Owning IOS at Black Hat 2005

Revised August 1, 2005

NOTE: In response to legal action initiated by Internet Security Systems (ISS), photographs of Michael Lynn's slides have been removed. Full copies of the presentation may still be found on the Internet.

Being arrested or sued is not positive experience, but for speakers at Black Hat and Defcon, it is a badge of honor. On July 27, Michael Lynn, a computer security expert, demonstrated how to gain administrator access to many Cisco routers and switches. This demonstration occured during Lynn's scheduled talk on the vulnerabilities of Cisco IOS at the 2005 Black Hat Briefings in Las Vegas.

As a result of the talk, Lynn incurred the wrath of his former employer Internet Security Systems (ISS) and Cisco Systems. In the space of a few hours, Lynn became unemployed and was also served with a lawsuit.

Michael Lynn looks on as he gains adminstrator privileges to a Cisco Router

While Lynn did not provide a step-by-step on how to break into Cisco routers, he provided enough details for experienced professionals to figure out the rest of the process. In this report, I will show you some of the slides used during his talk and give an outline of the steps.