1
00:00:02,040 --> 00:00:08,250
So beyond the penetration test, we should perform security audits on the network devices to be sure

2
00:00:08,250 --> 00:00:12,090
whether they are configured according to security criteria.

3
00:00:13,830 --> 00:00:18,210
Typically, these audits will include password creation methods.

4
00:00:19,740 --> 00:00:21,480
Identity management mechanism.

5
00:00:22,950 --> 00:00:24,540
Access control list.

6
00:00:26,450 --> 00:00:27,860
SNP security.

7
00:00:29,530 --> 00:00:31,560
And switch port security.

8
00:00:33,140 --> 00:00:40,130
In Cisco routers, there are two main methods to create passwords for users and services, the password

9
00:00:40,490 --> 00:00:41,880
and the secret methods.

10
00:00:42,710 --> 00:00:47,390
So let's see these methods and each of their features on the router.

11
00:00:49,540 --> 00:00:53,590
So here we are in Jeunesse three and we're back on our network.

12
00:00:55,290 --> 00:01:00,930
Right, click the router and select console to reach the router unless it's already open.

13
00:01:02,120 --> 00:01:07,640
If you have a console and you select the console option from the right click menu, it opens another

14
00:01:07,640 --> 00:01:08,120
console.

15
00:01:09,630 --> 00:01:15,090
Configured T to enter terminal configuration mode, let's create a new user.

16
00:01:16,170 --> 00:01:24,150
Username, I'll name it, is Cisco one, and I'll put a question mark to see the option to create a

17
00:01:24,150 --> 00:01:25,890
private authentication keyword.

18
00:01:25,920 --> 00:01:27,020
We have two options.

19
00:01:27,600 --> 00:01:30,720
The first one is password and the second one is secret.

20
00:01:31,020 --> 00:01:33,500
So I'll choose a password for this example.

21
00:01:33,510 --> 00:01:36,690
And lastly, the password we choose.

22
00:01:38,630 --> 00:01:45,320
Can I identify the privilege here to understand this, just put a few letters of the keyword PR I write

23
00:01:45,320 --> 00:01:51,050
here and press tab, so if it's completed, that means the word is allowed here.

24
00:01:51,290 --> 00:01:56,120
If it wasn't completed, I'll just need to identify privilege as a separate command.

25
00:01:56,900 --> 00:01:59,150
So just delete prai and hit enter.

26
00:02:00,560 --> 00:02:05,660
So now we created the user, Cisco, one with the password, one, two, three, four or five.

27
00:02:07,890 --> 00:02:12,480
To identify privilege, as we've seen before, just type username.

28
00:02:13,650 --> 00:02:14,430
Siska one.

29
00:02:15,570 --> 00:02:17,250
Privilege one five.

30
00:02:18,850 --> 00:02:22,050
Type exit and hit enter to exit the config mode.

31
00:02:23,470 --> 00:02:29,590
And look at that, you'll see that we have an information message which says Rueter has been configured.

32
00:02:30,140 --> 00:02:30,600
Hmm.

33
00:02:32,160 --> 00:02:39,720
OK, now let's go to Collie and try to gather the router configuration as a pin tester or ethical hacker.

34
00:02:41,450 --> 00:02:44,780
Open internal screen and run MSF console.

35
00:02:46,930 --> 00:02:50,740
So we've already seen these before, so I'll just keep it fast.

36
00:02:53,010 --> 00:02:54,960
Search for Cisco config keywords.

37
00:03:02,420 --> 00:03:03,830
Use the auxiliary module.

38
00:03:06,330 --> 00:03:09,810
So the options and now set the options community.

39
00:03:12,900 --> 00:03:15,180
Our host as the target router.

40
00:03:16,450 --> 00:03:17,500
Let me ping the router.

41
00:03:24,820 --> 00:03:27,930
Output Directorate is, say, the result of juice.

42
00:03:28,070 --> 00:03:29,200
Save it at the desktop.

43
00:03:31,200 --> 00:03:36,300
Our report is OK and the other options are good and their default.

44
00:03:37,250 --> 00:03:39,080
Now we can run the module.

45
00:03:40,310 --> 00:03:48,800
Or where the option is our hosts, not our host, I said the are hosts option.

46
00:03:49,840 --> 00:03:51,730
So let me run the module once again.

47
00:03:53,940 --> 00:03:59,910
OK, so that'll do for now the execution of the module completed and the output file, which is the

48
00:03:59,910 --> 00:04:04,620
config of our router, has been created, click to open it.

49
00:04:07,060 --> 00:04:13,030
And we have here the configuration of the router, so scroll down a bit and here's a user we created

50
00:04:13,030 --> 00:04:19,270
just a couple of minutes ago, Sasko one, as we already know, the password is stored, is clear text

51
00:04:19,270 --> 00:04:22,540
in this method so we can see the password clearly.

52
00:04:24,640 --> 00:04:27,560
Now, let's go one step further, shall we?

53
00:04:29,160 --> 00:04:34,710
I'll go back to the router console and go into the configure terminal node once again.

54
00:04:35,800 --> 00:04:40,240
Type in service and put a question mark to see the service options.

55
00:04:42,440 --> 00:04:47,690
There is an option here, password encryption to encrypt the system passwords, so let's use it.

56
00:04:49,780 --> 00:04:57,280
Exit from the configuration mode to let a rebuild the configuration now will activate the password encryption.

57
00:04:58,750 --> 00:05:02,560
So let's go on back to Cali and grab the router configuration again.

58
00:05:04,260 --> 00:05:09,600
We already know how to run the auxiliary module, so just type run to run it.

59
00:05:15,130 --> 00:05:21,250
The output file is created double click to open it, scroll down a bit, then here are the users.

60
00:05:21,490 --> 00:05:24,640
As you can see, the password is stored, encrypted now.

61
00:05:25,060 --> 00:05:25,510
Excellent.

62
00:05:26,460 --> 00:05:28,370
So does that mean it's OK now?

63
00:05:28,830 --> 00:05:29,270
Mm hmm.

64
00:05:29,590 --> 00:05:36,870
No, absolutely not, because the algorithm used to encrypt the passwords is very weak, which only

65
00:05:36,870 --> 00:05:38,400
takes a few seconds to crack.

66
00:05:40,600 --> 00:05:43,330
So now I'll copy the encrypted password.

67
00:05:45,440 --> 00:05:46,520
Open a Web browser.

68
00:05:47,820 --> 00:05:51,780
Google, Cisco, password paste, the hash and search.

69
00:05:54,570 --> 00:05:58,010
I'll just click on the first language, says Cisco password cracker.

70
00:05:59,310 --> 00:06:07,020
Now be careful where you visit while studying hacking, you might just go face to face with some harmful

71
00:06:07,020 --> 00:06:07,740
websites.

72
00:06:07,740 --> 00:06:10,180
And I want to strongly caution you against that.

73
00:06:11,640 --> 00:06:15,420
So I'll paste the password hash here and press crack password.

74
00:06:16,350 --> 00:06:19,150
Oh, man, it took less than a second to crack it.

75
00:06:19,500 --> 00:06:23,220
So what should we do to protect the passwords?

76
00:06:24,700 --> 00:06:29,290
Now, we'll go another step further, I am back in the console of the router again.

77
00:06:30,490 --> 00:06:32,200
Enter the configure terminal mode.

78
00:06:33,540 --> 00:06:38,580
Now I'll create another user and let me use the secret method now.

79
00:06:39,880 --> 00:06:46,720
Type in username, let the user name be Cisco to secret and the password.

80
00:06:47,750 --> 00:06:48,320
Presenter.

81
00:06:50,550 --> 00:06:55,770
So identify the privilege username Cisco to privilege one five.

82
00:06:57,410 --> 00:07:00,590
Exit the configuration mode and the configures say.

83
00:07:02,780 --> 00:07:09,320
Now let's go back to Collie and run the auxiliary module once again, so I'll delete the previous output

84
00:07:09,320 --> 00:07:10,570
file first.

85
00:07:10,620 --> 00:07:10,940
OK.

86
00:07:16,100 --> 00:07:20,990
The output file is created double click to open it and scroll down a little.

87
00:07:21,960 --> 00:07:28,260
The new users here, Cisco, too, and as you can see, the password is now stored as a Linux like hash

88
00:07:28,260 --> 00:07:28,620
value.

89
00:07:29,550 --> 00:07:32,340
Do you remember Linux hashes inside the shadow file?

90
00:07:33,930 --> 00:07:37,260
They are the fields separated by the dollar sign.

91
00:07:38,010 --> 00:07:40,690
The first field is the type of the hash algorithm.

92
00:07:41,160 --> 00:07:46,140
The second part is the salt and the rest is the hash value.

93
00:07:47,250 --> 00:07:49,140
Now we can say it's more secure.