[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] previledge password in cisco routers
- To: amilabs <amilabs@xxxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] previledge password in cisco routers
- From: Alen Capalik <wiretap@xxxxxxxxx>
- Date: Wed, 24 Nov 2004 12:04:07 -0800
When did this list become a "how-to" of hacking for script kiddies?
Why don't you just do it for him too? Who in his right mind would ask
a question like he did, unless he's an idiot and has NO CLUE what that
question means. I would like to hear his excuse for the actual REASON
that he's doing this. If not, I would be pressured to send him some
unpleasent law enforcement officials to his door.
So, John Morris, what'll be? What's the reason for the question?
What r u doing?
--
Alen Capalik
On Wed, 24 Nov 2004 12:16:29 -0500, amilabs <amilabs@xxxxxxxxxxxxx> wrote:
> The only way to get it remotely is to get hold of and compromise a machine
> on the network where the routers/switches resides. Then run a sniffer app
> for just telnet and capture the individual keystrokes when someone logs into
> the router and then enters the enable password. Remember inside the network
> most telnet support functions to routers and switches are not encrypted so
> by capturing a support personnel's telnet session will give you the enable
> password. This can be done with SNMP also but that is another discussion.
> The trick is to get the compromised machine to run the sniffer like tcpdump
> etc.. Even if tacacs is used you will still see the open unencrypted telnet
> keystrokes from the admin to the router. The router will then encrypt that
> info and send it to the tacacs server for its backend process. You need to
> just watch the admin's. steps. That is how you can get it remotely... Unless
> the routers are configured for ssh for telnet you can see everything in the
> clear with a sniffer..
>
> Regards..
>
>
>
> -----Original Message-----
> From: full-disclosure-admin@xxxxxxxxxxxxxxxx
> [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Todd Towles
> Sent: Wednesday, November 24, 2004 9:38 AM
> To: john morris; Scott T. Cameron
> Cc: full-disclosure@xxxxxxxxxxxxxxxx
> Subject: RE: [Full-Disclosure] previledge password in cisco routers
>
> Do you seriously think there is a easy way to get the enable password
> remotely? If you have the config, you can get it from there..if you have the
> box you can do a password recovery by booting in rommon...otherwise the box
> isn't yours..and you won't find a clear exact answer because there isn't
> one.
>
> > -----Original Message-----
> > From: full-disclosure-admin@xxxxxxxxxxxxxxxx
> > [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of john
> > morris
> > Sent: Wednesday, November 24, 2004 3:15 AM
> > To: Scott T. Cameron
> > Cc: full-disclosure@xxxxxxxxxxxxxxxx
> > Subject: Re: [Full-Disclosure] previledge password in cisco routers
> >
> > Ooops.. i reframe my question. Is there a way to get the enable
> > password remotely . Brute force is not my option
> >
> >
> >
> > (FROM LINKS TO LINKS WE ARE ALL LINKED)
> >
> > cheersssss.....
> >
> > morris
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html