4.2 KiB
49 - Pentesting TACACS+
{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
Basic Information
Mfumo wa Kudhibiti Upatikanaji wa Kituo (TACACS) unatumika kuthibitisha watumiaji kwa njia ya kati wanaojaribu kufikia route au Seva za Upatikanaji wa Mtandao (NAS). Toleo lake lililoboreshwa, TACACS+, linatenganisha huduma katika uthibitishaji, idhini, na uhasibu (AAA).
PORT STATE SERVICE
49/tcp open tacacs
Default port: 49
Intercept Authentication Key
Ikiwa mawasiliano kati ya mteja na seva ya TACACS yanakatizwa na mshambuliaji, funguo ya uthibitishaji iliyosimbwa inaweza kukamatwa. Mshambuliaji anaweza kisha kujaribu shambulio la nguvu za ndani dhidi ya funguo bila kugundulika katika kumbukumbu. Ikiwa atafanikiwa katika kujaribu nguvu funguo, mshambuliaji anapata ufikiaji wa vifaa vya mtandao na anaweza kufungua trafiki kwa kutumia zana kama Wireshark.
Performing a MitM Attack
Shambulio la ARP spoofing linaweza kutumika kufanya shambulio la Man-in-the-Middle (MitM).
Brute-forcing the Key
Loki inaweza kutumika kujaribu nguvu funguo:
sudo loki_gtk.py
If the key is successfully bruteforced (usually in MD5 encrypted format), tunaweza kufikia vifaa na kufichua trafiki iliyofichwa ya TACACS.
Decrypting Traffic
Mara tu funguo ikishindwa, hatua inayofuata ni kufichua trafiki iliyofichwa ya TACACS. Wireshark inaweza kushughulikia trafiki ya TACACS iliyofichwa ikiwa funguo itatolewa. Kwa kuchambua trafiki iliyofichuliwa, taarifa kama vile bango lililotumika na jina la mtumiaji wa admin inaweza kupatikana.
Kwa kupata ufikiaji wa paneli ya udhibiti ya vifaa vya mtandao kwa kutumia akreditivu zilizopatikana, mshambuliaji anaweza kudhibiti mtandao. Ni muhimu kutambua kwamba vitendo hivi ni kwa madhumuni ya elimu pekee na havipaswi kutumika bila idhini sahihi.
References
{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.