https://github.com/mohemiv/TCLtools

Сollection of TCL scripts for Cisco IOS penetration testing
https://github.com/mohemiv/TCLtools

Last synced: 10 days ago
JSON representation

Сollection of TCL scripts for Cisco IOS penetration testing

• Host: GitHub
• URL: https://github.com/mohemiv/TCLtools
• Owner: mohemiv
• License: gpl-3.0
• Created: 2017-11-29T14:17:54.000Z (almost 7 years ago)
• Default Branch: master
• Last Pushed: 2018-07-17T13:52:39.000Z (over 6 years ago)
• Last Synced: 2024-08-03T23:08:15.394Z (3 months ago)
• Language: Tcl
• Size: 41 KB
• Stars: 62
• Watchers: 4
• Forks: 13
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-hacking-lists - mohemiv/TCLtools - Сollection of TCL scripts for Cisco IOS penetration testing (Tcl)

README

        
TCL scripts for Cisco IOS penetration testing

=======

With TCLtools you can transform any Cisco IOS hardware into a pivoting station. It's easy to set up and use!

Features

---------------------------

 * TCLmap — Port scanner implementation (nmap)

 * TCLproxy — Proxy server implementation

TCLproxy

--------

TCLproxy is a tool for pivoting through Cisco devices. It's capable to forward any TCP port or launch a proxy server.

```

TCLproxy v0.0.3

Usage: tclsh ./tclproxy.tcl [-L address]... [-D address]...

Proxy server implementation. Binary protocols are supported.

  -L [bind_address:]port:remote_host:remote_port

    Forward a remote port to a local port.

    Multiple connections and multiple forwards are supported.

  -D [bind_address:]port

    Launch a SOCKS4a proxy server.

 Forwarding between VRF tables:

    -D [VRF_table_for_listening@][bind_address]:port[@VRF_table_for_outbound_connections]

    -L [VRF_table_for_listening@][bind_address]:port[@VRF_table_for_outbound_connections]:remote_host:remote_port

  optional arguments:

  -f, --disable-eof-check      Speed increases by 1-15 KB/s, but connections don't close automatically. Dangerous!

  -h, --help                   Show this help message and exit.

  -q, --disable-output         Quite mode. In this mode, you can disconnect from the console without script termination. Dangerous!

  -l, --low-ports              Use privileged source ports. Required for NFS (source port increments from 1 to 1023 every connection)

  -n, --disable-dns            Do not resolve DNS names in SOCKS mode

  The effect of --disable-eof-check and --disable-output options depends on hardware architecture and firmware version.

  TCLproxy will not work for port scanning, use tclmap.tcl instead.

   example:

    $ sudo py3tftp -p 69

    cisco# configure terminal

    cisco(config)# scripting tcl low-memory 5242880

    cisco(config)# end

    cisco# copy tftp://192.168.1.10/tclproxy.tcl flash:/

    cisco# tclsh tclproxy.tcl -h

    cisco# tclsh tclproxy.tcl -L 5901:10.0.0.1:445 -D :5902@enterpriseVRF -D 5900

    ...

    cisco# del flash:/tclproxy.tcl

```

About TCL

=========

TCL is a high-level, general-purpose, interpreted, dynamic programming language. Cisco IOS implements TCL 8.3.4:

```

cisco# tclsh

cisco(tcl)# puts $tcl_version

8.3

cisco(tcl)# puts $tcl_patchLevel

8.3.4

```

How to use TCLtools

===========================

TCLtools requires privilege level 15 on the hardware.

There are four methods to upload TCL scripts:

1. Copy tcl script from ftp or tftp server:

```

$ sudo py3tftp -p 69

or

$ python2 -m pyftpdlib 

cisco# copy tftp://192.168.1.10/tclproxy.tcl flash:/

cisco# copy ftp://192.168.1.10:2121/tclproxy.tcl flash:/

cisco# tclsh tclproxy.tcl

or

cisco# tclsh ftp://192.168.1.10:2121/tclproxy.tcl

```

2. Create new file via tclsh:

```

$ cat tclproxy.tcl | sed -E 's/([{}$\[])/\\\1/g'

cisco# tclsh

cisco(tcl)# puts [open "flash:tclproxy.tcl" w+] {

cisco(tcl)# ; Copy file contents onto this

cisco(tcl)# }

cisco(tcl)# exit

cisco#

cisco# tclsh tclproxy.tcl

```

3. Set $argv var and put script code into tclsh (non-recommended):

```

cisco# tclsh

cisco(tcl)# set argv [list -D 1080]

cisco(tcl)# ; Copy file contents onto this

```

4. Use "scripting tcl init" command (non-recommended):

```

cisco# configure terminal

cisco(config)# scripting tcl init ftp://192.168.1.10/tclproxy.tcl

cisco(config)# end

cisco# tclsh

```

A good practice is to set the minimum size of free memory:

```

cisco# configure terminal

cisco(config)# scripting tcl low-memory 5242880

cisco(config)# end

```

In addition to, or instead of, you can view device performance with the following commands:

```

cisco# show processes cpu | i Tcl

cisco# show processes mem | i Tcl

```

Remarks

=======================

 * Do not use TCLproxy for TCP/IP port scanning. Because Cisco doesn't implement -async socket option, socks server is interrupted for 30 seconds after every connection to any filtered port.

 * Outdated IOS versions can redirect TCL output to another console. It's an IOS bug.

 * If you disconnect from the console, TCL script stops after the next output.

Tested on Cisco 2811 / Cisco 2821 Integrated Services Router, Cisco Catalyst 2960, and Cisco Catalyst 3750-X.

Contact Us

==========

You can Open a New Issue to report a bug or suggest a new feature to improve the project. Or you can drop a few lines at [email protected].