The Revoluti0n
last article table of contents next article

Strange Article - How To Hack a Cisco Router by Conwow

In this text I aim to explain methods used to hack Cisco routers and why you
may want to do this, this is not for criminals wanting to break the law
rather people who are interested in securing their computer and interested
in how computers and networks are hacked. This will not cover techniques
used to hack other routers as they work on different basic principles and
are basically just different. I also will not and cannot explain what a
router is used for and why they are used, these things you have to find out
for your self. The following texts should be helpful.
 Routers are used to receive packets across the internet, they are a form of
modem. They are really just another gateway between the user and the
internet, If you want to find out more about routers and their job I would
advice you read
about-broadband-routers.asp, or These are all very
good basic introductions to routers and their job.
 Routers shouldn't be thought of as another piece of hardware in the
computer, rather another computer between you and the internet. They don't
have keyboards or display using like a screen etc. But they still have to be
configured, so how is this done, well the answer is simple telnet. You
telnet to the router, login and then you are away. You can then configure it
remotely using telnet. So I assume you have a IP address for your Cisco
router, now we can telnet to it. We do this in Linux by typing telnet then
open then a prompt will come up saying TO here we type the IP address. In
Windows we need to click START > RUN then type telnet IPADDRESS. Then we
will have connected to the router.
 Now if this fails you have one of two options, first is to see if it is up
and running we do this using the ping command (ping PADDIES), in MS-DOS.
When you do finally connect your telnet client will display something like


 At this point we are required to enter a password, no username is needed
because hey this is a router, these are simple. Now we need to learn a
little about Cisco routers and their password authentication. A router has
two types of passwords, the enable password or the privileged account and
the exec account or non privileged user account. Now the privileged account
is like the root account on Linux, it is where you can configure things, and
break things. The exec password is for normal day to day use and we don't
want to bother with that.

Default Passwords

By default the privileged account password will be "enable" so if we have a
dumb/lazy/forgetful system administrator then they won't have changed this
password. So lets try it type enable at the login prompt. If you get
Authentication Failed then hey shit happens, but if you get a prompt looking
something like this
Then you have rooted the router and you can move onto section two. If not
read on, we will try some other methods of breaking into a router.

Buffer Overflow

A buffer is a small section of memory reserved for a variable in a program.
Now the login is a very simple program. If we can fill this small amount of
memory then the program will get confused and begin to play up, and
hopefully crash. We want this router to crash because when it does it
reverts back to the default privileged user account (enable) and we can
login using this when it reboots. So lets try and fill up that buffer using
a huge huge password such as
)(%&!)(&%)(!&%)(!&%(*!)%)"&%) (Ten times longer)
If this doesn't work, no worries try it again a few times then if it doesn't
crash move onto ICMP Flooding. If it does move onto "What to do when the
router crashes".

Ping Flooding.

This is a common technique used by hackers lamers and anyone in-between, it
uses the ICMP which is a protocol that was developed for system
administrators to check whether servers where up and do a variety of other
useful jobs. One of the jobs ICMP does though is ping, you can send a ping,
this packet of information will travel to the host and tell the host to send
a ping back. The host will do this, but if you send more pings than the host
can respond to it starts to do stupid things, like crash. Which is what we
 If you want to ping flood the router open a MS-DOS box (START > RUN type
command or cmd) and then ping -t -l 120 -w 100 IPADDRESSHERE. This will send
a packet 120 bytes big every 120 miller seconds until you tell the computer
to stop. If the router stops responding after a bit you have crashed it. If
it doesn't play around with the values until it does. If it doesn't full
stop go onto other ideas section.
What to do when the router crashes

If it crashes it will reboot, and the memory will be wiped, because it uses
non-volatile memory. This means you will be able to login using the default
privileged user password, which is enable. So when it crashes wait 2 minutes
ping it to see if its online (ping it only 1-5 times) if it is try to login
quickly using the enable password.


Configuring the Router

If you are logged in the router you will be able to see a prompt looking
something like this
The CBOS stands for Cisco Broadband Operating System the final # shows you
are logged in as enable, it uses Non Volatile Memory which means you have to
input everything into the memory first then tell it to write it their for

Seeing what is stored in the Memory

This is very simple all you need to do is type
You will then get a list of everything stored in the memory, you can then
fuck with this how ever you like.

Changing Router Password

The command to set password is
The things in brackets are the variables, the USERTYPE can either be enable
if you want to set the root password or exec if you want to set the standard
user password. The "PASSWORD" stands for the actual password you want for
example if you wanted to use rabbit you would type that their. Finally you
must save all this to the memory, this is done with a simple command, the
WRITE command. Then I would advise you use the SHOW NVRAM command to ensure
this has been inputed into the memory.

I cannot be held responsible for any use or misuse of this text, this is
given freely to the internet for educational purposes.