Sign in to follow this  
Followers 0

Legit Cisco IOS Images for Free, or Messing with Cisco's JS

1 post in this topic

...because that title couldn't be more spammy, right? :)


So I'm looking at getting an older Cisco switch with 10gb capability, I figure it just needs to be two to four uplink ports since I'll only have two 10gb Ethernet cards to start with. Plus I need a larger access switch, my little 8-port 2960G won't cut it much longer. One thing I always do before buying a used Cisco switch is, ahem, find the most recent IOS image and verify its MD5 against the Cisco site.


I couldn't find a copy of the most recent IOS for a 3500 series switch, so I was goofing around with Cisco's JS, trying to see if they (like 99% of web devs apparently) were doing their validations all clientside. Then I thought, "wait, can I actually register for this?" Apparently the answer is yes, you just tell them you're a client, and agree to ITAR encryption export limitations, and you're good to go for LAN base and IP base on a lot of stuff.


BTW, with the legit login I traced my way through the JS responsible for processing the download, and no, they're not validating clientside. It appears they go the extra step of validating *again* server-side, even after the login comes back successful -- you can snarf the download URL from one of the JS objects, and it's apparently a one-time-use deal. I couldn't wget it after I'd started the download normally.


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0