Bugtraq mailing list archives
Re: cisco passwords
From: zsako () BANKNET NET (Janos Zsako)
Date: Tue, 11 Nov 1997 12:27:07 +0100
From owner-bugtraq () netspace org Sun Nov 2 02:09:47 1997 From: Jared Mauch <jared () puck nether net>
I've done a few code cleanups on the decryption stuff and put it up for ftp with these fixes.. i have a few more to make so it'll just grab it from bgp sessions, ospf keys, etc.. Get it from ftp://puck.nether.net/pub/jared/decrypt.c
It does not work reliably for passwords longer than eight characters. The problem is that Cisco passwords can be 11 character long, and if the initial seed is larger than 10, the translation table is too short. The full translation table is as follows: char xlat[] = { 0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41, 0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44, 0x48, 0x53 , 0x55, 0x42 }; This copes also with the case when the passwords that are 11 character long and the seed is 15. Janos Zsako PS. The passwords longer than 11 characters are allowed, however they are truncated to the first 11 characters (just as they are to 8 in most Unix implementations).
Current thread:
- cisco passwords Jared Mauch (Nov 01)
- Re: cisco passwords Jared Mauch (Nov 02)
- Major security-hole in kerberos rsh, rcp and rlogin. Artur Grabowski (Nov 02)
- <Possible follow-ups>
- Re: cisco passwords Janos Zsako (Nov 11)