Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2025-02-16 22:18:27 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/network-services-pentesting/49-pentesting-tacacs+.md

66 lines
4.2 KiB
Markdown
Raw Blame History

# 49 - Pentesting TACACS+
{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Support HackTricks</summary>
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}
## Basic Information
**Mfumo wa Kudhibiti Upatikanaji wa Kituo (TACACS)** unatumika kuthibitisha watumiaji kwa njia ya kati wanaojaribu kufikia route au Seva za Upatikanaji wa Mtandao (NAS). Toleo lake lililoboreshwa, **TACACS+**, linatenganisha huduma katika uthibitishaji, idhini, na uhasibu (AAA).
```
PORT STATE SERVICE
49/tcp open tacacs
```
**Default port:** 49
## Intercept Authentication Key
Ikiwa mawasiliano kati ya mteja na seva ya TACACS yanakatizwa na mshambuliaji, **funguo ya uthibitishaji iliyosimbwa inaweza kukamatwa**. Mshambuliaji anaweza kisha kujaribu **shambulio la nguvu za ndani dhidi ya funguo bila kugundulika katika kumbukumbu**. Ikiwa atafanikiwa katika kujaribu nguvu funguo, mshambuliaji anapata ufikiaji wa vifaa vya mtandao na anaweza kufungua trafiki kwa kutumia zana kama Wireshark.
### Performing a MitM Attack
**Shambulio la ARP spoofing linaweza kutumika kufanya shambulio la Man-in-the-Middle (MitM)**.
### Brute-forcing the Key
[Loki](https://c0decafe.de/svn/codename\_loki/trunk/) inaweza kutumika kujaribu nguvu funguo:
```
sudo loki_gtk.py
```
If the key is successfully **bruteforced** (**usually in MD5 encrypted format)**, **tunaweza kufikia vifaa na kufichua trafiki iliyofichwa ya TACACS.**
### Decrypting Traffic
Mara tu funguo ikishindwa, hatua inayofuata ni **kufichua trafiki iliyofichwa ya TACACS**. Wireshark inaweza kushughulikia trafiki ya TACACS iliyofichwa ikiwa funguo itatolewa. Kwa kuchambua trafiki iliyofichuliwa, taarifa kama vile **bango lililotumika na jina la mtumiaji wa admin** inaweza kupatikana.
Kwa kupata ufikiaji wa paneli ya udhibiti ya vifaa vya mtandao kwa kutumia akreditivu zilizopatikana, mshambuliaji anaweza kudhibiti mtandao. Ni muhimu kutambua kwamba vitendo hivi ni kwa madhumuni ya elimu pekee na havipaswi kutumika bila idhini sahihi.
## References
* [https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9](https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9)
{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Support HackTricks</summary>
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}
Reference in a new issue View git blame Copy permalink