Re: cracking cisco passwords

[Jim Duncan <jnduncan () cisco com>]

Jason Binger writes:
> I am currently performing a penetration test and
> managed to pull down the config using a HTTP
> vulnerability in the cisco interface.
>
> How do I crack the following password gained from the
> following line of the config?
>
> enable secret 5 $1$6Je2$MurE4FTzoZjQShRW4Ui9H0 
>
> (the password has been changed)

Jason, Cisco IOS encrypts "mode 5" passwords using MD5, so in theory, 
they are not crackable.  However, they _are_ subject to a dictionary 
attack, so the usual cautions apply, e.g., try to limit the disclosure 
of the encrypted text.

Mode 7 passwords are encrypted using a modified Vignere cipher, and are 
_not_ considered strong; they are merely adequate for preventing casual 
discovery of the plaintext.  Several tools for decrypting mode 7 
passwords are available on The Net, including mudge's, which I use on 
my Palm Vx. :-)

See http://www.cisco.com/warp/public/707/21.html#password for very basic
info on password encryption in Cisco IOS.

        Jim



==
Jim Duncan, Product Security Incident Manager, Cisco Systems, Inc.
<http://www.cisco.com/warp/public/707/sec_incident_response.shtml>
E-mail: <jnduncan () cisco com>  Phone(Direct/FAX): +1 919 392 6209



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/