注意:本文一下将介绍如何修改pixos,来打开webvpn.并用pemu加载.
我想说的是, 以下内容仅供学习交流之用,请不要做任何超出该范围之外的事.否则任何法律问题,后果自负.
1.验证pix722.bin MD5
#md5sum pix722.bin
d2641f1441347b0204449da1d4a06758 pix722.bin
之后解压pix722.bin
#unzip pix722.bin
2.去除p_w_picpath 校验认证
原 : 000122a4: e8 57 fc f3 00 85 c0 0f 84 86 01 00 00
修改后: 000122a4: 90 90 90 90 90 90 90 90 90 90 90 90 90
注意我使用的是linux 下的16进制编辑器hexedit
#hexedit pix722.bin
然后 Ctrl+G 输入0x122a4
光标将定位到
000122A0 00 00 10 00 E8 57 FC F3 00 85 C0 0F 84 86 01 00 .....W..........
000122B0 00 8B 45 EC 89 44 24 04 8B 45 F0 89 04 24 E8 DD ..E..D$..E...$..
将上面红色字段修改为以下蓝色字段
000122A0 00 00 10 00 90 90 90 90 90 90 90 90 90 90 90 90 .....W..........
000122B0 90 8B 45 EC 89 44 24 04 8B 45 F0 89 04 24 E8 DD ..E..D$..E...$..
继续下一步操作
3.修改webvpn是否开启的函数
原 : 00d31c18: 55 89 e5 57
修改后: 00d31c18: 31 C0 40 C3
光标定位到:
00D31C10 00 8D BC 27 00 00 00 00 55 89 E5 57 56 83 EC 20 ...'....U..WV..
将上面红色字段修改为以下蓝色字段
00D31C10 00 8D BC 27 00 00 00 00 31 C0 40 C3 56 83 EC 20 ...'....U..WV..
继续下一步操作
4.修改返回得到许可的ssl peers数量的函数
原 : 00f5c990: 55 a1 70 4c 3a 01
修改后: 00f5c990: b8 00 01 00 00 c3
光标将定位到
00F5C990 55 A1 70 4C 3A 01 89 E5 5D C3 8D B6 00 00 00 00 U.pL:...].......
将上面红色字段修改为以下蓝色字段
00F5C990 b8 00 01 00 00 c3 89 E5 5D C3 8D B6 00 00 00 00 U.pL:...].......
完成上面三个步骤 按F2保存,Ctrl+C,退出
之后就可以使用PEMU来加载这个修改过的PIX OS 了
5.使用pemu加载
Cisco PIX Security Appliance Software Version 7.2(2)
Compiled on Wed 22-Nov-06 14:16 by builders
System p_w_picpath file is "Unknown, monitor mode tftp booted p_w_picpath"
Config file at boot was "startup-config"
pixfirewall up 51 secs
Hardware: PIX-525, 128 MB RAM, CPU Pentium II 1 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
0: Ext: Ethernet0 : address is 00aa.0000.0202, irq 9
The Running Activation Key is not valid, using default settings:
pixfirewall# conf t
pixfirewall(config)# web
pixfirewall(config)# webvpn
pixfirewall(config-webvpn)# ?
Web××× commands:
apcf Load Application Profile Customization Framework
(APCF) profile
authorization-dn-attributes The DN of the peer certificate used as username
for authorization
authorization-required Require users to authorize successfully in order
to connect
auto-signon Auto signon
cache Configure Web××× cache
character-encoding Configures the character encoding for Web×××
portal pages
csd This specifies whether Cisco Secure Desktop is
enabled and the package file name to be used.
customization Configure Web××× GUI Customization object
default-idle-timeout This is the default idle timeout in seconds
enable Enable Web××× on the specified interface
exit Exit from Web××× configuration mode
file-encoding Configures the file encoding for a file sharing
server
help Help for Web××× commands
http-proxy This is the proxy server to use for HTTP
requests
https-proxy This is the proxy server to use for HTTPS
requests
java-trustpoint Configure Web××× java trustpoint
memory-size Configure Web××× memory size
no Remove a Web××× command or set to its default
port Web××× should listen for connections on the
specified port
port-forward Configure the port-forward list for Web×××
proxy-bypass Configure proxy bypass
rewrite Configure content rewriting rule
sso-server Configure an SSO Server
svc This specifies whether the SSL ××× Client is
enabled and the package file name to be used.
tunnel-group-list Configure Web××× group list dropdown in login
page
url-list Configure a list of URLs for use with Web×××
pixfirewall(config-webvpn)#