Penetration Testing mailing list archives
Re: Cisco Catalyst 4006 CatOS Password Hash
From: Anders Thulin <Anders.Thulin () kiconsulting se>
Date: Fri, 12 Dec 2003 08:30:07 +0100
Paul Bakker wrote:
The issue is: I need to determine if it is a raesonable password without them giving me the password... How can I determine this if I cannot throw a password cracking tool against it?
Brute force login attempts come to mind. Even with a password cracker, you can't say for sure: $2$ is used to indicate blowfish on some platforms. But unless you know this particular platform follows that convention, you won't be able to interpret a failure to crack the password. Some preliminary tests to verify the Blowfish hypothesis seem called for. -- Anders Thulin anders.thulin () kiconsulting se 040-661 50 63 Ki Consulting AB, Box 85, SE-201 20 Malmö, Sweden --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Cisco Catalyst 4006 CatOS Password Hash Paul Bakker (Dec 10)
- Re: Cisco Catalyst 4006 CatOS Password Hash Miles Stevenson (Dec 10)
- RE: Cisco Catalyst 4006 CatOS Password Hash Joey Peloquin (Dec 10)
- Re: Cisco Catalyst 4006 CatOS Password Hash Frisbie (Dec 12)
- <Possible follow-ups>
- Re: Cisco Catalyst 4006 CatOS Password Hash miguel . dilaj (Dec 10)
- RE: Cisco Catalyst 4006 CatOS Password Hash Paul Bakker (Dec 11)
- Re: Cisco Catalyst 4006 CatOS Password Hash Anders Thulin (Dec 12)
- RE: Cisco Catalyst 4006 CatOS Password Hash Paul Bakker (Dec 11)
- RE: Cisco Catalyst 4006 CatOS Password Hash Paul Bakker (Dec 11)