Penetration Testing: Re: Cisco Secret 5 algorithm?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: Cisco Secret 5 algorithm?

From: "MeNSaKeZ" <mensakez.alertas () gmail com>
Date: Sun, 6 Nov 2005 11:27:53 +0100

I think this is MD5 im use CAIN for decripte it

----- Original Message -----From: "Jeroen" <jeroen () isvet nl>

To: <pen-test () securityfocus com>
Sent: Friday, November 04, 2005 10:49 PM
Subject: Cisco Secret 5 algorithm?

Unknown User wrote:

I have recovered some cisco passwords that are encrypted using the
secret 5 format. They look like this

$1$Wgqc$sbb8R/2rtOhc7t86J5axj.

The question is can i simply plug this into a standard unix type
shadow file format and use john to crack. I've tried this but I'm not
convinced that John is actually working. Its also incrediblly slow.
Any other tools available to crack these types of passwords.



I know tomas and Cain. But actually I'm looking for the algorithm used. As
far as I know right now it's a BASE64 of a MD5 with a salt in it. And the
last part is unknown to me... Can anyone help me out with some

hints/links/source? Cause this might me an interesting project forhardware

integration (= FAST!).


Greets,

Jeroen



------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,

login pages, dynamic content etc. Firewalls, SSL and locked-down serversarefutile against web application hacking. Check your website forvulnerabilitiesto SQL injection, Cross site scripting and other web attacks beforehackers do!

Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



------------------------------------------------------------------------------

Audit your website security with Acunetix Web Vulnerability Scanner:Hackers are concentrating their efforts on attacking applications on yourwebsite. Up to 75% of cyber attacks are launched on shopping carts, forms,login pages, dynamic content etc. Firewalls, SSL and locked-down servers arefutile against web application hacking. Check your website for vulnerabilitiesto SQL injection, Cross site scripting and other web attacks before hackers do!Download Trial at:


http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

By Date By Thread

Current thread:

Cisco Secret 5 and John Password Cracker Unknown User (Nov 04)
- Re: Cisco Secret 5 and John Password Cracker Francisco Pecorella (Nov 04)
  - Cisco Secret 5 algorithm? Jeroen (Nov 05)
    - Re: Cisco Secret 5 algorithm? MeNSaKeZ (Nov 06)
- Re: Cisco Secret 5 and John Password Cracker Jason Thompson (Nov 05)
- <Possible follow-ups>
- RE: Cisco Secret 5 and John Password Cracker Pachulski, Keith (Nov 04)
- RE: Cisco Secret 5 and John Password Cracker Travis Barlow (Nov 04)
  - RE: Cisco Secret 5 and John Password Cracker Christine Kronberg (Nov 07)
- RE: Cisco Secret 5 and John Password Cracker Todd Towles (Nov 05)