1;dst=4
else
 exit
fi

$sset $1 $2 $oid_protocol i 1
$sset $1 $2 $oid_source i $src
$sset $1 $2 $oid_dest i $dst
$sset $1 $2 $oid_server a $3
$sset $1 $2 $oid_name s $4
$sset $1 $2 $oid_status i 1
(sleep 10 && $sset $1 $2 $oid_status i 6 > /dev/null) &
# ./getsetrun.sh rwsnmpc 192.168.1.1 192.168.1.10 c2950-config get
# ./getsetrun.sh rwsnmpc 192.168.1.1 192.168.1.10 c2950-config set

# Net send anónimo con scapy

Introducción

Scapy

Ejecución
# cat anetsend.py 
#!/usr/bin/env python

import sys
from scapy.all import *

src=sys.argv[1]
dst=sys.argv[2]
ipsrc=sys.argv[3]
ipdst=sys.argv[4]
msg=sys.argv[5]
port=138
ws='workstation'

ether=Ether(dst='ff:ff:ff:ff:ff:ff',src='de:ad:de:ad:de:ad')
ip=IP(src=ipsrc,dst=ipdst,ttl=13)
udp=UDP(sport=port,dport=port)
nbt=NBTDatagram(
 Type=17,Flags=2,SourceIP=ipsrc,SourcePort=port,
 SourceName=src,SUFFIX1=ws,NULL=0,
 DestinationName=dst,SUFFIX2=ws
)

len0=len(src)+1+len(dst)+1
len1=len0+len(msg)+1
len2=len1+19
raw=Raw(load='\xffSMB%\x00\x00\x00\x00\x18\x04\x00\x00\x00'+
'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xfe'+
'\x00\x00\x00\x00\x11\x00\x00'+chr(len1)+'\x00\x02\x00\x00'+
'\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x58'+
'\x00'+chr(len1)+'\x00\x58\x00\x03\x00\x01\x00\x00\x00\x02'+
'\x00'+chr(len2)+'\x00\\MAILSLOT\\MESSNGR\x00\x00'+src+
'\x00'+dst+'\x00'+msg+'\x00')

p=ether/ip/udp/nbt/raw
sendp(p)
# ./anetsend.py morpheo workgroup 0.0.0.0 192.168.1.255 'The matrix has you...'

# No service password-recovery

Introducción

No service password-recovery

Ejecución
Switch(config)#no service password-recovery
c2960(config)#do wr
c2960(config)#do reload
Proceed with reload? [confirm]

...
The password-recovery mechanism is disabled.
Initializing Flash...
...
...done Initializing Flash.
...


The password-recovery mechanism has been triggered, but
is currently disabled.  Access to the boot loader prompt
through the password-recovery mechanism is disallowed at
this point.  However, if you agree to let the system be
reset back to the default system configuration, access
to the boot loader prompt can still be allowed.

Would you like to reset the system back to the default configuration (y/n)?y


The system has been interrupted, and the config file
has been deleted.  The following command will finish
loading the operating system software:

    boot


switch: boot
Loading "flash:c2960-lanbase-mz.122-35.SE5.bin"...
...
Would you like to terminate autoinstall? [yes]:
Would you like to enter the initial configuration dialog? [yes/no]: no
Switch>

# Multicast streaming with VLC

Introduction

rfc2365

Static IGMP
Switch#show run | i ^interface|description
interface FastEthernet0/1
 description to_client_1
interface FastEthernet0/2
 description to_client_2
interface FastEthernet0/3
 description to_video_server
Switch(config)#ip igmp snooping vlan 1 static 239.0.0.1 interface fa0/1
Switch(config)#ip igmp snooping vlan 1 static 239.0.0.1 interface fa0/2
Switch#show ip igmp snooping groups | i 239.0.0.1
1    239.0.0.2    user    Fa0/1, Fa0/2
video_server# cvlc -vvv video.mpg --sout udp://239.0.0.1 --ttl 1
client_1# vlc -vvv udp://@239.0.0.1
client_2# vlc -vvv udp://@239.0.0.1
Dynamic IGMP (1 hop)
Switch#show run | i ^interface|description
interface FastEthernet0/1
 description client_1
interface FastEthernet0/2
 description client_2
interface FastEthernet0/3
 description to_Router
Router#show run | i ^interface|description
interface FastEthernet0/0
 description to_Switch
interface FastEthernet0/1
 description to_video_server
Router(config)#ip multicast-routing
Router(config)#int fa0/0
Router(config-if)#ip pim dense-mode
Router(config)#int fa0/1
Router(config-if)#ip pim dense-mode
video_server# cvlc -vvv video.mpg --sout udp://239.0.0.2 --ttl 2
client_1# vlc -vvv udp://@239.0.0.2
client_2# vlc -vvv udp://@239.0.0.2
Switch#show ip igmp snooping groups | i 239.0.0.2
1    239.0.0.2    igmp    Fa0/1, Fa0/2, Fa0/3

# Embedded event manager (EEM) applet

Crontab fields

* * * * *

minute (0-59)
hour (0-23)
day of month (1-31)
month (1-12)
day of week (0-6) (0==sunday)

*/30 == every 30 minutes|hours
5,10 == at 5 and 10

Reload every 30 minutes

Router(config)# event manager applet Reload
Router(config-applet)# event timer cron name "Reload" cron-entry "*/30 * * * *"
Router(config-applet)# action 1.0 syslog msg "Reloading the router..."
Router(config-applet)# action 2.0 cli command "enable"
Router(config-applet)# action 3.0 cli command "reload"
Router(config-applet)# end

Write "show processes" to disk when SNMP OID is high

Router(config)# event manager applet High_CPU
Router(config-applet)# event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.1.3.1 get-type exact 
entry-op ge entry-val "95" exit-op lt exit-val "25" poll-interval 2
Router(config-applet)# action 1.0 syslog msg "CPU is higher than 95%"
Router(config-applet)# action 2.0 command "enable"
Router(config-applet)# action 3.0 cli command "show clock |
append flash:high_cpu.log"
Router(config-applet)# action 4.0 cli command "show processes cpu sorted |
append flash:high_cpu.log"
Router(config-applet)# end

Write "show processes" to disk when pattern matches syslog entry

Router(config)# event manager applet High_CPU
Router(config-applet)# event syslog pattern "from FULL to INIT" occurs 1
Router(config-applet)# action 1.0 command "enable"
Router(config-applet)# action 2.0 cli command "show clock |
append flash:ospf_adjacency_loss.log"
Router(config-applet)# action 3.0 cli command "show processes cpu sorted |
append flash:ospf_adjacency_loss.log"
Router(config-applet)# end