Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Cisco Catalyst 4006 CatOS Password Hash
From: "Paul Bakker" <bakker () fox-it com>
Date: Thu, 11 Dec 2003 09:36:27 +0100


What does it matter?  You going to DOS their network?  If 
not, then the
value of that switch is gone -- you got the configs, you've 
learned more
about how they are put together.  Now what are you going to 
do with it?

No I'm not gonna DoS their network...
I want to determine the strength of the password used on their main switch as the client has requested.

I don't want to go in a discussion on what should be done and what not......
That's for the client to decide...

Clients NEED to know what to do with this.  If they have employed a
reasonably secure password, then the issue is DONE.  

The issue is: I need to determine if it is a raesonable password without them giving me the password...
How can I determine this if I cannot throw a password cracking tool against it?

Paul Bakker


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]