Nothing Special   »   [go: up one dir, main page]

Skip to content

Сollection of TCL scripts for Cisco IOS penetration testing

License

Notifications You must be signed in to change notification settings

mohemiv/TCLtools

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 
 
 

Repository files navigation

TCL scripts for Cisco IOS penetration testing

With TCLtools you can transform any Cisco IOS hardware into a pivoting station. It's easy to set up and use!

Features

  • TCLmap — Port scanner implementation (nmap)
  • TCLproxy — Proxy server implementation

TCLproxy

TCLproxy is a tool for pivoting through Cisco devices. It's capable to forward any TCP port or launch a proxy server.

TCLproxy v0.0.3

Usage: tclsh ./tclproxy.tcl [-L address]... [-D address]...

Proxy server implementation. Binary protocols are supported.

  -L [bind_address:]port:remote_host:remote_port
    Forward a remote port to a local port.
    Multiple connections and multiple forwards are supported.

  -D [bind_address:]port
    Launch a SOCKS4a proxy server.

 Forwarding between VRF tables:
    -D [VRF_table_for_listening@][bind_address]:port[@VRF_table_for_outbound_connections]
    -L [VRF_table_for_listening@][bind_address]:port[@VRF_table_for_outbound_connections]:remote_host:remote_port

  optional arguments:
  -f, --disable-eof-check      Speed increases by 1-15 KB/s, but connections don't close automatically. Dangerous!
  -h, --help                   Show this help message and exit.
  -q, --disable-output         Quite mode. In this mode, you can disconnect from the console without script termination. Dangerous!
  -l, --low-ports              Use privileged source ports. Required for NFS (source port increments from 1 to 1023 every connection)
  -n, --disable-dns            Do not resolve DNS names in SOCKS mode

  The effect of --disable-eof-check and --disable-output options depends on hardware architecture and firmware version.
  TCLproxy will not work for port scanning, use tclmap.tcl instead.

   example:
    $ sudo py3tftp -p 69
    cisco# configure terminal
    cisco(config)# scripting tcl low-memory 5242880
    cisco(config)# end
    cisco# copy tftp://192.168.1.10/tclproxy.tcl flash:/
    cisco# tclsh tclproxy.tcl -h
    cisco# tclsh tclproxy.tcl -L 5901:10.0.0.1:445 -D :5902@enterpriseVRF -D 5900
    ...
    cisco# del flash:/tclproxy.tcl

About TCL

TCL is a high-level, general-purpose, interpreted, dynamic programming language. Cisco IOS implements TCL 8.3.4:

cisco# tclsh
cisco(tcl)# puts $tcl_version
8.3

cisco(tcl)# puts $tcl_patchLevel
8.3.4

How to use TCLtools

TCLtools requires privilege level 15 on the hardware.

There are four methods to upload TCL scripts:

  1. Copy tcl script from ftp or tftp server:
$ sudo py3tftp -p 69
or
$ python2 -m pyftpdlib 

cisco# copy tftp://192.168.1.10/tclproxy.tcl flash:/
cisco# copy ftp://192.168.1.10:2121/tclproxy.tcl flash:/
cisco# tclsh tclproxy.tcl

or

cisco# tclsh ftp://192.168.1.10:2121/tclproxy.tcl
  1. Create new file via tclsh:
$ cat tclproxy.tcl | sed -E 's/([{}$\[])/\\\1/g'
cisco# tclsh
cisco(tcl)# puts [open "flash:tclproxy.tcl" w+] {
cisco(tcl)# ; Copy file contents onto this
cisco(tcl)# }
cisco(tcl)# exit
cisco#
cisco# tclsh tclproxy.tcl
  1. Set $argv var and put script code into tclsh (non-recommended):
cisco# tclsh
cisco(tcl)# set argv [list -D 1080]
cisco(tcl)# ; Copy file contents onto this
  1. Use "scripting tcl init" command (non-recommended):
cisco# configure terminal
cisco(config)# scripting tcl init ftp://192.168.1.10/tclproxy.tcl
cisco(config)# end
cisco# tclsh

A good practice is to set the minimum size of free memory:

cisco# configure terminal
cisco(config)# scripting tcl low-memory 5242880
cisco(config)# end

In addition to, or instead of, you can view device performance with the following commands:

cisco# show processes cpu | i Tcl
cisco# show processes mem | i Tcl

Remarks

  • Do not use TCLproxy for TCP/IP port scanning. Because Cisco doesn't implement -async socket option, socks server is interrupted for 30 seconds after every connection to any filtered port.
  • Outdated IOS versions can redirect TCL output to another console. It's an IOS bug.
  • If you disconnect from the console, TCL script stops after the next output.

Tested on Cisco 2811 / Cisco 2821 Integrated Services Router, Cisco Catalyst 2960, and Cisco Catalyst 3750-X.

Contact Us

You can Open a New Issue to report a bug or suggest a new feature to improve the project. Or you can drop a few lines at mohemiv@gmail.com.

About

Сollection of TCL scripts for Cisco IOS penetration testing

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages