Penetration Testing mailing list archives

RE: Cisco Secret 5 and John Password Cracker

From: "Pachulski, Keith" <keithp () corp ptd net>
Date: Fri, 4 Nov 2005 13:26:11 -0500

Tomas deals with only the secret, hance the name "too many secrets"...

original> -----Original Message-----
original> From: Todd Towles [mailto:toddtowles () brookshires com]
original> Sent: Friday, November 04, 2005 10:32 AM
original> To: Pachulski, Keith; Unknown User; pen-test () securityfocus com
original> Subject: RE: Cisco Secret 5 and John Password Cracker
original> 
original> 
original> Even the secret 5 ones? All of the Normal Cisco 
original> Crackers that I have
original> seen only do the Type 7 level password. 
original> 
original> GetPass & Cain and Abel both do Type 7 level cracking as well.
original> 
original> 
original> > -----Original Message-----
original> > From: Pachulski, Keith [mailto:keithp () corp ptd net] 
original> > Sent: Friday, November 04, 2005 8:02 AM
original> > To: Unknown User; pen-test () securityfocus com
original> > Subject: RE: Cisco Secret 5 and John Password Cracker
original> > 
original> > Look for a program called tomas.exe aka Too Many Secrets - 
original> > this one does work for the cisco passwords.
original> > 
original> > original> -----Original Message-----
original> > original> From: Unknown User [mailto:9nkn0wn () gmail com]
original> > original> Sent: Thursday, November 03, 2005 9:27 AM
original> > original> To: pen-test () securityfocus com
original> > original> Subject: Cisco Secret 5 and John Password Cracker
original> > original> 
original> > original> 
original> > original> Hi
original> > original> 
original> > original>  I have recovered some cisco passwords 
original> that are encrypted 
original> > original> using the secret 5 format. They look like this
original> > original> 
original> > original>  $1$Wgqc$sbb8R/2rtOhc7t86J5axj.
original> > original> 
original> > original>  The question is can i simply plug this into a 
original> > standard unix 
original> > original> type shadow file format and use john to 
original> crack. I've 
original> > tried this 
original> > original> but I'm not convinced that John is actually 
original> > working. Its also 
original> > original> incrediblly slow.
original> > original> Any other tools available to crack these 
original> types of passwords.
original> > original> 
original> > original>  Thanks
original> > original> 
original> > 
original> 

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Cisco Secret 5 and John Password Cracker Unknown User (Nov 04)
- Re: Cisco Secret 5 and John Password Cracker Francisco Pecorella (Nov 04)
  - Cisco Secret 5 algorithm? Jeroen (Nov 05)
    - Re: Cisco Secret 5 algorithm? MeNSaKeZ (Nov 06)
- Re: Cisco Secret 5 and John Password Cracker Jason Thompson (Nov 05)
- <Possible follow-ups>
- RE: Cisco Secret 5 and John Password Cracker Pachulski, Keith (Nov 04)
- RE: Cisco Secret 5 and John Password Cracker Travis Barlow (Nov 04)
  - RE: Cisco Secret 5 and John Password Cracker Christine Kronberg (Nov 07)
- RE: Cisco Secret 5 and John Password Cracker Todd Towles (Nov 05)
- RE: Cisco Secret 5 and John Password Cracker Pachulski, Keith (Nov 05)
  - RE: Cisco Secret 5 and John Password Cracker Juan Carlos Reyes Muñoz (Nov 06)
  - RE: Cisco Secret 5 and John Password Cracker Juan Carlos Reyes Muñoz (Nov 06)