I think sales guys are the best Social engineers.

Brian

Wow over 8,000 hits to the video in 12 hours thats crazy! I hope Don's hosting company does not charge him to much for the extra bandwidth. Anyway thanks again for all of you guys/gals support. I will be doing a newer live demo of Cain & Able at Chicagocon this year and if all goes right I hope to show you how to own and record VoIP calls, Take over Cisco routers, Crack WEP with packet injection (yes in windows) and so much more. Cain is truly a good place to learn a lot of hacking and auditing skills on a Windows PC.

Brian

Thanks everyone!!!!  Don called me on my Cell and told me I was slashdot'ed. I was on a 3 mile hike with my kids for Cub Scouts... I was like wow and I told some of the other fathers out on the trail and they where like what is slashdot and I said never mind. lol

Brian

Nice review Chris!  Thanks for always taking time to give us strait talk on the books you review. I am sure you have saved a lot of us some cash on books that might not live up to there covers.

Regards,

Brian

You will not find help to hack other peoples equipment here. This is "Ethical Hacker" dot net. If the server is not yours then you do not have the legal right to take it over.

Brian

This was one of the best books I read and I also got to meet the author @ defcon and get a bite to eat with him. As for the next book his site has this listed:

Look for the Sequel to Daemon in 2008

If you enjoyed Daemon, be sure to look for FreedomTM, coming in late 2008 from Verdugo Press.

So the next book is to be titled "Freedom" and it says "late 2008". I can not wait to read it!


Brian

lol too funny.


Brian

I have not seen any switches that use a salted MD5 but even if it did you could still brutefocre or dictionary attack it since most network engineers or Lan admins do not think to make network device passwords too hard and in many cases it's the same passwords to all switches or routers since laziness is easer than common security sense. I would also look to find the vendor documents on the device as default passwords do not always get changed.


Brian

From my experience just about all manageable switches have SNMP weaknesses  (normally just sniffing finds the write string) it's just finding the vendor OID to dump the config file. BTW most vendors use the Cisco type 7 encryption so you can crack the password the same way. If it is not a Cisco type 7 encrypted password then you can expect it to be MD5 and thats where you rainbow tables come in to crack it with or without Cain & Able.

At the end of the day if you configure you routers and switches correctly with all there security features 90% of the back-door cracks and weaknesses will be sealed up. ACL's are you friend so learn how to apply them correctly.

Brian

Well this can all be done from any of the online VoIP providers like www.voipbuster.com or you can even buy a spoofing calling card from spoofcard.

Since we are talking about spoofing i can send a plug out to myself with the paper I released here in EH-Net:
http://www.ethicalhacker.net/content/view/127/24/

Brian

Yes they are trying to get everything onto IOS and there are some switches/routers that will run in hybrid mode of both IOS and CatOS. I am one of the few that likes CatOS for basic switching & VLANs. I mean it is so much faster to configure and by default has alot less bloated and fewer security holes. Remember with all the extra features you want in that IOS version they might also come with the cost of possible holes.

Brian

The Audio from my presentation at Chicagocon last year on Cain & Able is on the site and my power point is too but I skipped the power point and did a live demo. I plan to do another live demo this year and maybe if don can get some form of video for the con we can have that also. I have some of my videos on www.anti-hacker.info which have some of the basics of Cain & Able with a few other tools I like using.

There are many ways manage a Cisco device and if setup correctly 90% of the hacks will not work. But in my experience most routers are not setup with security in mind as the engineers think the firewall will save them and this leaves many holes that need to be patched.

Brian

Do you know if it is running SNMP? If it is can you get access to the lan to sniff traffic? If you said yes to both of the above and it's running IOS and not Catos it is very possible you could Man in the middle attack the lan with Cain & Able. Once your APR Poisoning you just capture the SNMP string and use Cains CCDU (Cisco Config Download Utility) to SNMP pull the running config. Once you have the config you can get the plain-text or Cisco type 7 encrypted password (type 7 password can also be decrypted with Cain). This is just one more reason to make Chicagocon as I am going to be presenting all kinds of fun things you can do with Cain & Able!

Answer to your question yes it is possible to force a Cisco Router or switch to give you it's config with out turning it off or stopping traffic. It all depends on how it was setup and if it is running SNMP.

Brian

Maybe this http://www.dealextreme.com/details.dx/sku.6707

or simple caller ID/SMS spoofing unless he just used your phone.

Brian

It's IOS of a dvd full of videos, papers, tools, and other stuff. I use an ISO player from my desktop to test ISO files to see if they are worth burning and this one is pretty cool.

Brian