Re: cracking cisco passwords

From: Jim Duncan (jnduncan@cisco.com)
Date: 10/15/01 

Message-Id: <200110151910.PAA28817@rooster.cisco.com>
To: Jason binger <cisspstudy@yahoo.com>
Subject: Re: cracking cisco passwords 
Date: Mon, 15 Oct 2001 15:10:23 -0400
From: Jim Duncan <jnduncan@cisco.com>

Jason Binger writes:
> I am currently performing a penetration test and
> managed to pull down the config using a HTTP
> vulnerability in the cisco interface.
>
> How do I crack the following password gained from the
> following line of the config?
>
> enable secret 5 $1$6Je2$MurE4FTzoZjQShRW4Ui9H0
>
> (the password has been changed)

Jason, Cisco IOS encrypts "mode 5" passwords using MD5, so in theory,
they are not crackable. However, they _are_ subject to a dictionary
attack, so the usual cautions apply, e.g., try to limit the disclosure
of the encrypted text.

Mode 7 passwords are encrypted using a modified Vignere cipher, and are
_not_ considered strong; they are merely adequate for preventing casual
discovery of the plaintext. Several tools for decrypting mode 7
passwords are available on The Net, including mudge's, which I use on
my Palm Vx. :-)

See http://www.cisco.com/warp/public/707/21.html#password for very basic
info on password encryption in Cisco IOS.

        Jim

==
Jim Duncan, Product Security Incident Manager, Cisco Systems, Inc.
<http://www.cisco.com/warp/public/707/sec_incident_response.shtml>
E-mail: <jnduncan@cisco.com> Phone(Direct/FAX): +1 919 392 6209

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages