Bugtraq: Creating Backdoors in Cisco IOS using Tcl

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Creating Backdoors in Cisco IOS using Tcl

From: "IRM Research" <research () irmplc com>
Date: Tue, 27 Nov 2007 10:48:39 -0000

Tcl (Tool Command Language) is a scripting language used extensively in
embedded systems, which is easy to use and has some powerful features.
The language has been supported by Cisco IOS for some time now and is
used, for example, in IOS IVR configuration as well as for automating
mundane tasks regularly performed by network administrators. This short
technical briefing describes a technique using Tcl to create a backdoor
within IOS that would allow a remote attacker to execute privileged
commands on a networking device. The document (which includes a
proof-of-concept Tcl script) can be downloaded here:

http://www.irmplc.com/index.php/153-Embedded-Systems-Security

By Date By Thread

Current thread:

Creating Backdoors in Cisco IOS using Tcl IRM Research (Nov 27)
- Re: [Full-disclosure] Creating Backdoors in Cisco IOS using Tcl Nicolas FISCHBACH (Nov 27)
- <Possible follow-ups>
- Re: Creating Backdoors in Cisco IOS using Tcl michael (Nov 27)