AW: Penetrating a Cisco Catalyst with CatOS [resolved]

[Marc.Werner () t-systems com]

Thank you very much, it works!!!

Rgds Marc

-----Ursprüngliche Nachricht-----
Von: Luis Cerdas [mailto:luis.cerdas () rawten net] 
Gesendet: Mittwoch, 20. Juli 2005 21:53
An: Werner, Marc
Cc: pen-test () securityfocus com
Betreff: Re: Penetrating a Cisco Catalyst with CatOS

Marc, checking over the list, it seems that this was discussed on 
December 2003;  indeed it usually means blowfish encryption and 
according to Frisbie (http://www.securityfocus.com/archive/101/347334), 
you can change the $2$ to $1$ and attack it with John the ripper.  I 
haven't tried it myself, but it might work.

Regards,
Luis Cerdas

Partner & Director
Rawten Latinoamerica, S.A.
Mobile: +506 371 7000
Office: +506 224 0432
US Voicemail: +1 (866) 303 1154

On Jul 20, 2005, at 6:22 AM, Marc.Werner () t-systems com wrote:

> Hi list,
>
> in my actual pen-test-project I was able to get a cisco-config by 
> SNMP. The passwords are encrypted. Does anyone know the algorithm? The 
> password hash starts with $2$, an "normal" IOShash starts with $1$. Is 
> it probably blowfish?
> Thanks for your help in advance!!!
>
>
> Mit freundlichen Grüßen / Kind regards
>
> Marc Werner
> T-Systems International GmbH
> Research & Development Engineer
> Technology Center 
> Engineering Networks, Products & Services
> Multi Access Solutions & AAA Technologies
> Sendefunkstelle Haus 5, 25335 Elmshorn
> Tel           +49 4121 29198819
> PC Fax  +49 1805 3344902042
> Fax           +49 4121 29198899
> Mobil +49 170   5637815
> E-Mail: marc.werner () t-systems com
> Internet: http://www.t-systems.com