Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: [seg-l] Passwords en Cisco (fwd)
From: mudge () L0PHT COM (We got Food - Fuel - Ice-cold Beer - and X.509 certificates)
Date: Mon, 3 Nov 1997 11:28:30 -0500


The Shell script that was posted was originally written by Hobbit
(hobbit () avian org) and is available from ftp://avian.org.

The C code I believe originally came from SPHiXe and has been floating
around for some time.

Yes, they both should work on 11.x.

For those who want to save the time here's what cisco is doing (just so
you can do a lot of it in your head):

Assume the following :

Password 7 08204E

The encrypted string is 08204E. It must be an even length of digits and
the first two digits are used as a base 10 index into the XOR string. The
length of the plaintext password is strlen(enc_pw) -2 / 2. In this case 2
chars.

08 is the index into the xor string.

2 is multiplied by 16 (or left shifted 4 times) then the next digit (0) is
added to it. [ == 32]

32 XOR xorstring[08] = 'a'

Move to the next two digits and repeat -
  4 * 16 = 64
  64 + 14 (E) = 78
  increment the index into the xor string
  78 XOR xorstring[08] = 'b'

In a couple of days you should be able to download a PalmPilot version of
this and a FORTH interpretation with instructions to put it into your
OpenBoot prom on SPARCs from the l0pht (www.l0pht.com).

Just figured I'd point out where those two pieces of code came from since
attribution was lacking in the previous posts.

.mudge



  By Date           By Thread  

Current thread:
  • Re: [seg-l] Passwords en Cisco (fwd) Arjan Vos (Nov 01)
    • <Possible follow-ups>
    • Re: [seg-l] Passwords en Cisco (fwd) We got Food - Fuel - Ice-cold Beer - and X.509 certificates (Nov 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]