I read that some Cisco IOS devices are vulnerable to hard forcing. My organization does not use these particular devices, but how can we test other network equipment to see if they are easily susceptible to a brute force attack?
One tool that has become very popular is something called Cisco Torch. This is a penetration testing tool installed by default in various Backtrack and Kali distributions. There is also a section of Exposed hacking is devoted to him.
Now, you are saying that your organization does not use any Cisco IOS devices, to which my response is “Are you sure?” Often in rapidly growing organizations, network devices are sometimes lost in the chaos of network architecture planning. So just to be on the safe side, I would like to open a command prompt that has access to the Cisco Torch tool and type:
./cisco-torch.pl -A xxxx / x
This command will allow you to perform the full range of Cisco scans on your network, if the tool finds a Cisco network device. The X‘s in the command designates an IP address and the accompanying subnet mask. If vulnerable Cisco devices are detected, updating them (or taking them offline) should be fairly easy.
If the Cisco Torch scan fails, rest assured that your organization does not have any malicious Cisco devices on its network. At this point, you can start testing your various nodes for brute force vulnerabilities. For nodes running some type of Linux distribution, I prefer to use a tool known as John the Ripper. This tool not only tests your operating system for brute force attacks, but it has the ability to perform a wide variety of password cracking techniques against different user accounts on each operating system. John the Ripper can be scripted to run remotely, but I prefer to use it locally on the box. Root privileges are required, as you will need to access the hidden files in each Linux node. As soon as you have access to the shadow files, run the following command:
John the password
The the password part of the command assumes this is the name of your password file. Depending on the complexity of each password, John the Ripper can run for a few seconds to a few days. If the complexity of a given password is closer to the latter, then I would say the password is not immediately susceptible to a brute force attack.
If your organization is like most and is Windows-centric, I would use the trial version of L0phtcrack. This tool has a very intuitive graphical user interface, and it typically cracks Windows passwords within seconds. If you go to L0phtcrack website, you can download a 15 day free trial version of the software and remotely crack nodes that are running Windows 7 and earlier versions.