Post-exploitation Modules for Network Devices
If an IOS Agent has been associated with a Network Device, there are several modules that you can run to prove that the device is vulnerable to attack. These modules are non-aggressive because, were something to materially change on the device, the network and its users could be significantly disrupted.
Network Device Post Exploitation Modules
IOS Shell - This module will open a shell and allow you to interface with the network device.
Get Configuration - This module will attempt to get the configuration file of the device. Be sure to install the 3rd Party Tools provided with your Core Impact installer so that you can take advantage of encryption cracking capabilities.
Cisco IOS Agent - Privilege Escalation - This module attempts to create a Telnet connection whereby testers can make changes on the device. The change(s) made in order to achieve this connection are recorded and can then be reverted using the Cisco IOS Agent - Privilege Escalation Clean Up module.
Access List Piercing - This module compromises the filtering of network visibility that a router maintains allowing the Core Impact user to access networks that were previously off-limits. Changes can be reverted using the Access List Piercing - Clean Up module.
Interface Monitoring - This module takes advantage of a legitimate monitoring feature included in many switches and results in the Core Impact user receiving copies of data packets that were not originally intended for them. Changes can be reverted using the Interface Monitoring - Clean Up module.
Set Device Name - With this module, Core Impact can rename the network device. This won't disrupt the operation of the device but can be an eye-opening display of a router or switch's vulnerability to malicious attacks. Changes can be reverted using the Set Device Name - Clean Up module.