1 00:00:00,580 --> 00:00:07,570 So I'll introduce you to the last example of compromising S&P, let's try to grab the S&P configuration 2 00:00:07,570 --> 00:00:10,570 of the Cisco router using Métis Boyd framework. 3 00:00:11,810 --> 00:00:18,890 Métis Boyte project is the most used penetration testing framework of, well, the whole world, it 4 00:00:18,890 --> 00:00:26,300 can be used to test the vulnerability of computer systems or break into remote systems is best known. 5 00:00:26,300 --> 00:00:29,750 Subprojects is the open source Métis Boit framework. 6 00:00:30,680 --> 00:00:35,900 As a tool for developing and executing exploit code against a remote target machine. 7 00:00:38,490 --> 00:00:46,180 So here we have our network prepared by Ginés three again, we'll perform this demo on this network 8 00:00:46,180 --> 00:00:47,550 because look at that, it's right here. 9 00:00:48,840 --> 00:00:57,990 To go to college and open a terminal screen type MSF console and press enter to start Métis Boit framework's 10 00:00:57,990 --> 00:00:59,190 console application. 11 00:01:01,570 --> 00:01:08,380 So now we have a shell like MSF environment, we can run the MSF console commands in this environment. 12 00:01:09,870 --> 00:01:15,870 Now, because it's the subject of exploitation and exploitation, of course, that I did, I won't go 13 00:01:15,870 --> 00:01:22,860 into deep detail about Métis boy right now, but I will talk about certain applicable points. 14 00:01:25,060 --> 00:01:28,300 We'll use a module to collect the configuration of the router. 15 00:01:28,990 --> 00:01:35,230 I don't remember the exact name of it, so why don't we search for Cisco and config keywords? 16 00:01:41,350 --> 00:01:48,850 We find an auxiliary module, auxiliary modules are not to exploit a vulnerability, but to gather some 17 00:01:48,850 --> 00:01:54,200 information and to help the pin tester figure out the systems and the vulnerabilities. 18 00:01:55,450 --> 00:01:59,830 So use the use keyword with the entire module name. 19 00:02:00,970 --> 00:02:03,730 Command prompt is changed as the module name now. 20 00:02:05,050 --> 00:02:10,150 Type show options to see the options we should set before running the module. 21 00:02:11,580 --> 00:02:19,380 The community option is required and is public by default, but let's set it as private. 22 00:02:20,940 --> 00:02:29,070 Set output directory option to save the results in a file, so I'll choose the desktop as the output 23 00:02:29,070 --> 00:02:29,610 directory. 24 00:02:31,410 --> 00:02:35,430 Now set the remote host the IP address of the target router. 25 00:02:38,770 --> 00:02:45,640 Our report is one six, one by default, which is definitely OK with us and leave the other options 26 00:02:45,640 --> 00:02:46,610 with the default values. 27 00:02:47,140 --> 00:02:51,310 Now we're ready type run to run the module. 28 00:02:55,920 --> 00:03:02,310 Auxiliary module execution completed and the configuration file is saved to the output directory and 29 00:03:02,310 --> 00:03:04,710 this example, of course, to the desktop. 30 00:03:06,170 --> 00:03:08,660 So here's the file, double click it to open it. 31 00:03:09,410 --> 00:03:11,530 Welcome to the configuration of the router. 32 00:03:12,770 --> 00:03:16,820 We don't have any credential on our router yet, so let's close the file now. 33 00:03:17,270 --> 00:03:26,480 Go to the router console and create a user, then collect the config file again and just see how a user 34 00:03:26,480 --> 00:03:27,890 is saved in the config file. 35 00:03:30,100 --> 00:03:36,070 So I'm in the GNC three emulator in my whole system, which is a Mac, and I'll go to the console of 36 00:03:36,070 --> 00:03:38,140 the router and just create a user. 37 00:03:42,090 --> 00:03:46,950 Of course, we need to enter the configure terminal mode first, so type username. 38 00:03:48,210 --> 00:03:54,600 Well, to understand the comment, I'll put a question mark at the end of each word username is expected. 39 00:03:55,470 --> 00:03:57,220 Let's give it an exceptional username. 40 00:03:57,930 --> 00:03:59,340 How about Cisco? 41 00:04:00,550 --> 00:04:04,090 Question mark, once again, these are the next options. 42 00:04:04,810 --> 00:04:13,210 OK, we want to specify a password for the user so we can use either password or secret as the keywords 43 00:04:13,210 --> 00:04:14,270 to set a password. 44 00:04:15,010 --> 00:04:20,440 I'll tell you, there differences soon, but let's just use password as a keyword for now. 45 00:04:21,520 --> 00:04:27,040 Yeah, let's just keep the passwords simple for now, one, two, three, four, five, or wait, maybe 46 00:04:27,040 --> 00:04:28,030 that's just too popular. 47 00:04:29,170 --> 00:04:30,700 In any event, just press enter. 48 00:04:32,560 --> 00:04:38,200 Now, to identify the privileges of the user type user name Cisco. 49 00:04:39,830 --> 00:04:45,020 Privilege 15, where 15 stands for the complete control over the router. 50 00:04:46,080 --> 00:04:50,340 OK, now let's go to college and run the auxiliary module again. 51 00:04:56,570 --> 00:05:03,620 So it's all finished and the output file is created, if there's a fire with the same name, it's overwritten. 52 00:05:03,620 --> 00:05:09,500 So just be aware of that double click on the file and look at the configuration of the router again. 53 00:05:11,690 --> 00:05:17,540 And look at that, the entire configuration of the router and look at the rose more carefully. 54 00:05:18,470 --> 00:05:24,680 Yep, there it is, the credential we created just a couple of minutes ago says, you see the password 55 00:05:24,680 --> 00:05:30,350 is saved as clear text and as hackers, we learned the username and password remotely. 56 00:05:32,900 --> 00:05:34,770 Now, does it have to be like this? 57 00:05:35,240 --> 00:05:41,880 I mean, are the credentials of the users always stored as clear text in the Cisco config? 58 00:05:42,380 --> 00:05:44,950 The answer is of course not. 59 00:05:45,830 --> 00:05:49,600 So I'm going to show you the ways to keep the password data secure. 60 00:05:50,180 --> 00:05:51,080 Better pay attention.