Penetration Testing mailing list archives
RE: newbie question
From: "Enrique A. Sanchez Montellano" <enrique.sanchez () hypersec co uk>
Date: Sat, 11 Feb 2006 23:36:20 -0600
I'll answer between =============== -----Mensaje original----- De: Jason Mayer [mailto:slamboy () gmail com] Enviado el: Sábado, 11 de Febrero de 2006 02:13 p.m. Para: pen-test () securityfocus com Asunto: newbie question Hi! I've been reading this mailing list for a long time, and I've learned a lot of theoretical stuff regarding a pen-test. I've been taking cisco classes for a bit, and while in class a couple of weeks ago the instructor mentioned that the Cisco enable secret password hashes were pretty much unbreakable. Well, knowing what I know, I loaded up cain and abel and showed him and the class how that wasn't completely true and that strong passwords were still required (I demonstrated the amount of time it takes to brute force the password hashes and whatnot with alphanumeric vs alphanumeric+symbols). ================== Gotta love "book instructors", want to scare him badly? Get the (if you still can find it) l0pth cisco password decoder for your palm, gotta crack cisco passwords on your palm or you are not cool =) ================== Ever since then, I've been getting requests to demonstrate other things. Last week, I was asked to demonstrate how to get ntlm password hashes and then break them, so I showed the class pwdump2 (although in the end I used cain&abel to crack the passwords). ================== Use pwdump4, Works better than 2 since 2 will die with some XP and win2k3 for some reason randomly. For cracking I seriously recommend LC4 ================== Today, the teacher asked if it was possible to intercept and read in plaintext https info. I did some searches in the archives and found a reference to odysseus as a MITM proxy. I didn't find any information in the help files of odysseus regarding the usage of this program though, so I come to you all for help. If anyone could suggest a MITM program to capture https: traffic I'd appreciate it. ================== Cain and Abel while you are at it ... ARP poison the network and you will get the passwords, note that you will not be able to just pop up ethereal and sniff the SSL traffic unless you make a full MITM attack and trade certificates yourself (I think C&A Doesnt do that but you could fastly wipe some perl or python code for it) ================== I have the perfect learning environment here, with switches/routers and multiple pcs. Since all my knowledge is theoretical, I'd like to get in some practical experience (while educating future network admins). Any other things you think I should check into would be awesome. Thanks! ================== Mostly in my experience on tight networks the pen-test is decide don a miss configuration, once a friend told me that how come I always just starting "poking" around while the scanner was running all I could say was "most ppl patch now but they still cant configure their software correctly" Those are my 2 cents, thank you all for reading the entire mail! ================== ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- newbie question Jason Mayer (Feb 11)
- RE: newbie question Andy Meyers (Feb 11)
- RE: newbie question Enrique A. Sanchez Montellano (Feb 11)