1
00:00:01,819 --> 00:00:08,210
So beyond the penetration test, we should perform security audits on the network devices to be sure

2
00:00:08,210 --> 00:00:12,290
whether they are configured according to security criteria.

3
00:00:13,490 --> 00:00:18,410
Typically, these audits will include password creation methods.

4
00:00:19,750 --> 00:00:21,640
Identity management mechanism.

5
00:00:22,930 --> 00:00:24,730
Access control lists.

6
00:00:26,460 --> 00:00:28,020
SNP security.

7
00:00:29,360 --> 00:00:31,670
And switch port security.

8
00:00:32,970 --> 00:00:34,650
In Cisco routers.

9
00:00:34,680 --> 00:00:42,150
There are two main methods to create passwords for users and services the password and the secret methods.

10
00:00:42,390 --> 00:00:47,520
So let's see these methods and each of their features on the router.

11
00:00:49,320 --> 00:00:53,760
So here we are in three and we're back on our network.

12
00:00:55,120 --> 00:01:01,090
Right click the router and select console to reach the router unless it's already open.

13
00:01:01,870 --> 00:01:07,540
If you have a console and you select the console option from the right click menu, it opens another

14
00:01:07,540 --> 00:01:08,230
console.

15
00:01:09,490 --> 00:01:13,180
Configure T to enter terminal configuration mode.

16
00:01:13,570 --> 00:01:15,250
Let's create a new user.

17
00:01:15,970 --> 00:01:16,980
Username.

18
00:01:16,990 --> 00:01:25,240
I'll name it as Cisco one and I'll put a question mark to see the options to create a private authentication

19
00:01:25,240 --> 00:01:25,810
keyword.

20
00:01:25,810 --> 00:01:27,250
We have two options.

21
00:01:27,370 --> 00:01:30,820
The first one is password and the second one is secret.

22
00:01:30,820 --> 00:01:33,400
So I'll choose password for this example.

23
00:01:33,400 --> 00:01:36,820
And lastly, the password we choose.

24
00:01:38,440 --> 00:01:40,390
Can I identify the privilege here?

25
00:01:40,630 --> 00:01:46,780
To understand this, just put a few letters of the keyword p r i right here and press tab.

26
00:01:46,960 --> 00:01:51,100
So if it's completed, that means the word is allowed here.

27
00:01:51,100 --> 00:01:56,350
If it wasn't completed, I'll just need to identify privilege as a separate command.

28
00:01:56,620 --> 00:01:59,320
So just delete pre and hit enter.

29
00:02:00,290 --> 00:02:04,310
So now we created the user Cisco one with the password.

30
00:02:04,310 --> 00:02:05,840
One, two, three, four, five.

31
00:02:07,790 --> 00:02:12,650
To identify privilege as we've seen before, just type username.

32
00:02:13,460 --> 00:02:14,570
Cisco one.

33
00:02:15,320 --> 00:02:17,420
Privilege one five.

34
00:02:18,710 --> 00:02:22,220
Type exit and hit enter to exit the config mode.

35
00:02:23,290 --> 00:02:29,830
And look at that, you'll see that we have an information message which says router has been configured.

36
00:02:30,150 --> 00:02:30,540
Hmm.

37
00:02:32,190 --> 00:02:39,870
Okay, now let's go to Cali and try to gather the router configuration as a pen tester or ethical hacker.

38
00:02:41,260 --> 00:02:44,920
Open a terminal screen and run MSF console.

39
00:02:46,680 --> 00:02:50,850
So we've already seen these before, so I'll just keep it fast.

40
00:02:52,730 --> 00:02:55,130
Search for Cisco config keywords.

41
00:03:02,180 --> 00:03:03,980
Use the auxiliary module.

42
00:03:06,110 --> 00:03:09,980
Show the options and now set the options community.

43
00:03:12,810 --> 00:03:15,360
Our host as the target router.

44
00:03:16,260 --> 00:03:17,670
Let me ping the router.

45
00:03:21,710 --> 00:03:22,460
Okay.

46
00:03:24,710 --> 00:03:26,060
Output directory.

47
00:03:26,060 --> 00:03:29,300
To save the result, I'll choose to save it to the desktop.

48
00:03:31,080 --> 00:03:36,480
Our port is okay and the other options are good and their default.

49
00:03:37,060 --> 00:03:39,220
Now we can run the module.

50
00:03:40,290 --> 00:03:46,020
Oh, wait, the option is our hosts, not our host.

51
00:03:46,290 --> 00:03:48,930
I said the our hosts option.

52
00:03:49,600 --> 00:03:51,880
So let me run the module once again.

53
00:03:53,870 --> 00:03:55,460
Okay, so that'll do for now.

54
00:03:55,670 --> 00:04:02,030
The execution of the module completed and the output file, which is the config of our router has been

55
00:04:02,030 --> 00:04:02,810
created.

56
00:04:03,320 --> 00:04:04,760
Double click to open it.

57
00:04:06,880 --> 00:04:09,730
And we have here the configuration of the router.

58
00:04:09,730 --> 00:04:15,100
So scroll down a bit and here's a user we created just a couple of minutes ago, Cisco one.

59
00:04:15,790 --> 00:04:22,000
Now, as we already know, the password is stored as clear text in this method so we can see the password

60
00:04:22,000 --> 00:04:22,690
clearly.

61
00:04:24,440 --> 00:04:27,770
Now, let's go one step further, shall we?

62
00:04:29,130 --> 00:04:34,890
I'll go back to the router console and go into the configure terminal mode once again.

63
00:04:35,820 --> 00:04:40,410
Type in service and put a question mark to see the service options.

64
00:04:42,260 --> 00:04:43,460
There is an option here.

65
00:04:43,460 --> 00:04:46,760
Password encryption to encrypt the system passwords.

66
00:04:46,760 --> 00:04:47,840
So let's use it.

67
00:04:49,780 --> 00:04:53,650
Exit from the configuration mode to let it rebuild the configuration.

68
00:04:54,070 --> 00:04:57,490
Now we'll activate the password encryption.

69
00:04:58,490 --> 00:05:02,720
So let's go on back to Cali and grab the router configuration again.

70
00:05:03,980 --> 00:05:09,800
We already know how to run the auxiliary module, so just type run to run it.

71
00:05:15,040 --> 00:05:16,630
The output file is created.

72
00:05:16,960 --> 00:05:18,310
Double click to open it.

73
00:05:18,340 --> 00:05:21,300
Scroll down a bit and here are the users.

74
00:05:21,310 --> 00:05:24,840
As you can see, the password is stored encrypted now.

75
00:05:24,910 --> 00:05:25,660
Excellent.

76
00:05:26,290 --> 00:05:28,630
So does that mean it's okay now?

77
00:05:29,350 --> 00:05:31,480
No, absolutely not.

78
00:05:31,810 --> 00:05:37,960
Because the algorithm used to encrypt the passwords is very weak, which only takes a few seconds to

79
00:05:37,960 --> 00:05:38,620
crack.

80
00:05:40,310 --> 00:05:43,460
So now I'll copy the encrypted password.

81
00:05:45,330 --> 00:05:46,650
Open a web browser.

82
00:05:47,680 --> 00:05:51,910
Google Cisco password paste the hash and search.

83
00:05:54,430 --> 00:05:58,210
I'll just click on the first link which says Cisco Password cracker.

84
00:05:59,020 --> 00:06:01,240
Now be careful where you visit.

85
00:06:01,270 --> 00:06:09,070
While studying hacking, you might just go face to face with some harmful websites and I want to strongly

86
00:06:09,070 --> 00:06:10,300
caution you against that.

87
00:06:11,420 --> 00:06:15,560
So I'll paste the password hash here and press crack Password.

88
00:06:16,360 --> 00:06:16,960
Oh, man.

89
00:06:16,990 --> 00:06:19,300
It took less than a second to crack it.

90
00:06:19,300 --> 00:06:23,410
So what should we do to protect the passwords?

91
00:06:24,500 --> 00:06:26,450
Now we'll go another step further.

92
00:06:26,840 --> 00:06:29,450
I am back in the console of the router again.

93
00:06:30,200 --> 00:06:32,300
Enter the configure terminal mode.

94
00:06:33,300 --> 00:06:38,730
Now I'll create another user and let me use the secret method now.

95
00:06:39,600 --> 00:06:41,160
Type in username.

96
00:06:41,160 --> 00:06:46,860
Let the username be Cisco to secret and the password.

97
00:06:47,640 --> 00:06:48,450
Press enter.

98
00:06:50,310 --> 00:06:55,920
So identify the privilege username Cisco to privilege one five.

99
00:06:57,340 --> 00:07:00,850
Exit the configuration mode and the config is saved.

100
00:07:02,480 --> 00:07:06,350
Now let's go back to Cali and run the auxiliary module once again.

101
00:07:06,350 --> 00:07:10,510
So I'll delete the previous output file first.

102
00:07:10,520 --> 00:07:11,120
Okay.

103
00:07:15,910 --> 00:07:17,920
The output file is created.

104
00:07:18,160 --> 00:07:21,160
Double click to open it and scroll down a little.

105
00:07:21,860 --> 00:07:23,160
The new user is here.

106
00:07:23,180 --> 00:07:24,080
Cisco, too.

107
00:07:24,080 --> 00:07:28,850
And as you can see, the password is now stored as a Linux like hash value.

108
00:07:29,210 --> 00:07:32,510
Do you remember Linux hashes inside the shadow file?

109
00:07:33,620 --> 00:07:37,430
They are the fields separated by the dollar sign.

110
00:07:37,700 --> 00:07:40,860
The first field is the type of the hash algorithm.

111
00:07:40,880 --> 00:07:46,430
The second part is the salt and the rest is the hash value.

112
00:07:46,940 --> 00:07:49,280
Now we can say it's more secure.