1
00:00:00,240 --> 00:00:04,360
OK so in this example I've got a telnet script that I've written.

2
00:00:04,640 --> 00:00:06,200
I'm an import price shock.

3
00:00:06,210 --> 00:00:12,120
I'm going to capture traffic off the wire in real time on the soon to host on Ethan at zero.

4
00:00:12,120 --> 00:00:15,640
I've got a loop once again looking for telnet traffic.

5
00:00:15,720 --> 00:00:18,810
So is a telnet in the packet.

6
00:00:18,810 --> 00:00:23,200
If it is look for user name in the string.

7
00:00:23,310 --> 00:00:26,930
In other words look for user name and the output of the packet.

8
00:00:27,150 --> 00:00:30,450
If you see user name print the user name.

9
00:00:30,570 --> 00:00:33,750
If you see password then print the password.

10
00:00:33,750 --> 00:00:41,130
Now telnet isn't as nice as the other protocols and that's because the username and password are sent

11
00:00:41,940 --> 00:00:48,150
in individual packets so we're not going to see everything as clearly as we saw with the other scripts

12
00:00:49,110 --> 00:00:50,370
but that's not going to stop us.

13
00:00:50,370 --> 00:00:53,640
We will still be able to capture the username and password.

14
00:00:53,640 --> 00:00:58,280
So again Kat telnet dot P..

15
00:00:58,300 --> 00:01:06,070
There's our script let's run Python to capture the username and password.

16
00:01:06,210 --> 00:01:13,160
What I'll do in this example is use a 1 2 2 to Telnet to the broader so there's a boon to one which

17
00:01:13,160 --> 00:01:15,100
is our hacking server.

18
00:01:15,140 --> 00:01:31,570
Here is a boon to Radha IP address is 1 9 2 1 6 8 122 82 so telnet 1 on 2 1 6 8 1 22 82.

19
00:01:31,640 --> 00:01:34,180
Notice we suddenly see some output here.

20
00:01:35,720 --> 00:01:41,150
So it's seeing something it's captured this thing called Password.

21
00:01:41,360 --> 00:01:45,960
Put the password in and if you saw that notice.

22
00:01:46,270 --> 00:01:58,260
See IFCO there's the Telnet password there's a prompt top enable password there is the enabled password

23
00:01:58,920 --> 00:02:11,040
CISPA show run we can see the running config here now again telnet doesn't do this very nicely because

24
00:02:11,040 --> 00:02:18,450
the data is all over the place so I've kind of tried to highlight here that you must look for password

25
00:02:18,900 --> 00:02:30,750
after you see this line so let's change the the way the Cisco Rada works I'll say username David password

26
00:02:30,780 --> 00:02:39,060
Cisco and rather than just using a standard password all say log in local so a username and password

27
00:02:39,060 --> 00:02:40,890
are used when I Telnet to the right.

28
00:02:42,030 --> 00:02:45,520
Okay so let me go to the end here.

29
00:02:45,780 --> 00:02:46,960
Tell it to the writer.

30
00:02:47,010 --> 00:02:51,690
Notice we see username so we told be careful use the name it is gonna be displayed now.

31
00:02:52,410 --> 00:03:01,900
David there you can see the username David now gets copied twice because we seeing the traffic from

32
00:03:01,900 --> 00:03:03,340
the P.C. to the broader.

33
00:03:03,360 --> 00:03:11,590
And from the writer to The P.C. password Cisco you can see that yes Cisco is the password.

34
00:03:11,680 --> 00:03:16,440
It was only sent once because we don't see the password in the output.

35
00:03:19,040 --> 00:03:20,350
Top enable.

36
00:03:20,660 --> 00:03:25,280
We can see that they these enable notice.

37
00:03:25,390 --> 00:03:26,240
We are warned.

38
00:03:26,240 --> 00:03:28,970
Another password is going to be displayed here.

39
00:03:29,060 --> 00:03:30,550
So put the password in.

40
00:03:30,670 --> 00:03:32,360
There's a positive Cisco.

41
00:03:32,710 --> 00:03:39,830
So again telling it isn't as good as SPF or ATP or other protocols when it comes to capturing traffic.

42
00:03:39,830 --> 00:03:47,300
It's a bit all over the place but you could save this to a file and then simply do a search for a keyword

43
00:03:47,330 --> 00:03:53,630
like I've done here a bunch of lines and password and then you know that the password is just off to

44
00:03:53,630 --> 00:04:01,070
that or you could do a search for the actual keyword password and see the passwords in the text just

45
00:04:01,070 --> 00:04:01,730
after that.

46
00:04:01,730 --> 00:04:08,720
So there's my positive Cisco notice as an example if we touch a run here we'll see the actual password

47
00:04:08,720 --> 00:04:20,430
in the output here like this and if I scroll down I'll see the password over here.

48
00:04:20,470 --> 00:04:22,110
OK so telnet isn't that great.

49
00:04:22,130 --> 00:04:33,260
Not that easy to do it as cleanly as the other protocols but there's my basic python script and again

50
00:04:33,740 --> 00:04:37,880
in this example I'm using Sublime Text nice idc.

51
00:04:37,990 --> 00:04:40,660
There are many others out there that are very good.

52
00:04:40,730 --> 00:04:44,820
You can see that the script looks a lot nicer in sublime text.

53
00:04:44,840 --> 00:04:53,340
Here's my OSB a script it's only a few lines he has my FCP script he has my telnet script.

54
00:04:53,650 --> 00:04:58,620
You could take these scripts and change them and make them a lot more powerful.

55
00:04:58,630 --> 00:05:03,340
I just wanted to show you a little bit about what Python can be useful and inspire you to think about

56
00:05:03,430 --> 00:05:08,360
the options available to download these scripts and see what you can do with them.

57
00:05:08,410 --> 00:05:14,860
As always be careful hacking networks make sure that you have permission to hack those networks or to

58
00:05:14,860 --> 00:05:17,500
grab usernames and passwords of those networks.