Certified Ethical Hacker (CEH) — Question 46

The network administrator at Spears Technology, Inc has configured the default gateway Cisco router's access-list as below:
You are hired to conduct security testing on their network.
You successfully brute-force the SNMP community string using a SNMP crack tool.
The access-list configured at the router prevents you from establishing a successful connection.
You want to retrieve the Cisco configuration from the router. How would you proceed?

Answer options

• A. Use the Cisco's TFTP default password to connect and download the configuration file
• B. Run a network sniffer and capture the returned traffic with the configuration file from the router
• C. Run Generic Routing Encapsulation (GRE) tunneling protocol from your computer to the router masking your IP address
• D. Send a customized SNMP set request with a spoofed source IP address in the range -192.168.1.0

Correct answer: B, D

Explanation

Option B is correct because using a network sniffer allows you to capture the traffic that includes the configuration file sent from the router. Options A and C are incorrect as they rely on methods that either do not work due to the access-list or involve techniques that don't guarantee access to the configuration. Option D could theoretically work but is less reliable and involves more complexity than simply capturing the traffic.