From: Enrique A. Sanchez Montellano (enrique.sanchez@hypersec.co.uk)
Date: Sun Feb 12 2006 - 00:36:20 EST
I'll answer between ===============
-----Mensaje original-----
De: Jason Mayer [mailto:slamboy@gmail.com]
Enviado el: Sábado, 11 de Febrero de 2006 02:13 p.m.
Para: pen-test@securityfocus.com
Asunto: newbie question
Hi! I've been reading this mailing list for a long time, and I've
learned a lot of theoretical stuff regarding a pen-test. I've been
taking cisco classes for a bit, and while in class a couple of weeks
ago the instructor mentioned that the Cisco enable secret password
hashes were pretty much unbreakable. Well, knowing what I know, I
loaded up cain and abel and showed him and the class how that wasn't
completely true and that strong passwords were still required (I
demonstrated the amount of time it takes to brute force the password
hashes and whatnot with alphanumeric vs alphanumeric+symbols).
==================
Gotta love "book instructors", want to scare him badly? Get the (if you
still can find it) l0pth cisco password decoder for your palm, gotta crack
cisco passwords on your palm or you are not cool =)
==================
Ever since then, I've been getting requests to demonstrate other
things. Last week, I was asked to demonstrate how to get ntlm
password hashes and then break them, so I showed the class pwdump2
(although in the end I used cain&abel to crack the passwords).
==================
Use pwdump4, Works better than 2 since 2 will die with some XP and win2k3
for some reason randomly. For cracking I seriously recommend LC4
==================
Today,
the teacher asked if it was possible to intercept and read in
plaintext https info. I did some searches in the archives and found a
reference to odysseus as a MITM proxy. I didn't find any information
in the help files of odysseus regarding the usage of this program
though, so I come to you all for help. If anyone could suggest a MITM
program to capture https: traffic I'd appreciate it.
==================
Cain and Abel while you are at it ... ARP poison the network and you will
get the passwords, note that you will not be able to just pop up ethereal
and sniff the SSL traffic unless you make a full MITM attack and trade
certificates yourself (I think C&A Doesn’t do that but you could fastly wipe
some perl or python code for it)
==================
I have the perfect learning environment here, with switches/routers
and multiple pcs. Since all my knowledge is theoretical, I'd like to
get in some practical experience (while educating future network
admins). Any other things you think I should check into would be
awesome. Thanks!
==================
Mostly in my experience on tight networks the pen-test is decide don a miss
configuration, once a friend told me that how come I always just starting
"poking" around while the scanner was running all I could say was "most ppl
patch now but they still cant configure their software correctly"
Those are my 2 cents, thank you all for reading the entire mail!
==================
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:30 EDT