LolCat 5509 Part 1
About two years and a half ago I was looking for any type of high end Cisco equipment to learn on, fuzz, reverse, etc. As it turns out it isn’t the easiest thing to get your hands on a piece of affordable top end gear. After spending a few months looking for some new equipment I called off the search and began to focus on other projects.
Not long after I quit looking I got a call from a friend that was at a computer recycling shop near where I lived. He had two Cisco 5509s for $80. Willing to take my chances that I’d be able to fix or part them back to health I had them purchased and he was kind enough to deliver them to my door the next week.
I cut a notch into a standard power cable and both booted right up! No fuss, no debugging, and no logic analyzer needed. I consoled into the device and our eyes both went wide at the same time. They still had their running configuration.
We paged through line after line of config, kerb keys, password hashes, username -> port assignment, acls, it was all still intact.
Dumbfounded we looked at each other and called our friends at the company domain that was listed.
By dumb luck we both knew several of the individuals on their security team and emailed them pictures of what we had found.
Apparently this caused a fire drill of which I am never allowed to speak. Much of the credential information we had gleaned was still valid on large parts of their network.
Having talked to them about the aftermath. Three different processes had failed. The company was supposed to wipe the gear before it was deracked. The reseller it was sold to promised to wipe the gear before it was sold. The recycler claimed they also wiped everything that came in the door. All three processes happily failed leaving me with two LolCat5509s.
Two years later I have no need for 12u worth of switch anymore. I’ve decided to spiff up my remaining 5509 and return it to the company from once it came. Stay tuned for more updates of the Lolcat5509.