Picked up some switches from an auction
One wasn't wiped. Cisco type 5, say hello to hashcat.
Conversation
Notices
-
Embed this notice
kajer (kajer@infosec.exchange)'s status on Thursday, 16-Nov-2023 03:34:58 JST 
kajer
-
Embed this notice
kajer (kajer@infosec.exchange)'s status on Thursday, 16-Nov-2023 03:35:16 JST
kajer
moar power
-
Embed this notice
kajer (kajer@infosec.exchange)'s status on Thursday, 16-Nov-2023 03:35:16 JST
kajer
🤔 I need more GPUs
Did I learn nothing from @CrackMeIfYouCan at @defcon ???
I have no metadata to make educated guesses as to what the passwords could be. Unless it's a cheesy variation of the school mascot?
-
Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 16-Nov-2023 03:35:16 JST 
Ryan Castellucci :nonbinary_flag:
-
Embed this notice
kajer (kajer@infosec.exchange)'s status on Thursday, 16-Nov-2023 03:35:18 JST
kajer
the network admin even left an emergency maintenance port
This switch was probably in a locked closet, as this maintenance port has 0 controls for access.
Red teams would probably note a 24 port access switch with port24 NOT patched in and hanging out...
-
Embed this notice
kajer (kajer@infosec.exchange)'s status on Thursday, 16-Nov-2023 03:35:18 JST
kajer
Here we go...
-
Embed this notice
kajer (kajer@infosec.exchange)'s status on Thursday, 16-Nov-2023 03:35:18 JST
kajer
Oh good, my CMIYC rig is still loading drivers... So many times the background processes destroy the nvidia drivers randomly....
-
Embed this notice
kajer (kajer@infosec.exchange)'s status on Thursday, 16-Nov-2023 03:35:19 JST
kajer
I am reviewing the stored config. It's very nicely done for an access switch.
proper ACLs on SNMP server / management SSH
dhcp snooping and RA guard
arp inspection with src and dst mac
err-disable recovery for all common problems
bpduguard, 802.1x
I'm pretty jealous, this config is nice!
-
Embed this notice
kajer (kajer@infosec.exchange)'s status on Thursday, 16-Nov-2023 03:46:45 JST
kajer
@ryanc @CrackMeIfYouCan @defcon
I did some RDP sessions to my other gaming rigs... Got the ETA down to 11days to process RockYou+OneRule
This is brute force basically, as I have nothing to base a taylored wordlist on. Unless the Network Admins at this school like to use emojis in their passwords?
Estimated time: 11d 09:01:44
Speed: 3203.03 kH/s -
Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Friday, 17-Nov-2023 03:53:45 JST
Ryan Castellucci :nonbinary_flag:
@kajer @reconbot @CrackMeIfYouCan @defcon
:hacker_h: :hacker_a: :hacker_c: :hacker_k:
:hacker_h: :hacker_a: :hacker_r: :hacker_d: :hacker_e: :hacker_r:
-
Embed this notice
kajer (kajer@infosec.exchange)'s status on Friday, 17-Nov-2023 03:53:46 JST
kajer
@reconbot @ryanc @CrackMeIfYouCan @defcon
Sadly, overnight didnt make much progress. Still at 0 cracked hashes.
Here are the quick stats of the operation.
Keyspace dispatched: 1729129 (12.05%)
Keyspace searched: 1689227 (11.78%)
Time spent: 23:56:27
Estimated time: 7d 11:21:26
Speed: 4905.58 kH/sThis is mode 500 on hashcat
cisco type 5 is $1$salt$hash
-
Embed this notice
Francis 🏴☠️ Gulotta (reconbot@toot.cafe)'s status on Friday, 17-Nov-2023 03:53:48 JST 
Francis 🏴☠️ Gulotta
@kajer @ryanc @CrackMeIfYouCan @defcon In 2002 my godfather owned one of the first 1ghz Pentiums on the market and my god it ran l0phtcrack faster than anything else. We've come a long way but the more things change...
-
Embed this notice
kajer (kajer@infosec.exchange)'s status on Friday, 17-Nov-2023 03:53:49 JST
kajer
@ryanc @CrackMeIfYouCan @defcon
At least my garage will be nice and cozy
-
Embed this notice
kajer (kajer@infosec.exchange)'s status on Friday, 17-Nov-2023 05:59:22 JST
kajer
@ryanc @reconbot @CrackMeIfYouCan @defcon
Trying!!!
-
Embed this notice
All GNU social JP content and data are available under the