RE: cracking cisco passwords
From: Joshua Wright (Joshua.Wright@jwu.edu)Date: 10/15/01
- Previous message: DA Smith: "NetIntercept 1.0"
- Maybe in reply to: Jason binger: "cracking cisco passwords"
- Next in thread: Jim Duncan: "Re: cracking cisco passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <415D42EC88D4D411A128009027AF978C01835D69@gaspee.jwu.edu> From: Joshua Wright <Joshua.Wright@jwu.edu> To: 'Jason binger' <cisspstudy@yahoo.com>, pen-test@securityfocus.com Subject: RE: cracking cisco passwords Date: Mon, 15 Oct 2001 11:30:36 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Brute force with a dictionary attack would be your best option. The
type 5 password is based on the MD5 hash algorithm. You could create
a perl program with a CPAN module to calculate the hashes.
The $ in the MD5 hash separates the field into three parameters:
$1 - version 1 ?
$6Je2 - salt
$MurE4FTzoZjQShRW4Ui9H0 - base 64 encoded password hash
I suspect however, that if you have access to the router (switch?)
with the IOS HTTP vulnerability, you can simply change the password,
and reestablish the original password at a later time.
- -Joshua Wright
Team Leader, Networks and Systems
Johnson & Wales University
Joshua.Wright@jwu.edu
pgpkey: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD44B4A73
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73
- -----Original Message-----
From: Jason binger [mailto:cisspstudy@yahoo.com]
Sent: Sunday, October 14, 2001 9:49 PM
To: pen-test@securityfocus.com
Subject: cracking cisco passwords
I am currently performing a penetration test and
managed to pull down the config using a HTTP
vulnerability in the cisco interface.
How do I crack the following password gained from the
following line of the config?
enable secret 5 $1$6Je2$MurE4FTzoZjQShRW4Ui9H0
(the password has been changed)
Jason
__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com
- ----------------------------------------------------------------------
- ------
This list is provided by the SecurityFocus Security Intelligence
Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities
please see:
https://alerts.securityfocus.com/
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBO8sBH4/i/ArUS0pzEQJp5wCg8EPHHwcT9XzEVEByEZoW48Dfe8cAnij3
w4+7vtBmmbegKDGiDnpYxGx+
=fh66
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Previous message: DA Smith: "NetIntercept 1.0"
- Maybe in reply to: Jason binger: "cracking cisco passwords"
- Next in thread: Jim Duncan: "Re: cracking cisco passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
