1
00:00:00,580 --> 00:00:04,690
‫So I'll introduce you to the last example of compromising as an MP.

2
00:00:05,200 --> 00:00:10,540
‫Let's try to grab as an MP configuration of the Cisco router using Metasploit Framework.

3
00:00:11,780 --> 00:00:17,990
‫Metasploit Project is the most used penetration testing framework of, well, the whole world.

4
00:00:18,560 --> 00:00:26,000
‫It can be used to test the vulnerability of computer systems or break into remote systems, as best

5
00:00:26,000 --> 00:00:29,740
‫known sub project is the open source Metasploit Framework.

6
00:00:30,740 --> 00:00:35,900
‫That's a tool for developing and executing exploit code against a remote target machine.

7
00:00:38,490 --> 00:00:46,500
‫So here we have our network prepared by GNC three again will perform this demo on this network because

8
00:00:46,500 --> 00:00:47,550
‫look at that, it's right here.

9
00:00:48,870 --> 00:00:57,960
‫So go to college and open a terminal screen type MSF console and press enter to start Metasploit Framework's

10
00:00:57,960 --> 00:00:59,160
‫console application.

11
00:01:01,600 --> 00:01:04,510
‫So now we have a shell like MSF environment.

12
00:01:05,290 --> 00:01:08,380
‫We can run the MSF console commands in this environment.

13
00:01:09,870 --> 00:01:15,840
‫Now, because it's the subject of exploitation and post exploitation course that I did, I won't go

14
00:01:15,840 --> 00:01:22,830
‫into deep detail about Metasploit right now, but I will talk about some certain applicable points.

15
00:01:25,060 --> 00:01:28,270
‫We'll use a module to collect the configuration of the router.

16
00:01:29,200 --> 00:01:35,200
‫I don't remember the exact name of it, so why don't we search for Cisco and config keywords?

17
00:01:41,350 --> 00:01:48,820
‫We find an auxiliary module, auxiliary modules are not to exploit a vulnerability, but to gather some

18
00:01:48,820 --> 00:01:56,890
‫information and to help the pen tester figure out the systems and the vulnerabilities, so use the use

19
00:01:57,130 --> 00:01:59,800
‫keyword with the entire module name.

20
00:02:00,970 --> 00:02:03,730
‫Command prompt is changed as the module name now.

21
00:02:05,020 --> 00:02:10,150
‫Type show options to see the options we should set before running the module.

22
00:02:11,550 --> 00:02:15,870
‫The community option is required and is public by default.

23
00:02:16,800 --> 00:02:19,350
‫But let's set it is private.

24
00:02:20,940 --> 00:02:25,890
‫Set output directory option to save the results in a file.

25
00:02:26,640 --> 00:02:29,610
‫So I'll choose the desktop as the output directory.

26
00:02:31,440 --> 00:02:35,430
‫Now set the remote host the IP address of the target router.

27
00:02:38,800 --> 00:02:45,610
‫Our port is one, six, one by default, which is definitely OK with us and leave the other options

28
00:02:45,610 --> 00:02:46,600
‫with it, default our values.

29
00:02:47,170 --> 00:02:51,280
‫Now we're ready type, run to run the module.

30
00:02:55,920 --> 00:03:01,890
‫Auxiliary module execution completed and the configuration file is saved to the output directory.

31
00:03:02,010 --> 00:03:04,650
‫In this example, of course, to the desktop.

32
00:03:06,200 --> 00:03:08,630
‫So here's a fire double, click it to open it.

33
00:03:09,380 --> 00:03:11,510
‫Welcome to the configuration of the router.

34
00:03:12,740 --> 00:03:16,790
‫We don't have any credential on our router yet, so let's close a file now.

35
00:03:17,270 --> 00:03:26,450
‫Go to the router console and create a user, then collect the config file again and just see how a user

36
00:03:26,450 --> 00:03:27,860
‫is saved in the config file.

37
00:03:30,100 --> 00:03:36,040
‫So I'm in the has three emulator in my whole system, which is a Mac, and I'll go to the console of

38
00:03:36,040 --> 00:03:38,140
‫the router and just create a user.

39
00:03:42,090 --> 00:03:46,950
‫Of course, we need to enter the configure terminal mode first, so type username.

40
00:03:48,210 --> 00:03:52,080
‫Well, to understand the command, I'll put a question mark at the end of each word.

41
00:03:52,950 --> 00:03:54,570
‫Username is expected.

42
00:03:55,470 --> 00:03:57,180
‫Let's give it an exceptional username.

43
00:03:57,960 --> 00:03:59,340
‫How about Cisco?

44
00:04:00,550 --> 00:04:04,060
‫Question mark, once again, these are the next options.

45
00:04:04,810 --> 00:04:13,180
‫OK, we want to specify a password for the user so we can use either password or secret as the keywords

46
00:04:13,180 --> 00:04:14,260
‫to set a password.

47
00:04:15,040 --> 00:04:20,410
‫I'll tell you their differences soon, but let's just use password as a key word for now.

48
00:04:21,520 --> 00:04:27,010
‫Yeah, let's just keep the password simple for now, one, two, three, four, five, or wait, maybe

49
00:04:27,010 --> 00:04:28,030
‫that's just too popular.

50
00:04:29,200 --> 00:04:30,700
‫In any event, just press enter.

51
00:04:32,530 --> 00:04:38,170
‫Now, to identify the privileges of the user type username Cisco.

52
00:04:39,830 --> 00:04:41,120
‫Privilege 15.

53
00:04:41,390 --> 00:04:44,990
‫Where 15 stands for the complete control over the router.

54
00:04:46,140 --> 00:04:50,310
‫OK, now let's go to Carly and run the auxiliary module again.

55
00:04:56,600 --> 00:05:03,580
‫So it's all finished, and the output file is created if there is a file with the same name, it's overwritten,

56
00:05:03,590 --> 00:05:09,470
‫so just be aware that double click on the file and look at the configuration of the router again.

57
00:05:11,720 --> 00:05:17,540
‫And look at that, the entire configuration of the router and look at the Rose more carefully.

58
00:05:18,500 --> 00:05:19,190
‫Yeah, there it is.

59
00:05:19,670 --> 00:05:25,700
‫The credential we created just a couple of minutes ago says, you see the password is saved as clear

60
00:05:25,700 --> 00:05:30,320
‫text and as hackers, we learned the username and password remotely.

61
00:05:32,900 --> 00:05:34,760
‫Now, does it have to be like this?

62
00:05:35,240 --> 00:05:41,870
‫I mean, are there credentials of the users always stored as clear text in the Cisco config?

63
00:05:42,380 --> 00:05:44,930
‫The answer is, of course not.

64
00:05:45,830 --> 00:05:49,580
‫So I'm going to show you the ways to keep the password data secure.

65
00:05:50,150 --> 00:05:51,050
‫Better pay attention.