Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: New Articles @ SecurityFocus
From: "Nexus" <nexus () patrol i-way co uk>
Date: Mon, 1 Dec 2003 20:03:35 -0000

----- Original Message ----- 
From: "Alfred Huger" <ah () securityfocus com>
To: <pen-test () securityfocus com>
Sent: Monday, December 01, 2003 6:35 PM
Subject: New Articles @ SecurityFocus



1. Exploiting Cisco Routers: Part 2
By Mark Wolfgang  Dec 01, 2003

This is the second of a two-part series that focuses on identifying and
then exploiting vulnerabilities and poor configurations in Cisco routers.
This article will look at what we can do once we've gotten in.

http://www.securityfocus.com/infocus/1749

Hi folks,
    For completeness (since this is the pen-test list ;-), from the above
article :
"In much the same way as John the Ripper plows through an /etc/shadow file,
the very popular tool Cain and Abel is capable of conducting both
brute-force and dictionary attacks on Cisco MD5 hashes. "

John the Ripper can also handle Cisco MD5 hashes just as easily, by virtue
of Cisco appearing to rip the *BDS Crypt() function verbatim and works on
both *NIX and Win32 systems - using Mark's example and creating a fake
/etc/shadow entry:

C:\John>cat cisco
enable:$1$sz0o$PYahL33gyTuHm9a8/UfmC1:::::

C:\John>john.exe cisco
Loaded 1 password (FreeBSD MD5 [32/32])
enable           (enable)
guesses: 1  time: 0:00:00:00 100% (1)  c/s: 33.33  trying: enable

Another option available to you anyway.

Cheers.



---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault