1
00:00:02,070 --> 00:00:08,250
‫So beyond the penetration test, we should perform security audits on the network devices to be sure

2
00:00:08,250 --> 00:00:12,090
‫whether they are configured according to security criteria.

3
00:00:13,800 --> 00:00:18,180
‫Typically, these audits will include password creation methods.

4
00:00:19,800 --> 00:00:21,480
‫Identity management mechanism.

5
00:00:22,980 --> 00:00:24,510
‫Access control lists.

6
00:00:26,490 --> 00:00:27,860
‫S&P Security.

7
00:00:29,560 --> 00:00:31,540
‫And Switch Port Security.

8
00:00:33,140 --> 00:00:38,870
‫In Cisco routers, there are two main methods to create passwords for users and services.

9
00:00:39,320 --> 00:00:41,900
‫The password and the secret method.

10
00:00:42,710 --> 00:00:47,360
‫So let's see these methods and each of their features on the router.

11
00:00:49,570 --> 00:00:53,530
‫So here we are in Genesis three, and we're back on our network.

12
00:00:55,290 --> 00:01:00,900
‫Right click the router and select console to reach the router unless it's already open.

13
00:01:02,120 --> 00:01:07,610
‫If you have a console and you select the console option from the right click menu, it opens another

14
00:01:07,610 --> 00:01:08,090
‫console.

15
00:01:09,630 --> 00:01:12,960
‫Configure T to enter terminal configuration mode.

16
00:01:13,860 --> 00:01:15,090
‫Let's create a new user.

17
00:01:16,170 --> 00:01:24,600
‫Username, I'll name it is Cisco one, and I'll put a question mark to see the options to create a private

18
00:01:24,600 --> 00:01:27,000
‫authentication key word we have two options.

19
00:01:27,660 --> 00:01:30,690
‫The first one is password and the second one is secret.

20
00:01:31,020 --> 00:01:33,450
‫So I'll choose password for this example.

21
00:01:33,460 --> 00:01:36,660
‫And lastly, the password we choose.

22
00:01:38,630 --> 00:01:41,690
‫Can I identify the privilege here to understand this?

23
00:01:42,140 --> 00:01:46,580
‫Just put a few letters of the keyword PR I right here and press tab.

24
00:01:47,270 --> 00:01:52,370
‫So if it's completed, that means the word is allowed here if it wasn't completed.

25
00:01:52,850 --> 00:01:56,120
‫I'll just need to identify privilege as a separate command.

26
00:01:56,930 --> 00:01:59,150
‫So just delete, pry and hit enter.

27
00:02:00,560 --> 00:02:05,660
‫So now we created the users Cisco one with the password, one two three four five.

28
00:02:07,860 --> 00:02:12,480
‫Do identify privilege, as we've seen before, just type username.

29
00:02:13,680 --> 00:02:14,400
‫Cisco one.

30
00:02:15,540 --> 00:02:16,070
‫Privilege.

31
00:02:16,230 --> 00:02:17,220
‫One five.

32
00:02:18,850 --> 00:02:22,030
‫Type exit and hit enter to exit the config mode.

33
00:02:23,470 --> 00:02:29,560
‫And look at that, you will see that we have an information message which says rooter has been configured.

34
00:02:30,190 --> 00:02:30,580
‫Hmm.

35
00:02:32,190 --> 00:02:39,690
‫OK, now let's go to Carly and try to gather the router configuration as a pen tester or ethical hacker.

36
00:02:41,480 --> 00:02:44,780
‫Open terminal screen and run MSFT console.

37
00:02:46,930 --> 00:02:50,710
‫So we've already seen these before, so I'll just keep it fast.

38
00:02:53,040 --> 00:02:54,920
‫Search for Cisco config keywords.

39
00:03:02,420 --> 00:03:03,800
‫Use the auxiliary module.

40
00:03:06,360 --> 00:03:09,810
‫So the options and now set the options community.

41
00:03:12,900 --> 00:03:15,180
‫Our host as that target router.

42
00:03:16,450 --> 00:03:17,500
‫Let me ping the router.

43
00:03:21,720 --> 00:03:22,290
‫OK.

44
00:03:24,850 --> 00:03:29,140
‫Output directory to say the result, I'll choose to save it at the desktop.

45
00:03:31,200 --> 00:03:36,270
‫Our port is OK and the other options are good and their default.

46
00:03:37,250 --> 00:03:39,080
‫Now we can run the module.

47
00:03:40,960 --> 00:03:45,800
‫We the option is our hosts, not our host.

48
00:03:46,580 --> 00:03:48,770
‫I said they are host option.

49
00:03:49,840 --> 00:03:51,700
‫So let me run the module once again.

50
00:03:53,970 --> 00:03:59,880
‫OK, so that'll do for now, the execution of the module completed and the output file, which is the

51
00:03:59,880 --> 00:04:02,520
‫config of our router has been created.

52
00:04:03,600 --> 00:04:04,620
‫Double click to open it.

53
00:04:07,060 --> 00:04:09,670
‫And we have here the configuration of the router.

54
00:04:09,910 --> 00:04:10,990
‫So scroll down a bit.

55
00:04:11,410 --> 00:04:14,890
‫And here's a user we created just a couple of minutes ago Cisco one.

56
00:04:15,850 --> 00:04:22,030
‫As we already know, the password is stored as clear text in this method so we can see the password

57
00:04:22,030 --> 00:04:22,540
‫clearly.

58
00:04:24,610 --> 00:04:27,580
‫Now, let's go one step further, shall we?

59
00:04:29,190 --> 00:04:34,680
‫I'll go back to the router console and go into the configured terminal mode once again.

60
00:04:35,800 --> 00:04:40,180
‫Type in service and put a question mark to see the service options.

61
00:04:42,440 --> 00:04:47,660
‫There is an option here, password encryption to encrypt the system passwords, so let's use it.

62
00:04:49,810 --> 00:04:57,280
‫Exit from the configuration mode to let a rebuild the configuration now will activate the password encryption.

63
00:04:58,780 --> 00:05:02,530
‫So let's go on back to Carly and grab the router configuration again.

64
00:05:04,260 --> 00:05:09,570
‫We already know how to run the auxiliary module, so just help run to run it.

65
00:05:15,160 --> 00:05:18,220
‫The output file is created double click to open it.

66
00:05:18,550 --> 00:05:19,420
‫Scroll down a bit.

67
00:05:20,170 --> 00:05:21,220
‫Then here are the users.

68
00:05:21,520 --> 00:05:24,610
‫As you can see, the password is stored encrypted now.

69
00:05:25,060 --> 00:05:25,480
‫Excellent.

70
00:05:26,490 --> 00:05:28,410
‫So does that mean it's OK now?

71
00:05:28,860 --> 00:05:29,310
‫Mm hmm.

72
00:05:29,580 --> 00:05:36,870
‫No, absolutely not, because the algorithm used to encrypt the passwords is very weak, which only

73
00:05:36,870 --> 00:05:38,370
‫takes a few seconds to crack.

74
00:05:40,630 --> 00:05:43,300
‫So now I'll copy the encrypted password.

75
00:05:45,470 --> 00:05:46,490
‫Open a Web browser.

76
00:05:47,820 --> 00:05:51,750
‫Google, Cisco password paste the hash in search.

77
00:05:54,570 --> 00:05:58,020
‫I'll just click on the first link, which says Cisco Password Cracker.

78
00:05:59,310 --> 00:06:02,790
‫Now be careful where you visit while studying hacking.

79
00:06:03,300 --> 00:06:09,870
‫You might just go face to face with some harmful web sites, and I want to strongly caution you against

80
00:06:09,870 --> 00:06:10,170
‫that.

81
00:06:11,670 --> 00:06:15,390
‫So I'll paste the password hash here and press crack password.

82
00:06:16,350 --> 00:06:19,170
‫Oh man, it took less than a second to crack it.

83
00:06:19,500 --> 00:06:23,190
‫So what should we do to protect the passwords?

84
00:06:24,700 --> 00:06:26,230
‫Now we'll go another step further.

85
00:06:27,010 --> 00:06:29,290
‫I am back in the console of the router again.

86
00:06:30,370 --> 00:06:32,170
‫And are the configure terminal mode.

87
00:06:33,570 --> 00:06:38,570
‫Now, I'll create another user and let me use this secret method now.

88
00:06:39,850 --> 00:06:46,660
‫Type in username, let the username be Cisco to secret and the password.

89
00:06:47,780 --> 00:06:48,290
‫Presenter.

90
00:06:50,580 --> 00:06:55,740
‫So identify the privilege username Cisco to privilege one five.

91
00:06:57,440 --> 00:07:00,590
‫Exit the configuration mode and the configure say.

92
00:07:02,780 --> 00:07:09,290
‫Now, let's go back to Carly and run the auxiliary module once again, so I'll delete the previous output

93
00:07:09,290 --> 00:07:10,460
‫file first.

94
00:07:10,580 --> 00:07:10,940
‫OK.

95
00:07:16,130 --> 00:07:20,960
‫The output file is created double click to open it and scroll down a little.

96
00:07:21,990 --> 00:07:24,150
‫The new users here, Cisco, too.

97
00:07:24,180 --> 00:07:28,620
‫And as you can see, the password is now stored as a Linux like hash value.

98
00:07:29,550 --> 00:07:32,310
‫Do you remember Linux hashes inside the shadow file?

99
00:07:33,900 --> 00:07:37,230
‫They are the fields separated by the dollar sign.

100
00:07:38,040 --> 00:07:40,680
‫The first field is the type of the hash algorithm.

101
00:07:41,160 --> 00:07:46,140
‫The second part is the salt and the rest is the hash value.

102
00:07:47,280 --> 00:07:49,110
‫Now we can say it's more secure.