技术共享——Cisco IOS进程调试
Ciscox notes (Anthony C. Zboralski Gaius)
Research is being done on a useless Cisco 1600 with 4 megs of flash running IOS 11.1.
Recently after writting my first cisco warez (tunnelx), I told myself hey we need to find a way to inject arbitrary code, poke and peek at the memory
on a cisco, hide interfaces, route-maps, access-lists.
Let's look around:
scep#show proc
CPU utilization for five seconds: 10%/4%; one minute: 14%; five minutes: 14%
PID QTy PC Runtime (ms) Invoked uSecs Stacks TTY Process
1 M* 0 1248 107 11663 2204/4000 1 Virtual Exec
2 Lst 802DF16 34668 313 110760 1760/2000 0 Check heaps
3 Cwe 801D5DE 0 1 0 1736/2000 0 Pool Manager
4 Mst 8058B20 0 2 0 1708/2000 0 Timers
5 Lwe 80BFD4A 24 46 521 1448/2000 0 ARP Input
6 Mwe 81F78F0 4 1 4000 1744/2000 0 SERIAL A'detect
7 Lwe 80D935A 4 1 4000 1656/2000 0 Probe Input
8 Mwe 80D8CD6 0 1 0 1744/2000 0 RARP Input
9 Hwe 80CA966 80 89 898 3116/4000 0 IP Input
10 Mwe 80F41BA 16 322 49 1348/2000 0 TCP Timer
11 Lwe 80F5EB8 8 3 2666 3244/4000 0 TCP Protocols
12 Mwe 813785E 80 177 451 1588/2000 0 CDP Protocol
13 Mwe 80D5770 0 1 0 1620/2000 0 BOOTP Server
14 Mwe 81112C0 1356 1522 890 1592/2000 0 IP Background
15 Lsi 8121298 0 25 0 1792/2000 0 IP Cache Ager
16 Cwe 80237BE 0 1 0 1748/2000 0 Critical Bkgnd
17 Mwe 802365A 12 5 2400 1476/2000 0 Net Background
18 Lwe 804E82E 16 4 4000 1192/2000 0 Logger
19 Msp 80456DE 80 1493 53 1728/2000 0 TTY Background
20 Msp 802345C 20 1494 13 1800/2000 0 Per-Second Jobs
21 Msp 80233F2 68 1494 45 1488/2000 0 Net Periodic
22 Hwe 80234DC 4 1 4000 1724/2000 0 Net Input
23 Msp 8023482 772 25 30880 1800/2000 0 Per-minute Jobs
24 Lwe 8109834 4 2 2000 3620/4000 0 IP SNMP
25 Mwe 815CE08 0 1 0 1712/2000 0 SNMP Traps
26 ME 811805A 0 26 0 1892/2000 0 IP-RT Background
27 ME 803B0F8 32 11 2909 2760/4000 2 Virtual Exec
now you can even dump the memory with 'show memory'. Good but there isn't a write memory
天下网吧·网吧天下
闽公网安备35010202000238号