LolCat 5509 Part 1

About two years and a half ago I was looking for any type of high end Cisco equipment to learn on, fuzz, reverse, etc. As it turns out it isn’t the easiest thing to get your hands on a piece of affordable top end gear. After spending a few months looking for some new equipment I called off the search and began to focus on other projects.

Not long after I quit looking I got a call from a friend that was at a computer recycling shop near where I lived. He had two Cisco 5509s for $80. Willing to take my chances that I’d be able to fix or part them back to health I had them purchased and he was kind enough to deliver them to my door the next week.

I cut a notch into a standard power cable and both booted right up! No fuss, no debugging, and no logic analyzer needed. I consoled into the device and our eyes both went wide at the same time. They still had their running configuration.

We paged through line after line of config, kerb keys, password hashes, username -> port assignment, acls, it was all still intact.

Dumbfounded we looked at each other and called our friends at the company domain that was listed.

By dumb luck we both knew several of the individuals on their security team and emailed them pictures of what we had found.

Apparently this caused a fire drill of which I am never allowed to speak. Much of the credential information we had gleaned was still valid on large parts of their network.

Having talked to them about the aftermath. Three different processes had failed. The company was supposed to wipe the gear before it was deracked. The reseller it was sold to promised to wipe the gear before it was sold. The recycler claimed they also wiped everything that came in the door. All three processes happily failed leaving me with two LolCat5509s.

Two years later I have no need for 12u worth of switch anymore. I’ve decided to spiff up my remaining 5509 and return it to the company from once it came. Stay tuned for more updates of the Lolcat5509.

Ride the Pwnie Down the Rainbow

This last weekend at Toorcamp presented my current research on using CUDA to speed up more complex fuzzing operations like checksums and crypto algorithms. The slides are posted here.

Makerbot Part 3

Bre crashed out at my place before ToorCamp and gave me a hand working some of the bugs out of my Makerbot. It turns out most of my problems came down to my surface mount soldering needing a bit of work. I didn’t want to risk frying the ICs on the 11 makerbot boards so I did them by hand. Thus after hitting all of the pins again with a soldering iron all the electronics bugs went away.

It makes me happy that I got one of the models that required building the boards by hand.  Seems the next models will be prefabbed.  Bre spents a while getting the tension out of the z stage in the machine it turns out my screws needed a bit of love and he did a few hacks he learned taking his on the road. I gave him some feedback on the build process and docs.

Weee into the morning we got our first extrusion out of Raven and success was ours!

We both passed out for a few hours then the next morning Bre printed me a Makerbot Coin and I printed out a D20.

This was an amazing amount of fun to get together, and I’m hoping to hack it up more soon stay tuned!