We have seen how to set passwords on cisco switches or routers here. Of course setting passwords does add to the security of the device but there is small problem. The password is stored in plain text. Anyone who gets access to the switch can easily see all the passwords by typing command “show running-config or show startup-config”. Today we will see how to encrypt passwords on Cisco routers and switches.
Encrypting passwords can further enhance the security of the device. Privileged password can be encrypted by using the command “enable secret” instead of “enable password”. This command should be set from privileged global configuration mode.
Lets see what can we see when we use the command “show running-config”.
We can see that the password we set has been encrypted. but what about other passwords. The console, auxiliary and vty lines passwords cannot be encrypted even if we use “enable secret” command. To encrypt those passwords, we have to use another command “service password-encryption” as shown below.
This command will encrypt all the passwords stored in plain text on the device. Want to learn advanced practical hacking? Have a look at our Hacking Magazine. Just don’t trust our word. Download your FREE COPY using discount code fq47p4tq
Good evening friends, Today we will see how to configure passwords on Cisco routers and switches. Cisco devices have four types of passwords.
Console password : Used to set password for the console access.
Auxiliary password : It is used to set password to auxiliary port ( if the switch has one.)
VTY lines password : Used to set password for for telnet and SSH access.
Privileged password : Used to set password for privileged access to the switch.
I am not going to show you how to set up auxiliary password here. To see how to set up console password and VTY lines password, go here.
Privileged mode of a Cisco device has some advanced IOS commands that can have disastrous consequences if used by wrong hands. So it is very important to set up a password to access privileged commands. Use the following commands
The “enable” command takes us into privileged mode. The “conf t” mode takes us into global configuration mode which pertains to the configuration settings of the whole switch. The “enable password” sets a password for the privileged mode. ‘123456’ is the password. The “exit” command takes us out of the privileged mode. To see if a password has been set for the privileged mode, try entering into privileged mode by typing “en” command. We can see that it prompts us for the password.
Scanning plays a very important role in hacking a system. Scanning is a phase in which we find out the ports which are open and the services listening on those ports. Nmap is the most popular port scanner being used security guys nowadays. However it is very important to understand classification of ports by Nmap while scanning. Nmap classifies ports into six states. They are, open, closed, filtered, unfiltered, open | filtered and closed | filtered. Let us find out when Nmap classifies ports into specific states. For this, I use two virtual machines,
1. Kali Linux as attacker (with IP 10.10.10.2)
2. XP as victim (with IP 10.10.10.3)
On the victim machine, Telnet server is running and an exception is provided for it in windows firewall.
Nmap classifies a port as open if an application is actively accepting TCP connections, UDP datagrams or SCTP associations on this port.
When I perform a default Nmap scan from the attacker of port 23 of the victim,
Nmap –p 23 10.10.10.3
The result I get is open. This is because the Telnet server is actively accepting connections.
Nmap classifies a port as closed when the port is accessible but there is no application listening on it. On our victim machine, let’s stop the the telnet service as shown below.
Now when we perform the above scan again, the port is shown as closed because although the port is accessible we don’t have any application listening on it.(i.e telnet is stopped)
Nmap classifies a port as filtered when it can’t determine whether the port is open or closed because packet filtering prevents its probes from reaching the port. On our victim machine, let’s select ‘Don’t Allow Exceptions’ option in the firewall settings.
When we perform the above scan once again, the port is classified as filtered because firewall filtering blocks the probes of Nmap. When Nmap classifies a port as filtered, it is most likely that a firewall is blocking our probes.
Nmap classifies a port as unfiltered when a port is accessible but it can’t determine whether it is open or closed. A port is classified as unfiltered only with the ACK scan.
Let’s start the telnet service again on our victim machine and allow an exception for telnet in the firewall.
Then let us perform the ACK scan.
nmap -sA –p 23 10.10.10.3
The scan couldn’t determine whether the port is open or closed.
5. open | filtered
A port is classified as open | filtered when Nmap is unable to determine whether a port is open or filtered. This happens for scan types in which open ports give no response. The UDP,IP protocol, FIN, NULL and XMAS scans classify ports this way. Let’s go to our machine and once again block telnet using firewall.
And then perform FIN scan and NULL scan respectively.
The port is classified as open | filtered in both cases because Nmap can’t determine whether the port is open or filtered.
6. closed | filtered
Nmap can’t find out whether a port is closed or filtered. A port is classified this way only for IP IDLE scan. Now what is IDLE scan? Idle scan is a scan in which we use a zombie host to scan the victim. In our example, we use another host with IP 10.10.10.3 as a zombie to perform IDL scan on our victim.
In our victim, firewall is still blocking telnet. Let’s perform a IP IDLE scan.
nmap –sI 10.10.10.1 –p 23 10.10.10.3
The scan shows result as closed | filtered because it couldn’t determine whether a port is closed or filtered.