mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-26 22:52:06 +00:00
79 lines
4.8 KiB
Markdown
79 lines
4.8 KiB
Markdown
# 49 - Pentesting TACACS+
|
|
|
|
{% hint style="success" %}
|
|
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
|
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
|
|
|
<details>
|
|
|
|
<summary>Support HackTricks</summary>
|
|
|
|
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
|
|
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
|
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
|
|
|
</details>
|
|
{% endhint %}
|
|
|
|
**Try Hard Security Group**
|
|
|
|
<figure><img src="/.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
|
|
|
|
{% embed url="https://discord.gg/tryhardsecurity" %}
|
|
|
|
***
|
|
|
|
## Basiese Inligting
|
|
|
|
Die **Terminal Access Controller Access Control System (TACACS)** protokol word gebruik om gebruikers wat probeer om toegang tot routers of Network Access Servers (NAS) te verkry, sentraal te valideer. Die opgegradeerde weergawe, **TACACS+**, skei die dienste in outentisering, magtiging en rekeningkunde (AAA).
|
|
```
|
|
PORT STATE SERVICE
|
|
49/tcp open tacacs
|
|
```
|
|
**Standaard poort:** 49
|
|
|
|
## Onderbreek Verifikasiesleutel
|
|
|
|
As die kliënt en TACACS-bediener kommunikasie deur 'n aanvaller onderbreek word, kan die **versleutelde verifikasiesleutel onderbreek word**. Die aanvaller kan dan 'n **lokale brute-force aanval teen die sleutel probeer sonder om in die logs opgemerk te word**. As die aanvaller daarin slaag om die sleutel te brute-force, verkry hy toegang tot die netwerktoerusting en kan die verkeer ontsleutel met behulp van gereedskap soos Wireshark.
|
|
|
|
### Uitvoering van 'n MitM-aanval
|
|
|
|
'n **ARP-spoofing-aanval kan gebruik word om 'n Man-in-the-Middle (MitM) aanval uit te voer**.
|
|
|
|
### Brute-forcing van die Sleutel
|
|
|
|
[Loki](https://c0decafe.de/svn/codename\_loki/trunk/) kan gebruik word om die sleutel te brute-force:
|
|
```
|
|
sudo loki_gtk.py
|
|
```
|
|
If the key is successfully **bruteforced** (**usually in MD5 encrypted format)**, **we can access the equipment and decrypt the TACACS-encrypted traffic.**
|
|
|
|
### Decrypting Traffic
|
|
Sodra die sleutel suksesvol gekraak is, is die volgende stap om die **TACACS-enkripteer verkeer te dekripteer**. Wireshark kan geënkripteerde TACACS-verkeer hanteer as die sleutel verskaf word. Deur die gedekripteerde verkeer te analiseer, kan inligting soos die **banner wat gebruik word en die gebruikersnaam van die admin** gebruiker verkry word.
|
|
|
|
Deur toegang te verkry tot die beheerpaneel van netwerktoerusting met die verkryde geloofsbriewe, kan die aanvaller beheer oor die netwerk uitoefen. Dit is belangrik om te noem dat hierdie aksies slegs vir opvoedkundige doeleindes is en nie sonder behoorlike magtiging gebruik moet word nie.
|
|
|
|
## References
|
|
|
|
* [https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9](https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9)
|
|
|
|
**Try Hard Security Group**
|
|
|
|
<figure><img src="/.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
|
|
|
|
{% embed url="https://discord.gg/tryhardsecurity" %}
|
|
|
|
{% hint style="success" %}
|
|
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
|
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
|
|
|
<details>
|
|
|
|
<summary>Support HackTricks</summary>
|
|
|
|
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
|
|
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
|
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
|
|
|
</details>
|
|
{% endhint %}
|