.

Newbie Lab setup!

<<

Birdcr

Post Tue Mar 03, 2009 5:29 pm

Newbie Lab setup!

Hi there, i have very little work experience but a degree in networking, and hopefully the other part to my A+ and Net+ when i sit both the exams next week. also studing CCNA ATM. i played around with programming at university (Perl,Java,C++) but to say we didnt get on would be an understatement! although i have recently taken a keen interest in security. as i am quite familiar with Cisco kit i have just taken an approach that seems rather unusual (after reading a few posts on the forum regarding other peoples home setup).

- I configured 2 routers
- connected routers to a  switch (Configured)
connected laptop and PC to get a small working LAN.
-setup wireshark on a PC
-telnetted from pc to router and viewed the Plaintext data captured using wireshark.
-also used wireshark to collect plaintext between 2 machines on the lan using MSN messenger.

Although all this was rather basic, i was quite impressed with what i had done/learned. and the small problems i discovered along the way provided good real-life hands on education:
-Didnt set exec password but set telnet, therefore locking me out router  -Having to break into a 2950 switch which someone previously set up with a username/password)

the problem is now im running out of ideas, any ideas of any other data i could try sniffing or any other labs i can perform with this kind of setup?

I was thinking of experimenting with NMAP and other software which could allow me to exploit vunrubilities found within the NMAP scan but this will be another milestone

thanks.
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Tue Mar 03, 2009 6:25 pm

Re: Newbie Lab setup!

Turn on some different services on the router/switch (ssh, telnet, http, https, ...). That will give you an idea how to setup the router/switch.

Next see what it takes to get access it. Use some password brute forcing tools (i.e. Hydra et al) and try to get into the the device (use an easy password first). Run NMAP against it an see what it takes to do OS fingerprinting or determine the version of the services.

Depending on the IOS version check out milw0rm.com (and others) and see if you can find any thing to attack on the switch. Unless you have a pretty recent IOS there are some issues with XSS and (I think) DoS. If the XSS works, try to see what it takes to get credentials from someone (yourself).

If you have a few PCs you could try some ARP cache poisoning on the switch or CAM table overflow to sniff or rewrite some traffic.

Beyond that, you could run some Virtual Machines (VMs) and attack the other hosts.

Hopefully that gives you a good start.
twitter.com/timmedin | http://blog.securitywhole.com
<<

Birdcr

Post Tue Mar 03, 2009 7:03 pm

Re: Newbie Lab setup!

Cheers for the reply Timmedin, that gives me a lot to get reasearching on! what do you mean by: 'try to see what it takes to get credentials from someone (yourself)' is this to do with socal engineering? 
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Tue Mar 03, 2009 7:55 pm

Re: Newbie Lab setup!

Birdcr wrote:Cheers for the reply Timmedin, that gives me a lot to get reasearching on! what do you mean by: 'try to see what it takes to get credentials from someone (yourself)' is this to do with socal engineering? 


1. Find XSS
2. Figure out how to use the XSS to catch login credentials.

Obviously, you know the password, but this will get you familiar with the tools. I was trying to make a [crappy] joke about you stealing the password from yourself. Hope that is a bit more clear.
twitter.com/timmedin | http://blog.securitywhole.com
<<

Birdcr

Post Tue Mar 03, 2009 8:19 pm

Re: Newbie Lab setup!

ah just did a bit of brief research on XXS, seems to be a popular source of attack, ill have to see if i can dig up some more info or find a simple tutorial. couldnt work out if u were joking or talking tech in the last post, but good ideas, thanks for the replies
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Wed Mar 04, 2009 4:09 am

Re: Newbie Lab setup!

Birdcr,

might take the fun away, but as you've got physical access to the device this link should help
<<

Birdcr

Post Sun Mar 08, 2009 2:36 pm

Re: Newbie Lab setup!

I had already done this before my last post, but thanks for the link anyway, i heard it was possibleso i used the only toll in my hackers toolkit (ATM) Google!
<<

sh4d0wman

Newbie
Newbie

Posts: 8

Joined: Wed Mar 04, 2009 2:16 am

Location: The Netherlands

Post Mon Mar 09, 2009 7:25 am

Re: Newbie Lab setup!

You could try some of the following attacks:
- Arp spoofing
- Vlan hopping
- Double tag vlan hopping
- Mac overflow attack
- Spanning Tree attack

Look at the Allied Telesys website for attack info.
From the main page choose, "Solutions", and then "Lan Security". In the drop down menu you will find a summary of above listed attacks. This is something I still want to look at myself as well. Dunno yet what tools to use and I have no time at the moment. Too bad haha.
Comptia Security+ Certified
WIP: CCNA / CHFI
<<

Birdcr

Post Tue Mar 10, 2009 7:50 am

Re: Newbie Lab setup!

sh4d0wman wrote:You could try some of the following attacks:
- Arp spoofing
- Vlan hopping
- Double tag vlan hopping
- Mac overflow attack
- Spanning Tree attack

Look at the Allied Telesys website for attack info.
From the main page choose, "Solutions", and then "Lan Security". In the drop down menu you will find a summary of above listed attacks. This is something I still want to look at myself as well. Dunno yet what tools to use and I have no time at the moment. Too bad haha.


Had a look at these types of attacks, but finding it hard to find any documentation which really explain how to perform these attacks although  very keen to learn and play around with.
Last edited by Birdcr on Tue Mar 10, 2009 7:51 am, edited 1 time in total.
<<

sh4d0wman

Newbie
Newbie

Posts: 8

Joined: Wed Mar 04, 2009 2:16 am

Location: The Netherlands

Post Tue Mar 10, 2009 8:58 am

Re: Newbie Lab setup!

True, the info is a bit scattered around. Some background in networking and protocols is highly recommended.

Here some reading:
http://en.wikipedia.org/wiki/VLAN_hopping
Cisco info: http://www.cisco.com/en/US/products/hw/ ... ml#wp39054

And tools:
http://www.perihel.at/sec/mz/index.html
http://www.ethicalhacker.net/component/ ... pic,535.0/
Comptia Security+ Certified
WIP: CCNA / CHFI
<<

charlottebandit

Newbie
Newbie

Posts: 49

Joined: Sat Jun 10, 2006 4:26 pm

Post Sat Jun 20, 2009 5:45 am

Re: Newbie Lab setup!

sh4d0wman wrote:You could try some of the following attacks:
- Arp spoofing
- Vlan hopping
- Double tag vlan hopping
- Mac overflow attack
- Spanning Tree attack

Look at the Allied Telesys website for attack info.
From the main page choose, "Solutions", and then "Lan Security". In the drop down menu you will find a summary of above listed attacks. This is something I still want to look at myself as well. Dunno yet what tools to use and I have no time at the moment. Too bad haha.


A great tool that focuses on these attacks is called Yersinia.  Here's a list of some of the attacks it can do:

Spanning Tree Protocol (STP)
Cisco Discovery Protocol (CDP)
Dynamic Trunking Protocol (DTP)
Dynamic Host Configuration Protocol (DHCP)
Hot Standby Router Protocol (HSRP)
IEEE 802.1Q
IEEE 802.1X
Inter-Switch Link Protocol (ISL)
VLAN Trunking Protocol (VTP)

You can also use Gobbler for DoS & DHCP starvation attacks against a switch. 

VLAN hopping was considered a "dead" attack that was almost a waste until IP Telephony converged together with an IP Network.  Now, there are several VOIP tools out there that take advantage of this because now this attack has re-emerged into a crippling one.  You could use VoIP Hopper for this.  Do a search for "vlan hopping tool" to find even more tools.

On the router, you could easily implement IOS IPS to have a fully-functional Cisco IPS on the router.  You could also setup IOS F/W to simulate an ASA and try to get past that.  There's much more you could do but it requires deeper understanding of routers which may take you down the path of network engineering. 
MS, CCSP, CCNP, CCDP, CEH, CHFI, CPTS

Return to Hardware

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software