Hidden file, wrong image upload on Cisco ASA 5520

Today, I needed to test something on a ASA 5520, which required a different image version. I was running asa822-k8 and needed to test something on asa841-k8. In short: the upload went wrong, I couldn’t find the file which now was hidden, couldn’t upload a new, and couldn’t delete it. But eventually i WON! – This was my fight:


Today, I needed to test something on a ASA 5520, which required a different image version.

I was running asa822-k8 and needed to test something on asa841-k8.

In short: the upload went wrong, I couldn’t find the file which now was hidden, couldn’t upload a new, and couldn’t delete it. But eventually i WON! – This was my fight:

Okay, i had to copy the image from my TFTP server to the inbuilt flash on the asa named disk0.

I know, it was my own fault, but my image upload went something like this:

asa# copy tftp: disk0:

Address or name of remote host []? 192.168.0.178
Source filename []? asa841-k8.bin
Destination filename []? disk0
Accessing tftp://192.168.0.178/asa841-k8.bin…!!!!!!!!!!!!!!!!!!!!!!!!!!!!!….
Writing file disk0:/disk0…
!!!!!!!!!!!!!!!!….
24938496 bytes copied in 21.610 secs (1187547 bytes/sec)

I didn’t spot the typo at first, but when the upload was completed I couldn’t find the asa841-k8.bin file anywhere.

asa# dir
Directory of disk0:/
90     -rwx  16459776    01:01:44 Jun 12 2010  asa822-k8.bin
92     -rwx  14240396    01:04:34 Jun 12 2010  asdm-631.bin
3      drwx  4096        01:07:30 Jun 12 2010  log
10     drwx  4096        13:26:38 Nov 25 2008  crypto_archive
11     drwx  4096        01:07:44 Jun 12 2010  coredumpinfo
93     -rwx  4436544     09:19:54 Sep 15 2010  anyconnect-win-2.5.1025-k9.pkg

62947328 bytes total (1511424 bytes free)

Checking my telnet history, and I could see, that I did type in disk0 as destination filename a typo did occur: disk0?! WTF

Then I tried to upload the file again with the right filename asa841-k8.bin, but all i got was this error:

Destination filename [asa841-k8.bin]?
Accessing tftp://192.168.0.178/asa841-k8.bin…!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
%Error copying tftp://192.168.0.178/asa841-k8.bin (Not enough space on device)

So my image file was uploaded to the ASA with filename disk0, and was now totally hidden, or placed somewhere secret?

I tried to find the file, but I couldn’t:

asa# dir /recursive
Directory of disk0:/*
90     -rwx  16459776    01:01:44 Jun 12 2010  asa822-k8.bin
92     -rwx  14240396    01:04:34 Jun 12 2010  asdm-631.bin
93     -rwx  4436544     09:19:54 Sep 15 2010  anyconnect-win-2.5.1025-k9.pkg
Directory of disk0:/log
No files in directory
Directory of disk0:/crypto_archive
No files in directory
Directory of disk0:/coredumpinfo
12     -rwx  43          01:07:44 Jun 12 2010  coredump.cfg
62947328 bytes total (1511424 bytes free)

and

asa# dir /all
Directory of disk0:/
90     -rwx  16459776    01:01:44 Jun 12 2010  asa822-k8.bin
92     -rwx  14240396    01:04:34 Jun 12 2010  asdm-631.bin
3      drwx  4096        01:07:30 Jun 12 2010  log
10     drwx  4096        13:26:38 Nov 25 2008  crypto_archive
11     drwx  4096        01:07:44 Jun 12 2010  coredumpinfo
93     -rwx  4436544     09:19:54 Sep 15 2010  anyconnect-win-2.5.1025-k9.pkg
62947328 bytes total (1511424 bytes free)

But NO disk0 file anywhere…

I then tried to delete the file:

asa# delete disk0:disk0…
Delete filename [disk0...]?
Delete disk0:/disk0…? [confirm]
%Error deleting disk0:/disk0… (Directory not empty)

Error Directory not empty, hmm directory – because the file was named disk0 without any filetype, maybe ios thinks that the file is a directory?

asa# rmdir disk0:/disk0…
Remove directory filename [disk0...]?
Delete disk0:/disk0…? [confirm]
%Error Removing dir disk0:/disk0… (Directory not empty)

Not empty, NO its a FILE!! – lets see what the “directory” contains:

asa# cd disk0…
asa# dir
Directory of disk0:/disk0…/
No files in directory
62947328 bytes total (5951488 bytes free)

Nothing!! – okay now I’m getting angry, Cisco IOS can’t “see” the file, cant list the file in a dir, can’t delete the file – because its a directory, can’t delete the directory – because its not empty, and can’t see any files in the “directory”.

Think think think.

And then it stroke my attention, maybe I could rename the file, directory whatever it is.

asa# rename disk0:/disk0… test.asa
Source filename [disk0...]?
Destination filename [test.asa]?

No error JUBIIII!, lets see a dir command:

asa# dir
Directory of disk0:/
90     -rwx  16459776    01:01:44 Jun 12 2010  asa822-k8.bin
92     -rwx  14240396    01:04:34 Jun 12 2010  asdm-631.bin
3      drwx  4096        01:07:30 Jun 12 2010  log
139    -rwx  24938496    09:28:22 May 23 2011  test.asa
10     drwx  4096        13:26:38 Nov 25 2008  crypto_archive
11     drwx  4096        01:07:44 Jun 12 2010  coredumpinfo
62947328 bytes total (5951488 bytes free)

Now we are talking IOS again, and now that the file did include a filtype .asa, then it could be deleted! (in fact I maybe could have renamed it to .bin and used it as a systemimage, but I needed to see that i could delete the file – which i could!)

After a new tftp copy, this time with a destination filename, and the box was running 8.41.



Share
Tags
Written by Clemen


Leave a Comment

Twitter feed responded with an HTTP status code of 403.