{"id":92,"date":"2011-05-25T20:30:24","date_gmt":"2011-05-25T19:30:24","guid":{"rendered":"http:\/\/www.phillips321.co.uk\/?p=92"},"modified":"2011-07-13T10:45:49","modified_gmt":"2011-07-13T09:45:49","slug":"cisco-pix-firewall-config-that-needs-understanding","status":"publish","type":"post","link":"https:\/\/www.phillips321.co.uk\/2011\/05\/25\/cisco-pix-firewall-config-that-needs-understanding\/","title":{"rendered":"Cisco PIX firewall config that needs understanding?"},"content":{"rendered":"

So, you’ve been given a cisco config from a pix firewall using<\/p>\n

1
<\/div><\/td>
'show run'<\/span><\/div><\/td><\/tr><\/tbody><\/table><\/div>\n

and you’ve looked through it and it seems a ballache to understand. We know we could use nipper but you either have to pay a wedge for the professional version<\/a> of suffer with the free version<\/a>.<\/p>\n

After a little googling I found a few tools to help along the way.
\nfwbuilder<\/a> looks good but doesn’t support pix as of yet, maybe something to keep an eye on? – Installation is easy on debian systems:<\/p>\n

1
2
3
4
5
<\/div><\/td>
echo<\/span> "deb http:\/\/packages.fwbuilder.org\/deb\/stable\/ maverick contrib"<\/span> >><\/span> \/<\/span>etc\/<\/span>apt\/<\/span>sources.list
\nwget<\/span> http:\/\/<\/span>www.fwbuilder.org\/<\/span>PACKAGE-GPG-KEY-fwbuilder.asc
\napt-key add<\/span> PACKAGE-GPG-KEY-fwbuilder.asc
\napt-get update<\/span>
\napt-get install<\/span> fwbuilder<\/div><\/td><\/tr><\/tbody><\/table><\/div>\n

fwconfigparser<\/a> is a a php script that takes input from a process.txt file and outputs as html – Quick installation via svn<\/p>\n

1
<\/div><\/td>
svn checkout<\/span> http:\/\/<\/span>fwconfigparser.googlecode.com\/<\/span>svn\/<\/span>trunk\/<\/span> fwconfigparser<\/div><\/td><\/tr><\/tbody><\/table><\/div>\n

routerdefense<\/a> uses a cisco config to offer security recommendations (i guess like nipper?) – Quick installation via svn<\/p>\n

1
<\/div><\/td>
svn checkout<\/span> http:\/\/<\/span>routerdefense.googlecode.com\/<\/span>svn\/<\/span>trunk\/<\/span> routerdefense<\/div><\/td><\/tr><\/tbody><\/table><\/div>\n

Unfortunately i could not use fwbuilder as it didn’t support pix firewalls so i cant demonstrate it here, maybe i can throw something together in the future. (Keep an eye on this for updates)<\/p>\n

fwconfigparser is as simple as copying the index.php to a browsable web directory and in the same directory placing the config file with the name process.txt
\n\"fwconfigparser\"<\/a><\/p>\n

This helped but the next thing i played with was routerdefense.
\nIt’s not obvious at first what is happening when you try to run<\/p>\n

1
<\/div><\/td>
launch.sh<\/div><\/td><\/tr><\/tbody><\/table><\/div>\n

but after catting the file it becomes clear that the usage is as follows:<\/p>\n

1
<\/div><\/td>
python main.py -c<\/span> \/<\/span>root\/<\/span>config.txt -t<\/span> \/<\/span>pentest\/<\/span>audit\/\/<\/span>template.conf<\/div><\/td><\/tr><\/tbody><\/table><\/div>\n

After an attempt to run the file it seems that for some reason it doesn’t work with either of the two configs i had \ud83d\ude41<\/p>\n

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
<\/div><\/td>
root@<\/span>GnackTrackR7:\/<\/span>pentest\/<\/span>audit\/<\/span>routerdefense# python main.py -c \/root\/config.txt -t \/pentest\/audit\/routerdefense\/template.conf <\/span>
\n
\n______            _             ______      __
\n|<\/span> ___ \\          |<\/span> |<\/span>            |<\/span>  _  \\    \/<\/span> _|<\/span>
\n|<\/span> |<\/span>_\/<\/span> \/<\/span>___  _   _|<\/span> |<\/span>_ ___ _ __  |<\/span> |<\/span> |<\/span> |<\/span>___|<\/span> |<\/span>_ ___ _ __  ___  ___
\n|<\/span>    \/\/<\/span> _ \\|<\/span> |<\/span> |<\/span> |<\/span> __\/<\/span> _ \\ '__| | | | \/ _ \\  _\/ _ \\ '<\/span>_ \\\/<\/span> __|\/<\/span> _ |<\/span> |<\/span>\\ \\ (<\/span>_)<\/span> |<\/span> |<\/span>_|<\/span> |<\/span> ||<\/span>  __\/<\/span> |<\/span>    |<\/span> |\/<\/span> \/<\/span>  __\/<\/span> ||<\/span>  __\/<\/span> |<\/span> |<\/span> \\__ \\  __\/<\/span>
\n\\_|<\/span> \\_\\___\/<\/span> \\__,_|<\/span>\\__\\___|<\/span>_|<\/span>    |<\/span>___\/<\/span> \\___|<\/span>_|<\/span> \\___|<\/span>_|<\/span> |<\/span>_|<\/span>___\/<\/span>\\___|<\/span>
\n
\n=[<\/span> Cisco IOS security assessment tool
\n=[<\/span> http:\/\/<\/span>www.packetfault.org
\n=[<\/span> version 0.5.1
\n
\nTraceback (<\/span>most recent call last<\/span>)<\/span>:
\n  File "main.py"<\/span>, line 97<\/span>, in<\/span> <<\/span>module><\/span>
\n    consoleCfg = parseConsole(<\/span>lines)<\/span>
\n  File "\/pentest\/audit\/routerdefense\/common.py"<\/span>, line 250<\/span>, in<\/span> parseConsole
\n    for<\/span> i in<\/span> range(<\/span>lineConLocation + 1<\/span>, len(<\/span>lines)<\/span>)<\/span>:
\nUnboundLocalError: local<\/span> variable 'lineConLocation'<\/span> referenced before assignment
\nroot@<\/span>GnackTrackR7:\/<\/span>pentest\/<\/span>audit\/<\/span>routerdefense#<\/span><\/div><\/td><\/tr><\/tbody><\/table><\/div>\n","protected":false},"excerpt":{"rendered":"

So, you’ve been given a cisco config from a pix firewall using 1’show run’ and you’ve looked through it and it seems a ballache to understand. We know we could use nipper but you either have to pay a wedge for the professional version of suffer with the free version. After a little googling I […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3,4,1],"tags":[56,53,52,50,54,55,51],"_links":{"self":[{"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/posts\/92"}],"collection":[{"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/comments?post=92"}],"version-history":[{"count":9,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/posts\/92\/revisions"}],"predecessor-version":[{"id":187,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/posts\/92\/revisions\/187"}],"wp:attachment":[{"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/media?parent=92"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/categories?post=92"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/tags?post=92"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}