The network administrator at Spears Technology, Inc has configured the default gateway Cisco router’s access-list as below:

Current configuration : 1206 bytes
!
version 12.3
!
hostname Victim
!
enable secret 5 $1$h2iz$DHYpcqURF0APD2aDuA.YX0
!
interface Ethernet0/0
p address dhcp
p nat outside
alf-duplex
!
interface Ethernet0/1

p address 192.168.1.1 255.255.255.0
p nat inside
alf-duplex
!
router rip
etwork 192.168.1.0
!
ip nat inside source list 102 interface Ethernet0/0 overload
no ip http server
ip classless
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 102 permit ip any any
!
snmp-server community public RO
snmp-server community private RW 1
snmp-server enable traps tty
!
line con 0
ogging synchronous
ogin
line aux 0
line vty 0 4
assword secret
ogin
!
!
end

You are hired to conduct security testing on their network. You successfully brute-force the SNMP community string using a SNMP crack tool. The access-list configured at the router prevents you from establishing a successful connection.

You want to retrieve the Cisco configuration from the router. How would you proceed?

A.
Run a network sniffer and capture the returned traffic with the configuration file from the router

B.
Use the Cisco’s TFTP default password to connect and download the configuration file

C.
Send a customized SNMP set request with a spoofed source IP address in the range – 192.168.1.0

D.
Run Generic Routing Encapsulation (GRE) tunneling protocol from your computer to the router masking your IP address

Explanation:
SNMP is allowed only by access-list 1. Therefore you need to spoof a 192.168.1.0/24 address and then sniff the reply from the gateway.