Re: cracking cisco passwords

From: Jason Witty, CISSP (jason@wittys.com)
Date: 10/15/01

• Previous message: Volker Tanger: "Re: cracking cisco passwords"
• In reply to: Jason binger: "cracking cisco passwords"
• Next in thread: Damiano Scrigni: "Re: cracking cisco passwords"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-ID: <3BCB03CF.7020508@wittys.com>
Date: Mon, 15 Oct 2001 10:42:07 -0500
From: "Jason Witty, CISSP" <jason@wittys.com>
To: Jason binger <cisspstudy@yahoo.com>
Subject: Re: cracking cisco passwords

Althogh I've never personally tried it, I hear that you can run Jack the
Ripper on Cisco type 5 passwords by putting the hash into a file that
resembles /etc/shadow:

<Begin JtR Passwd Shadow File>

root:$1$6Je2$MurE4FTzoZjQShRW4Ui9H0:::::

<End JtR Passwd Shadow File>

Set that up, run Jack the Ripper on it, and it should work.... Hope
this helps.

Jason

Jason binger wrote:

> I am currently performing a penetration test and
> managed to pull down the config using a HTTP
> vulnerability in the cisco interface.
>
> How do I crack the following password gained from the
> following line of the config?
>
> enable secret 5 $1$6Je2$MurE4FTzoZjQShRW4Ui9H0
>
> (the password has been changed)
>
> Jason
>
>
> __________________________________________________
> Do You Yahoo!?
> Make a great connection at Yahoo! Personals.
> http://personals.yahoo.com
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
>
>
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

---

• Previous message: Volker Tanger: "Re: cracking cisco passwords"
• In reply to: Jason binger: "cracking cisco passwords"
• Next in thread: Damiano Scrigni: "Re: cracking cisco passwords"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: cracking cisco passwords ... Subject: cracking cisco passwords ... > This list is provided by the SecurityFocus Security Intelligence Alert ... This list is provided by the SecurityFocus Security Intelligence Alert Service. ... For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: ... (Pen-Test) RE: MS Access password crackers ... It does a lot more than crack Access passwords... ... Subject: MS Access password crackers ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: Identify OS? ... It is definately not a cisco box. ... Looking at the ports that are open, ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: Cayman Router ... to escalate privs, go to the webpage, and then where it has the passwords ... >This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: cracking cisco passwords ... seem to be pretty easy to crack cisco passwords... ... This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > pen-test  > 2001-10