Penetration Testing mailing list archives
Re: [PEN-TEST] Router Password Recovery
From: Randy Williams <randyw () SHORE NET>
Date: Tue, 30 Jan 2001 15:40:27 -0500
On Tue, 30 Jan 2001, Justin Shaffer wrote:
There is a program called getpass that can decrypt the router password. However this requires that you can get into enable mode to retrieve the encrypted password.
Be careful about what's called "encrypted" here. Cisco's normal encryption (referred to as "Cisco 7", for it's ridiculous 7-bit hash) is easily cracked. Using an MD5-based hash (referred to as "enable secret" passwords), the encryption is uncrackable. As mentioned before, you'll have to reset the password. A nice explanation of the two formats: http://www.insecure.org/sploits/cisco.passwords.html RW
Current thread:
- [PEN-TEST] Router Password Recovery Smith, Lonnie (Jan 30)
- Re: [PEN-TEST] Router Password Recovery Bill Pennington (Jan 30)
- Re: [PEN-TEST] Router Password Recovery UID Zero (Jan 30)
- Re: [PEN-TEST] Router Password Recovery Frank Keeney (Jan 30)
- Re: [PEN-TEST] Router Password Recovery Greg (Jan 31)
- Re: [PEN-TEST] Router Password Recovery Frank Keeney (Jan 30)
- <Possible follow-ups>
- Re: [PEN-TEST] Router Password Recovery Justin Shaffer (Jan 30)
- Re: [PEN-TEST] Router Password Recovery Randy Williams (Jan 30)
- Re: [PEN-TEST] Router Password Recovery Robert van der Meulen (Jan 30)
- Re: [PEN-TEST] Router Password Recovery Randy Williams (Jan 31)
- Re: [PEN-TEST] Router Password Recovery Randy Williams (Jan 30)
- Re: [PEN-TEST] Router Password Recovery Leif Sawyer (Jan 30)