Penetration Testing mailing list archives

RE: Cisco Catalyst 4006 CatOS Password Hash

From: Joey Peloquin <jpelo1 () jcpenney com>
Date: Wed, 10 Dec 2003 12:04:14 -0600

Hey Paul,

According to the crypt(3) man page [1], $2$ is blowfish.  A cursory
search at google located BestCrypt [2], by Jetico, as a possible cracker
for it.

Hope it helps.

Joey Peloquin

[1] http://www.gsp.com/cgi-bin/man.cgi?section=3&topic=crypt
[2] http://www.password-crackers.com/crack3.html


-----Original Message-----
From: Paul Bakker [mailto:bakker () fox-it com] 
Sent: Wednesday, December 10, 2003 5:33 AM
To: pen-test () securityfocus com
Subject: Cisco Catalyst 4006 CatOS Password Hash


During a pentest/audit I received from the client the configurations for
their Cisco Catalyst 4006 and their other Cisco IOS switches.

The passwords in the Cisco IOS configuration file are in in the known
usual format of the FreeBSD MD5 hash... Like $1$xxxx$xxxxxxxxxxxxxxxxxxx

These are easily crackable/recognized by both John the Ripper and
Cain&Abel.

The passwords on the Catalyst are in the same format (for the eye), but
instead of starting with $1$ they start with $2$..... Both John and Cain
do not recognize these hashes.

Can anybody shed some light on the hash function used to create these
and any tools that can be used to eudit the password strenght of these
passwords (Or how John or Cain can be sed for this...)

--
Paul Bakker

------------------------------------------------------------------------
---
------------------------------------------------------------------------
----

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  If the reader of this message is not the intended recipient,
you are hereby notified that your access is unauthorized, and any review,
dissemination, distribution or copying of this message including any
attachments is strictly prohibited.   If you are not the intended
recipient, please contact the sender and delete the material from any
computer.

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Cisco Catalyst 4006 CatOS Password Hash Paul Bakker (Dec 10)
- Re: Cisco Catalyst 4006 CatOS Password Hash Miles Stevenson (Dec 10)
- RE: Cisco Catalyst 4006 CatOS Password Hash Joey Peloquin (Dec 10)
- Re: Cisco Catalyst 4006 CatOS Password Hash Frisbie (Dec 12)
- <Possible follow-ups>
- Re: Cisco Catalyst 4006 CatOS Password Hash miguel . dilaj (Dec 10)
- RE: Cisco Catalyst 4006 CatOS Password Hash Paul Bakker (Dec 11)
  - Re: Cisco Catalyst 4006 CatOS Password Hash Anders Thulin (Dec 12)
- RE: Cisco Catalyst 4006 CatOS Password Hash Paul Bakker (Dec 11)
- RE: Cisco Catalyst 4006 CatOS Password Hash Paul Bakker (Dec 11)