Home page logo

pen-test logo Penetration Testing mailing list archives

Re: cracking cisco passwords
From: Jim Duncan <jnduncan () cisco com>
Date: Mon, 15 Oct 2001 15:10:23 -0400

Jason Binger writes:
I am currently performing a penetration test and
managed to pull down the config using a HTTP
vulnerability in the cisco interface.

How do I crack the following password gained from the
following line of the config?

enable secret 5 $1$6Je2$MurE4FTzoZjQShRW4Ui9H0 

(the password has been changed)

Jason, Cisco IOS encrypts "mode 5" passwords using MD5, so in theory, 
they are not crackable.  However, they _are_ subject to a dictionary 
attack, so the usual cautions apply, e.g., try to limit the disclosure 
of the encrypted text.

Mode 7 passwords are encrypted using a modified Vignere cipher, and are 
_not_ considered strong; they are merely adequate for preventing casual 
discovery of the plaintext.  Several tools for decrypting mode 7 
passwords are available on The Net, including mudge's, which I use on 
my Palm Vx. :-)

See http://www.cisco.com/warp/public/707/21.html#password for very basic
info on password encryption in Cisco IOS.


Jim Duncan, Product Security Incident Manager, Cisco Systems, Inc.
E-mail: <jnduncan () cisco com>  Phone(Direct/FAX): +1 919 392 6209

This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]