RE: cracking cisco passwords

From: woody weaver (woody@callisma.com)
Date: 10/16/01 

From: "woody weaver" <woody@callisma.com>
To: "'Joshua Wright'" <Joshua.Wright@jwu.edu>, "'Jason binger'" <cisspstudy@yahoo.com>, <pen-test@securityfocus.com>
Subject: RE: cracking cisco passwords
Date: Mon, 15 Oct 2001 21:27:50 -0700
Message-ID: <C0882219C0B96D4ABB1106EF7DCA797556FF7F@serv001.all.callisma.com>

On Monday, October 15, 2001 8:31 AM, Joshua Wright
[mailto:Joshua.Wright@jwu.edu] wrote:

> Brute force with a dictionary attack would be your best option. The
> type 5 password is based on the MD5 hash algorithm. You could create
> a perl program with a CPAN module to calculate the hashes.

One could. However, I think "John the Ripper" is a better approach.

Its available at the usual places, and provides an effective brute force
engine. Because the Cisco approach is based upon the BSD code, you can use
the BSD password format -- feed john a file like

jason:$1$6Je2$MurE4FTzoZjQShRW4Ui9H0::::::::

But realize this is a hard task. I get around 1400 crypts per second on
this laptop -- so a conventional dictionary falls pretty quickly. But if
the site has a sound password creation policy, you are not going to succeed
with a brute force approach without some serious parallelization.

--woody

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re: Creating a Password
    ... >> delay between attempts, or disallowing remote access to the network, etc., ... > access to the password file, hence my statement that a brute force attack ... dictionary attack if working remotely. ...
    (alt.computer.security)
  • Re: Creating a Password
    ... >> delay between attempts, or disallowing remote access to the network, etc., ... > access to the password file, hence my statement that a brute force attack ... dictionary attack if working remotely. ...
    (microsoft.public.security)
  • Re: BIG MAMA !!
    ... Well, in general usage, a dictionary attack and a brute force attack are ... instead of concentrating just on the dictionary subset of the symbol space. ... Subject: BIG MAMA!! ...
    (Security-Basics)
  • Brute force .htpasswd
    ... I am looking for a program to brute force .htpasswd ... using MD5 encryption using by Apache on W32 platform. ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: Brute force web/ftp/telnet tool
    ... Subject: Brute force web/ftp/telnet tool ... > Can anyone recommend a brute force password tool for use with a web ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)