When did this list become a "how-to" of hacking for script kiddies? Why don't you just do it for him too? Who in his right mind would ask a question like he did, unless he's an idiot and has NO CLUE what that question means. I would like to hear his excuse for the actual REASON that he's doing this. If not, I would be pressured to send him some unpleasent law enforcement officials to his door.
So, John Morris, what'll be? What's the reason for the question? What r u doing? -- Alen Capalik On Wed, 24 Nov 2004 12:16:29 -0500, amilabs <[EMAIL PROTECTED]> wrote: > The only way to get it remotely is to get hold of and compromise a machine > on the network where the routers/switches resides. Then run a sniffer app > for just telnet and capture the individual keystrokes when someone logs into > the router and then enters the enable password. Remember inside the network > most telnet support functions to routers and switches are not encrypted so > by capturing a support personnel's telnet session will give you the enable > password. This can be done with SNMP also but that is another discussion. > The trick is to get the compromised machine to run the sniffer like tcpdump > etc.. Even if tacacs is used you will still see the open unencrypted telnet > keystrokes from the admin to the router. The router will then encrypt that > info and send it to the tacacs server for its backend process. You need to > just watch the admin's. steps. That is how you can get it remotely... Unless > the routers are configured for ssh for telnet you can see everything in the > clear with a sniffer.. > > Regards.. > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Todd Towles > Sent: Wednesday, November 24, 2004 9:38 AM > To: john morris; Scott T. Cameron > Cc: [EMAIL PROTECTED] > Subject: RE: [Full-Disclosure] previledge password in cisco routers > > Do you seriously think there is a easy way to get the enable password > remotely? If you have the config, you can get it from there..if you have the > box you can do a password recovery by booting in rommon...otherwise the box > isn't yours..and you won't find a clear exact answer because there isn't > one. > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of john > > morris > > Sent: Wednesday, November 24, 2004 3:15 AM > > To: Scott T. Cameron > > Cc: [EMAIL PROTECTED] > > Subject: Re: [Full-Disclosure] previledge password in cisco routers > > > > Ooops.. i reframe my question. Is there a way to get the enable > > password remotely . Brute force is not my option > > > > > > > > (FROM LINKS TO LINKS WE ARE ALL LINKED) > > > > cheersssss..... > > > > morris > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
