RE: Cisco Catalyst 4006 CatOS Password Hash

["Paul Bakker" <bakker () fox-it com>]

Hi Miles..

Shouldn't the length of the hash be longer in case of this?
MD5 hashes are 16 bytes and SHA-1 hashes are 20 bytes...

These hashes only have 16 bytes after the last $ sign...

Paul
> -----Oorspronkelijk bericht-----
> Van: Miles Stevenson [mailto:miles () mstevenson org]
> Verzonden: woensdag 10 december 2003 18:23
> Aan: Paul Bakker
> CC: pen-test () securityfocus com
> Onderwerp: Re: Cisco Catalyst 4006 CatOS Password Hash
>
>
> Hi Paul.
>
> I believe $2$ is indicative of an SHA-1 hash, as opposed to MD5.
>
> -Miles
>
> On Wed, 2003-12-10 at 06:32, Paul Bakker wrote:
> > During a pentest/audit I received from the client the 
> configurations for their Cisco Catalyst 4006 and their other 
> Cisco IOS switches.
> > The passwords in the Cisco IOS configuration file are in in 
> the known usual format of the FreeBSD MD5 hash...
> > Like $1$xxxx$xxxxxxxxxxxxxxxxxxx
> >
> > These are easily crackable/recognized by both John the 
> Ripper and Cain&Abel.
> > The passwords on the Catalyst are in the same format (for 
> the eye), but instead of starting with $1$ they start with 
> $2$..... Both John and Cain do not recognize these hashes.
> > Can anybody shed some light on the hash function used to 
> create these and any tools that can be used to eudit the 
> password strenght of these passwords (Or how John or Cain can 
> be sed for this...)
> > --
> > Paul Bakker
> --------------------------------------------------------------
> -------------
> >
> --------------------------------------------------------------
> --------------
> -- 
> Miles Stevenson
> miles () mstevenson org

---------------------------------------------------------------------------
----------------------------------------------------------------------------