Penetration Testing mailing list archives
RE: Cisco Secret 5 and John Password Cracker
From: Juan Carlos Reyes Muñoz <jcreyes () etb net co>
Date: Sun, 6 Nov 2005 11:15:11 -0500
Hello, You can see http://corky.net/2600/cisco-decrypt-password.shtml too. I am not sure if John the Ripper can crack a Cisco 5 Password, but you can launch a brute force or dictionary attack against it. Juan Carlos Reyes Muñoz GIAC Certified Forensic Analyst - SANS Institute ____________________________________ Consultor en Seguridad Informática Móvil: (57 311) 513 92 80 Bogotá - Colombia - South America Miami Mailbox 1900 N.W. 97th Avenue Suite No. 722-1971 Miami, FL 33172 ____________________________________ Las opiniones expresadas en esta comunicación son enteramente personales. De igual manera, esta comunicación y todos sus datos adjuntos pueden ser confidenciales y exclusivamente para el destinatario. Si por algún motivo recibe esta comunicación y usted NO es el destinatario, hágamelo saber respondiendo a este correo y por favor destruya cualquier copia del mismo y de los datos adjuntos. Por favor tambien trate de olvidar cualquier cosa que haya leido en esta comunicación, excepto en esta parte. Está prohibido cualquier uso inadecuado de esta información, así como la generación de copias de este mensaje. Gracias. The contents and thoughts included in this e-mail are completely personal. This e-mail message and any attachments may be confidential and privileged. If you are not the intended recipient, please notify me immediately by replying to this message and please destroy all copies of this message and attachments.Please also try to forget everything you have read that was contained in this E-Mail message, except this part. Misuse, copying and redistribution of this e-mail are forbidden. Thank you. -----Mensaje original----- De: Pachulski, Keith [mailto:keithp () corp ptd net] Enviado el: Viernes, 04 de Noviembre de 2005 01:26 p.m. Para: Todd Towles; Unknown User; pen-test () securityfocus com Asunto: RE: Cisco Secret 5 and John Password Cracker Tomas deals with only the secret, hance the name "too many secrets"... original> -----Original Message----- original> From: Todd Towles [mailto:toddtowles () brookshires com] original> Sent: Friday, November 04, 2005 10:32 AM original> To: Pachulski, Keith; Unknown User; pen-test () securityfocus com original> Subject: RE: Cisco Secret 5 and John Password Cracker original> original> original> Even the secret 5 ones? All of the Normal Cisco original> Crackers that I have original> seen only do the Type 7 level password. original> original> GetPass & Cain and Abel both do Type 7 level cracking as well. original> original> original> > -----Original Message----- original> > From: Pachulski, Keith [mailto:keithp () corp ptd net] original> > Sent: Friday, November 04, 2005 8:02 AM original> > To: Unknown User; pen-test () securityfocus com original> > Subject: RE: Cisco Secret 5 and John Password Cracker original> > original> > Look for a program called tomas.exe aka Too Many Secrets - original> > this one does work for the cisco passwords. original> > original> > original> -----Original Message----- original> > original> From: Unknown User [mailto:9nkn0wn () gmail com] original> > original> Sent: Thursday, November 03, 2005 9:27 AM original> > original> To: pen-test () securityfocus com original> > original> Subject: Cisco Secret 5 and John Password Cracker original> > original> original> > original> original> > original> Hi original> > original> original> > original> I have recovered some cisco passwords original> that are encrypted original> > original> using the secret 5 format. They look like this original> > original> original> > original> $1$Wgqc$sbb8R/2rtOhc7t86J5axj. original> > original> original> > original> The question is can i simply plug this into a original> > standard unix original> > original> type shadow file format and use john to original> crack. I've original> > tried this original> > original> but I'm not convinced that John is actually original> > working. Its also original> > original> incrediblly slow. original> > original> Any other tools available to crack these original> types of passwords. original> > original> original> > original> Thanks original> > original> original> > original> ---------------------------------------------------------------------------- -- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Cisco Secret 5 and John Password Cracker Unknown User (Nov 04)
- Re: Cisco Secret 5 and John Password Cracker Francisco Pecorella (Nov 04)
- Cisco Secret 5 algorithm? Jeroen (Nov 05)
- Re: Cisco Secret 5 algorithm? MeNSaKeZ (Nov 06)
- Cisco Secret 5 algorithm? Jeroen (Nov 05)
- Re: Cisco Secret 5 and John Password Cracker Jason Thompson (Nov 05)
- <Possible follow-ups>
- RE: Cisco Secret 5 and John Password Cracker Pachulski, Keith (Nov 04)
- RE: Cisco Secret 5 and John Password Cracker Travis Barlow (Nov 04)
- RE: Cisco Secret 5 and John Password Cracker Christine Kronberg (Nov 07)
- RE: Cisco Secret 5 and John Password Cracker Todd Towles (Nov 05)
- RE: Cisco Secret 5 and John Password Cracker Pachulski, Keith (Nov 05)
- RE: Cisco Secret 5 and John Password Cracker Juan Carlos Reyes Muñoz (Nov 06)
- RE: Cisco Secret 5 and John Password Cracker Juan Carlos Reyes Muñoz (Nov 06)
- Re: Cisco Secret 5 and John Password Cracker Francisco Pecorella (Nov 04)