Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Cisco Catalyst 4006 CatOS Password Hash
From: miguel.dilaj () pharma novartis com
Date: Wed, 10 Dec 2003 17:16:50 +0000

Hi Paul,

As far as I remember, those $2 should correspond to BlowFish.
Anyway, it's the first time I see that on Cisco devices, but that's not my 
specific field of expertise.
John can crack BlowFish (again: AFAIR), so if they're not recognized 
perhaps something is different.
Can you post an example hash? (One for which you know the password).


"Paul Bakker" <bakker () fox-it com>
10/12/2003 11:32

        To:     <pen-test () securityfocus com>
        Subject:        Cisco Catalyst 4006 CatOS Password Hash

During a pentest/audit I received from the client the configurations for 
their Cisco Catalyst 4006 and their other Cisco IOS switches.

The passwords in the Cisco IOS configuration file are in in the known 
usual format of the FreeBSD MD5 hash...
Like $1$xxxx$xxxxxxxxxxxxxxxxxxx

These are easily crackable/recognized by both John the Ripper and 

The passwords on the Catalyst are in the same format (for the eye), but 
instead of starting with $1$ they start with $2$..... Both John and Cain 
do not recognize these hashes.

Can anybody shed some light on the hash function used to create these and 
any tools that can be used to eudit the password strenght of these 
passwords (Or how John or Cain can be sed for this...)

Paul Bakker


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]