Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: cracking cisco passwords
From: Jim Duncan <jnduncan () cisco com>
Date: Mon, 15 Oct 2001 15:10:23 -0400

Jason Binger writes:
I am currently performing a penetration test and
managed to pull down the config using a HTTP
vulnerability in the cisco interface.

How do I crack the following password gained from the
following line of the config?

enable secret 5 $1$6Je2$MurE4FTzoZjQShRW4Ui9H0 

(the password has been changed)

Jason, Cisco IOS encrypts "mode 5" passwords using MD5, so in theory, 
they are not crackable.  However, they _are_ subject to a dictionary 
attack, so the usual cautions apply, e.g., try to limit the disclosure 
of the encrypted text.

Mode 7 passwords are encrypted using a modified Vignere cipher, and are 
_not_ considered strong; they are merely adequate for preventing casual 
discovery of the plaintext.  Several tools for decrypting mode 7 
passwords are available on The Net, including mudge's, which I use on 
my Palm Vx. :-)

See http://www.cisco.com/warp/public/707/21.html#password for very basic
info on password encryption in Cisco IOS.

        Jim



==
Jim Duncan, Product Security Incident Manager, Cisco Systems, Inc.
<http://www.cisco.com/warp/public/707/sec_incident_response.shtml>
E-mail: <jnduncan () cisco com>  Phone(Direct/FAX): +1 919 392 6209



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]