Shell is only the Beginning

Recently on an engagement I wanted to capture only Cisco Discovery Protocol (CDP) packets so as to passively enumerate Cisco equipment and I decided to share the filter I used:

sudo tcpdump -nn -v -i en0 -s 1500 'ether[20:2] == 0x2000'
Password:
tcpdump: listening on en0, link-type EN10MB (Ethernet), capture size 1500 bytes
18:41:35.971435 CDPv2, ttl: 180s, checksum: 692 (unverified), length 334
Device-ID (0x01), length: 8 bytes: 'ap1.home'
Version String (0x05), length: 231 bytes:
Cisco IOS Software, C1200 Software (C1200-K9W7-M), Version 12.3(8)JEB1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Fri 20-Jul-07 20:51 by dchih
Platform (0x06), length: 26 bytes: 'cisco AIR-AP1230A-A-K9 '
Address (0x02), length: 13 bytes: IPv4 (1) 192.168.1.250
Port-ID (0x03), length: 13 bytes: 'FastEthernet0'
Capability (0x04), length: 4 bytes: (0x00000002): Transparent Bridge
Duplex (0x0b), length: 1 byte: full
power consumption (0x10), length: 2 bytes: 8.50W

I hope that it's useful to anyone who might need it during a pentest or troubleshooting a network.

I recently had to go to several Central American countries to do some consulting work, while waiting for a connecting flight at the Panama airport I notice a wallpaper that was very familiar to me, the Backtrack3 Default wallpaper and even more familiar what was running on a terminal window, it was karmetasploit I watched for a while as the kid was gathering info from unsuspecting people, as I saw from my seat I could make passwords from tweeter account from people using their iphones, I even saw the kid saving the cookies and using them on Firefox by pasting them on a extension installed on his browser, I could see all of this since he was not being careful and putting his back to one of the walls, I was sitting right behind the kid and he didn't even noticed. So guys be careful with what your browser and machines sends automatically in wifi networks you might never know who is next to you just waiting for you to fire up your browser, a good recommendation have wireshark run on your laptop while you connect to your wireless at home and see if it is sending any info it should not be sending out, be careful out there scripkiddies are everywhere.

I have been reading about the the way the crackers from Anonymous got access to her email account, I was surprised to find out that you can reset the password of an account with zip code and date of birth, one should consider using fake information for when one is asked for this information. With tools like Maltego out there profiling a person and their presence in the internet is extremely easy.

Well it has been a long time since my last blog, no excuses here. In this long time I finally got and iPhone and I have really love the user experience in this device but it has gotten me thinking, is the iphone helping with the problem of users chossing bad passwords? since it does not have copy paste and entering a long complex password starts becoming a problem I have seen many friends choosing porr passswords, specially since the iphone does not come by default with a good password manager nor copy and paste, on can use third party apps like 1password but still I do feel that the iphone is adding to this problem. what do you think?

I have been looking at several forums and one of the things that frustrate me the most is the lack of talk on the areas of proper target enumeration and intel gathering. Everybody is focused in running Nmap, fierce or any other host of tools and forget the true time basics of simply surfing the targeted client's site taking note of the contact information and sending someone from the attack team to do a physical recon, to look for:

• Wireless networks
• Trash disposal methods
• Physical security to the building
• Open and exposed Ethernet network ports
• Exposed USB ports
• Unlocked and unused machines

Not everything has to be done thru the internet, most people are focused on the latest tool and not in thinking outside the box, in many of my presentation clients are impressed that their biggest hole is physical security. I know I'm ranting but I had to get it off my chest. take care and be secure.