Penetration Testing mailing list archives
RE: Cisco Catalyst 4006 CatOS Password Hash
From: "Paul Bakker" <bakker () fox-it com>
Date: Thu, 11 Dec 2003 09:36:27 +0100
Brennan,
What does it matter? You going to DOS their network? If not, then the value of that switch is gone -- you got the configs, you've learned more about how they are put together. Now what are you going to do with it?
No I'm not gonna DoS their network... I want to determine the strength of the password used on their main switch as the client has requested. I don't want to go in a discussion on what should be done and what not...... That's for the client to decide...
Clients NEED to know what to do with this. If they have employed a reasonably secure password, then the issue is DONE.
The issue is: I need to determine if it is a raesonable password without them giving me the password... How can I determine this if I cannot throw a password cracking tool against it? Paul Bakker --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Cisco Catalyst 4006 CatOS Password Hash Paul Bakker (Dec 10)
- Re: Cisco Catalyst 4006 CatOS Password Hash Miles Stevenson (Dec 10)
- RE: Cisco Catalyst 4006 CatOS Password Hash Joey Peloquin (Dec 10)
- Re: Cisco Catalyst 4006 CatOS Password Hash Frisbie (Dec 12)
- <Possible follow-ups>
- Re: Cisco Catalyst 4006 CatOS Password Hash miguel . dilaj (Dec 10)
- RE: Cisco Catalyst 4006 CatOS Password Hash Paul Bakker (Dec 11)
- Re: Cisco Catalyst 4006 CatOS Password Hash Anders Thulin (Dec 12)
- RE: Cisco Catalyst 4006 CatOS Password Hash Paul Bakker (Dec 11)
- RE: Cisco Catalyst 4006 CatOS Password Hash Paul Bakker (Dec 11)