Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Cisco Catalyst 4006 CatOS Password Hash
From: Anders Thulin <Anders.Thulin () kiconsulting se>
Date: Fri, 12 Dec 2003 08:30:07 +0100

Paul Bakker wrote:

The issue is: I need to determine if it is a raesonable password without them giving me the password...
How can I determine this if I cannot throw a password cracking tool against it?

  Brute force login attempts come to mind.

  Even with a password cracker, you can't say for sure: $2$ is used to
indicate blowfish on some platforms. But unless you know this particular
platform follows that convention, you won't be able to interpret a failure
to crack the password.

  Some preliminary tests to verify the Blowfish hypothesis seem called for.

Anders Thulin   anders.thulin () kiconsulting se   040-661 50 63        
Ki Consulting AB, Box 85, SE-201 20 Malmö, Sweden


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]