Not a fully formed note/post yet. Just some notes and links.
http://www.cisco.com/en/US/docs/ios/12_0t/12_0t1/feature/guide/cliparse.html#wp5286
http://hackathology.blogspot.com/2007/04/cisco-ios-cli-regular-expressions-part.html
http://hackathology.blogspot.com/2007/02/basic-cisco-ios-router-management-to.html
http://www.handsomeplanet.com/archives/7
Friday, May 21, 2010
Cisco VPN PSK Decryption
Had a customer today who needed their Cisco IPSec VPN pre-shared key. The problem is we didn't keep that information for their VPN account (only for our own) and the password is stored encrypted on the ASA.
I can reset their PSK easily, but then the other computers that are already deployed with the existing PSK will need to be reconfigured.
The Group Name, IP and PSK are all stored in a profile file (.pcf) on computers that are already configured. The PSK is encrypted. However, the encryption used for the PSK is very easily crackable.
Here's How:
1) Locate the profile (.pcf) file for your connection entry. This should be located at C:\Program Files\Cisco Systems\VPN Client\Profiles\ENTRYNAME.pcf.
2) Open the profile with a text editor.
3) Look for the line that begins with enc_GroupPwd=
4) Grab the string of characters that follow the = sign.
5) Input the characters into the Encrypted User/Group Password: field on this website.
6) Hit decode. Use the retrieved password to setup the remaining machines.
Here is an example of the encrypted password:
enc_GroupPwd=B54080BC72B142E7F537A9A2080C940D4B953BA6AE47C952C42C60C4C0EF69D6D8FA1E3E76038450E27724D29D851301CE97DF962667FD7A
Links:
http://coreygilmore.com/projects/decrypt-cisco-vpn-password/
I can reset their PSK easily, but then the other computers that are already deployed with the existing PSK will need to be reconfigured.
The Group Name, IP and PSK are all stored in a profile file (.pcf) on computers that are already configured. The PSK is encrypted. However, the encryption used for the PSK is very easily crackable.
Here's How:
1) Locate the profile (.pcf) file for your connection entry. This should be located at C:\Program Files\Cisco Systems\VPN Client\Profiles\ENTRYNAME.pcf.
2) Open the profile with a text editor.
3) Look for the line that begins with enc_GroupPwd=
4) Grab the string of characters that follow the = sign.
5) Input the characters into the Encrypted User/Group Password: field on this website.
6) Hit decode. Use the retrieved password to setup the remaining machines.
Here is an example of the encrypted password:
enc_GroupPwd=B54080BC72B142E7F537A9A2080C940D4B953BA6AE47C952C42C60C4C0EF69D6D8FA1E3E76038450E27724D29D851301CE97DF962667FD7A
Links:
http://coreygilmore.com/projects/decrypt-cisco-vpn-password/
Thursday, May 13, 2010
Cisco CLI - Show Command Section Filter and Other CLI Shortcuts
One of the most useful Cisco show filters ever is the new(ish) section filter. This lets you view information from the section you specify. For example, show run | section include ephone 12 will return all the config lines in the running config which pertain to your ephone 12. The section command (like all Cisco show command filters) is case sensitive and doesn't allow tab completions or etc - you need to type exactly what you're looking for (or at least the beginning of what you're looking for).Note that per one site: "Cisco considers a section to be a line with no leading blank and includes all lines following it until the start of the next section."
Verifying the changes is where the section filter can really be helpful. Rather than getting a complete new copy of the config and sifting through it, just do a sh run | s i whatever I'm looking for. On major changes, I will always save the starting configs and the ending configs and compare them with WinMerge. However, the section command works very well to make sure everything is going well as I make each change.
So overall, the section command filter is a great shortcut. However, if you are looking for data on an interface, you should use show run interface. This method will allow for tabbed completions, abbreviations and isn't case sensitive so it is faster and better for this type of work than the section filter. It won't work with the variety of items that the section command will though.
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtshfltr.html
http://www.techexams.net/forums/ccna-ccent/37408-show-run-section.html
http://cciepursuit.wordpress.com/2007/07/17/must-use-command-filtering-output-with-the-section-command/
http://www.nil.com/C1256F0A00429755/html/EnhanceIOSUI/
Cisco Documentation:
show
! awesome. Now I don't have to filter through the config looking for the ephone 12 config.When I first start working on a router, I'll usually grab a copy of the running config and throw it into a txt file. Then I search through it for whatever I want. Once I find the relevant pieces, I'll copy them over to a new text file and prep the changes I want to make. Then I'll apply the changes to the router.
2821#sh run | s i ephone 12
ephone 12
device-security-mode none
description Ryan IP Communicator
video
mac-address 0023.AE7F.0000
type CIPC
button 1:2 2:10
2821#
! term len 0 sets the terminal length to no pauses so you can get the complete config at once.
Rtr#term len 0
Rtr#sh run
! now do a copy all to clipboard from putty and paste into a text document.
Verifying the changes is where the section filter can really be helpful. Rather than getting a complete new copy of the config and sifting through it, just do a sh run | s i whatever I'm looking for
So overall, the section command filter is a great shortcut. However, if you are looking for data on an interface, you should use show run interface
! annoying because I had to type this all the way out and even capitalize it correctlyShow Section Command Filter Links
2821#sh run | s i interface GigabitEthernet0/0
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
bridge-group 1
! less annoying - just do sh run int and use tab completion or abbreviations like you normally would.
2821#sh run int gigabitEthernet 0/0
Building configuration...
Current configuration : 92 bytes
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
bridge-group 1
end
2821#
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtshfltr.html
http://www.techexams.net/forums/ccna-ccent/37408-show-run-section.html
http://cciepursuit.wordpress.com/2007/07/17/must-use-command-filtering-output-with-the-section-command/
http://www.nil.com/C1256F0A00429755/html/EnhanceIOSUI/
Cisco Documentation:
Command Reference
This section documents new commands. All other commands used with this feature are documented in the Cisco IOS Release 12.3 T command reference publications.
show section
To filter the output of a show command to match a given expression as well as any lines associated with that expression, use the show command section command in privileged EXEC mode.
show command | section [include | exclude] regular-expression
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
In many cases, it is useful to filter the output of a show command to match a specific expression. Filtering provides some control over the type and amount of information displayed by the system. The show section command provides enhanced filtering capabilities by matching lines in the show command output containing specific expressions as well as matching any entries associated with those expressions. Filtering is especially useful, for example, when displaying large configuration files using the show running-configuration command or the show interfaces command.
If the include or exclude keyword is not specified, include is the default.
If there are no associated entries for an expression, then only the line matching the expression is displayed.
Examples
The following examples compare the filtering characteristics of the show running-config | include command with the show running-config | section command. The first example gathers just the lines from the configuration file with "interface" in them.
Router# show running-config | include interface
interface Ethernet0/0 interface Ethernet1/0 interface Serial2/0 interface Serial3/0
The next example uses the show command section command to gather the lines in the configuration file with "interface" in them as well as any lines associated with those entries. In this example, interface configuration information is captured.
Router# show running-config | section include interface
interface Ethernet0/0 shutdown no cdp enable
interface Ethernet1/0 shutdown no cdp enable interface Serial2/0 shutdown no cdp enable interface Serial3/0 shutdown no cdp enable
Related Commands
Information About the Show Command Section Filter
The Show Command Section Filter feature enhances the functionality of the Cisco IOS CLI by filtering show command output matching a regular expression (text string) as well as filtering output associated with that expression. Prior to this enhancement, the level of filtering offered by the show command was limited to the individual lines of the output.
In many cases, it is useful to filter the output of a show command to match a specific expression. Filtering provides some control over the type and amount of information displayed by the system. With section filtering, show command output not only displays the individual entries matching the expression in the command output but also displays the section of entries associated with that expression.
Filtering is especially useful, for example, when displaying a large configuration file. In this case, it is helpful to display sections of the configuration file without having to enter multiple commands to gather the related configuration information.
Thursday, May 6, 2010
Subscribe to:
Posts (Atom)