Home page logo

bugtraq logo Bugtraq mailing list archives

Re: cisco passwords
From: zsako () BANKNET NET (Janos Zsako)
Date: Tue, 11 Nov 1997 12:27:07 +0100

  From owner-bugtraq () netspace org Sun Nov  2 02:09:47 1997
  From: Jared Mauch <jared () puck nether net>

          I've done a few code cleanups on the decryption stuff and put
  it up for ftp with these fixes.. i have a few more to make
  so it'll just grab it from bgp sessions, ospf keys, etc..

          Get it from ftp://puck.nether.net/pub/jared/decrypt.c

It does not work reliably for passwords longer than eight characters.
The problem is that Cisco passwords can be 11 character long, and if the
initial seed is larger than 10, the translation table is too short.
The full translation table is as follows:

char xlat[] = {
        0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f,
        0x41, 0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72,
        0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44, 0x48, 0x53 , 0x55, 0x42

This copes also with the case when the passwords that are 11 character long and
the seed is 15.

Janos Zsako

PS. The passwords longer than 11 characters are allowed, however they are
truncated to the first 11 characters (just as they are to 8 in most Unix

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]