Penetration Testing mailing list archives

Re: Cisco Catalyst 4006 CatOS Password Hash

From: Anders Thulin <Anders.Thulin () kiconsulting se>
Date: Fri, 12 Dec 2003 08:30:07 +0100

Paul Bakker wrote:

The issue is: I need to determine if it is a raesonable password without them giving me the password...
How can I determine this if I cannot throw a password cracking tool against it?


  Brute force login attempts come to mind.

  Even with a password cracker, you can't say for sure: $2$ is used to
indicate blowfish on some platforms. But unless you know this particular
platform follows that convention, you won't be able to interpret a failure
to crack the password.

  Some preliminary tests to verify the Blowfish hypothesis seem called for.

--
Anders Thulin   anders.thulin () kiconsulting se   040-661 50 63        
Ki Consulting AB, Box 85, SE-201 20 Malmö, Sweden


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Cisco Catalyst 4006 CatOS Password Hash Paul Bakker (Dec 10)
- Re: Cisco Catalyst 4006 CatOS Password Hash Miles Stevenson (Dec 10)
- RE: Cisco Catalyst 4006 CatOS Password Hash Joey Peloquin (Dec 10)
- Re: Cisco Catalyst 4006 CatOS Password Hash Frisbie (Dec 12)
- <Possible follow-ups>
- Re: Cisco Catalyst 4006 CatOS Password Hash miguel . dilaj (Dec 10)
- RE: Cisco Catalyst 4006 CatOS Password Hash Paul Bakker (Dec 11)
  - Re: Cisco Catalyst 4006 CatOS Password Hash Anders Thulin (Dec 12)
- RE: Cisco Catalyst 4006 CatOS Password Hash Paul Bakker (Dec 11)
- RE: Cisco Catalyst 4006 CatOS Password Hash Paul Bakker (Dec 11)