MIMOSAWRITERROUTER - Abusing EPC on Cisco Router to collect data presented at Infiltrate 2015

by Joaquim Espinhara, Rafael Silva,

Summary : The goal of this talk is present a way to abuse a default feature of Cisco routers. The feature mentioned is the Embedded Packet Capture (EPC), described by the Cisco: "... a powerful troubleshooting and tracing tool. The feature allows for network administrators to capture data packets flowing through, to, and from, a Cisco router." We were able to abuse this feature and build a system to collecting massive data and store them for analysis purpose. The PoC developed uses multiple Cisco routers configured with default accounts to send their data traffic (input, output or both) to our repository and finally we are able to starting the processes to transform these raw data packet files in useful information. Such as user credentials, pre-shared key keys, URLs and many other potential sensitive data can be extracted, but additional "features", like cyber attacks, are planned for the future. The subject presented by the researchers would help a simple penetration tester during a usual engagement , additionally it's possible configure a larger set of routers to collect data and build a huge database, hack the planet style. The content of this presentation results from independent research conducted by me on my own time and of my own accord. This research was not approved, sanctioned or funded by my employer and is not in any way associated with my employer.