Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Cisco Catalyst 4006 CatOS Password Hash
From: "Paul Bakker" <bakker () fox-it com>
Date: Thu, 11 Dec 2003 09:32:19 +0100

Hi Miles..

Shouldn't the length of the hash be longer in case of this?
MD5 hashes are 16 bytes and SHA-1 hashes are 20 bytes...

These hashes only have 16 bytes after the last $ sign...

-----Oorspronkelijk bericht-----
Van: Miles Stevenson [mailto:miles () mstevenson org]
Verzonden: woensdag 10 december 2003 18:23
Aan: Paul Bakker
CC: pen-test () securityfocus com
Onderwerp: Re: Cisco Catalyst 4006 CatOS Password Hash

Hi Paul.

I believe $2$ is indicative of an SHA-1 hash, as opposed to MD5.


On Wed, 2003-12-10 at 06:32, Paul Bakker wrote:
During a pentest/audit I received from the client the 
configurations for their Cisco Catalyst 4006 and their other 
Cisco IOS switches.

The passwords in the Cisco IOS configuration file are in in 
the known usual format of the FreeBSD MD5 hash...
Like $1$xxxx$xxxxxxxxxxxxxxxxxxx

These are easily crackable/recognized by both John the 
Ripper and Cain&Abel.

The passwords on the Catalyst are in the same format (for 
the eye), but instead of starting with $1$ they start with 
$2$..... Both John and Cain do not recognize these hashes.

Can anybody shed some light on the hash function used to 
create these and any tools that can be used to eudit the 
password strenght of these passwords (Or how John or Cain can 
be sed for this...)

Paul Bakker


Miles Stevenson
miles () mstevenson org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]