Friday, May 17, 2013

How to transfer files from/to cisco devices

There are several options for transferring files to a cisco device. Tftp is a traditional way. Scp is also supported by IOS from 12.3(2)T, 12.2(14)S (encryption needs to be supported by the feature set). If no in-band connection is available, xmodem will become an option for it.

scp
Pro: Transfered files are encrypted
Con: Not supported by all platforms, in-band connection is necessary

tftp
Pro: Supported by all platforms
Con: Files are transfed in plain text, tftp protocol does not have authentication, in-band connection is necessary

xmodem
Pro: Supported by all platforms, No need for in-band connection
Con: Slow transmission

Whenever transferring a start-up configuration, it's better to think about using scp in favor of tftp since not a few passwords are on the config in a plain text or in an obscured form. Type 7 encryption is just an obfuscation that is cracked within a second, and even type 5 encryption can be decrypted with a massive computation power since the salt is also on the same file.


Reference:
Cisco IOS Configuration Fundamentals Command Reference
http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_c1.html#wp1064741

Cisco Password Cracker (For type 5 encryption)
https://www.google.com/search?q=cisco+type+7+crack&ie=utf-8&oe=utf-8&aq=t

Decrypting Cisco type 5 password hashes
http://retrorabble.wordpress.com/2011/02/09/decrypting-cisco-type-5-password-hashes/

No comments:

Post a Comment