Penetration Testing mailing list archives

RE: cracking cisco passwords

From: "woody weaver" <woody () callisma com>
Date: Mon, 15 Oct 2001 21:27:50 -0700

On Monday, October 15, 2001 8:31 AM, Joshua Wright
[mailto:Joshua.Wright () jwu edu] wrote:

Brute force with a dictionary attack would be your best option.  The
type 5 password is based on the MD5 hash algorithm.  You could create
a perl program with a CPAN module to calculate the hashes.


One could.  However, I think "John the Ripper" is a better approach.

Its available at the usual places, and provides an effective brute force
engine.  Because the Cisco approach is based upon the BSD code, you can use
the BSD password format -- feed john a file like

jason:$1$6Je2$MurE4FTzoZjQShRW4Ui9H0::::::::

But realize this is a hard task.  I get around 1400 crypts per second on
this laptop -- so a conventional dictionary falls pretty quickly.  But if
the site has a sound password creation policy, you are not going to succeed
with a brute force approach without some serious parallelization.

--woody


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

cracking cisco passwords Jason binger (Oct 15)
- Re: cracking cisco passwords Volker Tanger (Oct 15)
- Re: cracking cisco passwords Jason Witty, CISSP (Oct 15)
- Re: cracking cisco passwords Damiano Scrigni (Oct 15)
  - Re: cracking cisco passwords Jim Duncan (Oct 15)
- Re: cracking cisco passwords Jim Duncan (Oct 15)
- <Possible follow-ups>
- RE: cracking cisco passwords Joshua Wright (Oct 15)
- RE: cracking cisco passwords woody weaver (Oct 16)