RE: cracking cisco passwords

From: Joshua Wright (Joshua.Wrightat_private)
Date: Mon Oct 15 2001 - 08:30:36 PDT

Next message: rebercat_private: "Securing VOIP?"

Previous message: DA Smith: "NetIntercept 1.0"
Maybe in reply to: Jason binger: "cracking cisco passwords"
Next in thread: Jim Duncan: "Re: cracking cisco passwords"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brute force with a dictionary attack would be your best option.  The
type 5 password is based on the MD5 hash algorithm.  You could create
a perl program with a CPAN module to calculate the hashes.

The $ in the MD5 hash separates the field into three parameters:

$1 - version 1 ?
$6Je2 - salt
$MurE4FTzoZjQShRW4Ui9H0 - base 64 encoded password hash

I suspect however, that if you have access to the router (switch?)
with the IOS HTTP vulnerability, you can simply change the password,
and reestablish the original password at a later time.

- -Joshua Wright
Team Leader, Networks and Systems
Johnson & Wales University
Joshua.Wrightat_private 

pgpkey: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD44B4A73
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73





- -----Original Message-----
From: Jason binger [mailto:cisspstudyat_private]
Sent: Sunday, October 14, 2001 9:49 PM
To: pen-testat_private
Subject: cracking cisco passwords


I am currently performing a penetration test and
managed to pull down the config using a HTTP
vulnerability in the cisco interface.

How do I crack the following password gained from the
following line of the config?

enable secret 5 $1$6Je2$MurE4FTzoZjQShRW4Ui9H0 

(the password has been changed)

Jason


__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com

- ----------------------------------------------------------------------
- ------
This list is provided by the SecurityFocus Security Intelligence
Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities
please see:
https://alerts.securityfocus.com/

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBO8sBH4/i/ArUS0pzEQJp5wCg8EPHHwcT9XzEVEByEZoW48Dfe8cAnij3
w4+7vtBmmbegKDGiDnpYxGx+
=fh66
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: rebercat_private: "Securing VOIP?"
Previous message: DA Smith: "NetIntercept 1.0"
Maybe in reply to: Jason binger: "cracking cisco passwords"
Next in thread: Jim Duncan: "Re: cracking cisco passwords"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Oct 15 2001 - 15:58:33 PDT