All posts by nlogician

Cracking Cisco Type 7 passwords by hand

Although you should be using MD5 or SHA256 for password security, Type 7 passwords are still in use and so I thought this would be a fun learning exercise.

The ‘service password-encryption‘ or Type 7 password is based on a known proprietary weak encryption algorithm using XOR and can be recognized in the configuration file as,

password 7 030752180500

Note: Type 5 uses MD5 and looks similar to this,

enable secret 5 $1$OB1J$tNsFgEZ4kD1qituaAeYfa0

There are plenty of scripts or websites that can crack Type 7 passwords in less than a second, including one on Cisco’s website. This example will show how this can be done with just pen and paper. Continue reading Cracking Cisco Type 7 passwords by hand

Basic Cisco ASA firewall setup

There are many different firewall options out there, but one of the most prevalent seems to be the Cisco ASA. This post is a basic configuration outline of the general setup of an ASA firewall that has basic connectivity, as well as dynamic and static NAT functions. While there are many different services an ASA can provide, this post centers on an ASA configuration running on the 8.x code version doing only basic functions. This particular setup is on a firewall in routed mode, that is used for NAT/PAT with only an inside and outside interface setup.

The first config settings to enter on an ASA, or most any other Cisco networking devices is the hostname of the device, domain name, and the enable password for logging into privileged exec mode.


config t
hostname LabASA1
domain-name labasa1.yourdomain.com
enable password Secret1 Continue reading Basic Cisco ASA firewall setup 

How to Setup a TFTP Server Under CentOS/RHEL 6

Why bother with tftp?

Many network devices such as Cisco routers and switches use tftp in order to download their IOS config updates. tftp can also be used for network based installs or for booting up diskless systems. Knowing how to setup a tftp server comes in quite handy when circumstances like these arise.

Getting started . . .

The Network Topology

Let’s say we’re dealing with a private network– 192.168.100.0/24. We’ll designate our tftp server and tftp test client as 192.168.100.5 and 192.168.100.105 respectively. You will need superuser privileges on both your server and client in order to successfully perform all of these commands.

Get the Necessary Packages

Log on to 192.168.100.5 and download the necessary programs; make sure they survive reboots:


# yum install tftp-server xinetd
# chkconfig tftp on Continue reading How to Setup a TFTP Server Under CentOS/RHEL 6 

ipfilter and ipv6

For people running older versions of Solaris, like 8/9, the firewall of choice to install was ipfilter. Now, with Solaris 10 it has become the default, built-in with the OS. I wanted to do a short post about adding configuration settings for ipv6 and plan to cover ipv4 in detail in a later post.

One thing to note is that ipfilter must run it’s ipv6 rules under a separate file. In Solaris 10, the default location for the filter rules is in /etc/ipf and the firewall rules are located in the files ipf.conf and ipf6.conf for ipv4 and ipv6 respectfully. Here is a sample of the current file on one of my servers,


#
# ipf6.conf
#
# IPv6 Filter rules to be loaded during startup
#
# See ipf(4) manpage for more information on
# IP Filter rules syntax. Continue reading ipfilter and ipv6 

Cisco archive command

The Cisco archive command has been around for several years now and is still valid for smaller operations that are unable to afford or require a commercial software package to do the same thing.  Two of the main benefits include backing-up your configurations after changes and logging the commands that were executed by each user. The commands necessary to accomplish these tasks are fairly straightforward,


sw1# config t
sw1(config)# archive
sw1(config-archive)# path ftp://192.168.100.50/configs/sw1
sw1(config-archive)# write-memory
sw1(config-archive)# log config
sw1(config-archive-log-config)# logging enable Continue reading Cisco archive command 

GPG Lab

Although we have seen examples of how to install gpg for Windows and integrate with Outlook, this class lab is designed to get gpg working in Linux with the Evolution email client.

Generate a Key for signing only


# gpg --gen-key
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
What keysize do you want? (4096) Continue reading GPG Lab 

Books: September List

This is a listing of the current books that have found their way onto my desk for reading, reviewing or acting as a paperweight,

Linchpin: Are You Indispensable? by Seth Godin

Routing TCP/IP, Volume 1, 2nd Edition by Jeff Doyle, Jennifer Carroll

TCP/IP Illustrated, Volume 1: The Protocols, 2nd Edition by Richard Stevens

RHCSA/RHCE Red Hat Linux Certification Study Guide by Michael Jang

TcL Scripting for Cisco IOS by Raymond Blair, Arvind Durai, John Lautmann