Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → mohemiv → Tcltools

mohemiv / Tcltools

Licence: gpl-3.0

Сollection of TCL scripts for Cisco IOS penetration testing

Programming Languages

tcl

693 projects

TCL scripts for Cisco IOS penetration testing

With TCLtools you can transform any Cisco IOS hardware into a pivoting station. It's easy to set up and use!

Features

TCLmap — Port scanner implementation (nmap)
TCLproxy — Proxy server implementation

TCLproxy

TCLproxy is a tool for pivoting through Cisco devices. It's capable to forward any TCP port or launch a proxy server.

TCLproxy v0.0.3

Usage: tclsh ./tclproxy.tcl [-L address]... [-D address]...

Proxy server implementation. Binary protocols are supported.

  -L [bind_address:]port:remote_host:remote_port
    Forward a remote port to a local port.
    Multiple connections and multiple forwards are supported.

  -D [bind_address:]port
    Launch a SOCKS4a proxy server.

 Forwarding between VRF tables:
    -D [[email protected]][bind_address]:port[@VRF_table_for_outbound_connections]
    -L [[email protected]][bind_address]:port[@VRF_table_for_outbound_connections]:remote_host:remote_port

  optional arguments:
  -f, --disable-eof-check      Speed increases by 1-15 KB/s, but connections don't close automatically. Dangerous!
  -h, --help                   Show this help message and exit.
  -q, --disable-output         Quite mode. In this mode, you can disconnect from the console without script termination. Dangerous!
  -l, --low-ports              Use privileged source ports. Required for NFS (source port increments from 1 to 1023 every connection)
  -n, --disable-dns            Do not resolve DNS names in SOCKS mode

  The effect of --disable-eof-check and --disable-output options depends on hardware architecture and firmware version.
  TCLproxy will not work for port scanning, use tclmap.tcl instead.

   example:
    $ sudo py3tftp -p 69
    cisco# configure terminal
    cisco(config)# scripting tcl low-memory 5242880
    cisco(config)# end
    cisco# copy tftp://192.168.1.10/tclproxy.tcl flash:/
    cisco# tclsh tclproxy.tcl -h
    cisco# tclsh tclproxy.tcl -L 5901:10.0.0.1:445 -D :[email protected] -D 5900
    ...
    cisco# del flash:/tclproxy.tcl

About TCL

TCL is a high-level, general-purpose, interpreted, dynamic programming language. Cisco IOS implements TCL 8.3.4:

cisco# tclsh
cisco(tcl)# puts $tcl_version
8.3

cisco(tcl)# puts $tcl_patchLevel
8.3.4

How to use TCLtools

TCLtools requires privilege level 15 on the hardware.

There are four methods to upload TCL scripts:

Copy tcl script from ftp or tftp server:

$ sudo py3tftp -p 69
or
$ python2 -m pyftpdlib 

cisco# copy tftp://192.168.1.10/tclproxy.tcl flash:/
cisco# copy ftp://192.168.1.10:2121/tclproxy.tcl flash:/
cisco# tclsh tclproxy.tcl

or

cisco# tclsh ftp://192.168.1.10:2121/tclproxy.tcl

Create new file via tclsh:

$ cat tclproxy.tcl | sed -E 's/([{}$\[])/\\\1/g'
cisco# tclsh
cisco(tcl)# puts [open "flash:tclproxy.tcl" w+] {
cisco(tcl)# ; Copy file contents onto this
cisco(tcl)# }
cisco(tcl)# exit
cisco#
cisco# tclsh tclproxy.tcl

Set $argv var and put script code into tclsh (non-recommended):

cisco# tclsh
cisco(tcl)# set argv [list -D 1080]
cisco(tcl)# ; Copy file contents onto this

Use "scripting tcl init" command (non-recommended):

cisco# configure terminal
cisco(config)# scripting tcl init ftp://192.168.1.10/tclproxy.tcl
cisco(config)# end
cisco# tclsh

A good practice is to set the minimum size of free memory:

cisco# configure terminal
cisco(config)# scripting tcl low-memory 5242880
cisco(config)# end

In addition to, or instead of, you can view device performance with the following commands:

cisco# show processes cpu | i Tcl
cisco# show processes mem | i Tcl

Remarks

Do not use TCLproxy for TCP/IP port scanning. Because Cisco doesn't implement -async socket option, socks server is interrupted for 30 seconds after every connection to any filtered port.
Outdated IOS versions can redirect TCL output to another console. It's an IOS bug.
If you disconnect from the console, TCL script stops after the next output.

Tested on Cisco 2811 / Cisco 2821 Integrated Services Router, Cisco Catalyst 2960, and Cisco Catalyst 3750-X.

Contact Us

You can Open a New Issue to report a bug or suggest a new feature to improve the project. Or you can drop a few lines at [email protected].

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 34

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗