Penetration Testing mailing list archives
Re: Cisco Secret 5 algorithm?
From: "MeNSaKeZ" <mensakez.alertas () gmail com>
Date: Sun, 6 Nov 2005 11:27:53 +0100
I think this is MD5 im use CAIN for decripte it----- Original Message ----- From: "Jeroen" <jeroen () isvet nl>
To: <pen-test () securityfocus com> Sent: Friday, November 04, 2005 10:49 PM Subject: Cisco Secret 5 algorithm?
Unknown User wrote:I have recovered some cisco passwords that are encrypted using the secret 5 format. They look like this $1$Wgqc$sbb8R/2rtOhc7t86J5axj. The question is can i simply plug this into a standard unix type shadow file format and use john to crack. I've tried this but I'm not convinced that John is actually working. Its also incrediblly slow. Any other tools available to crack these types of passwords.I know tomas and Cain. But actually I'm looking for the algorithm used. As far as I know right now it's a BASE64 of a MD5 with a salt in it. And the last part is unknown to me... Can anyone help me out with somehints/links/source? Cause this might me an interesting project for hardwareintegration (= FAST!). Greets, Jeroen ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms,login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do!Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Cisco Secret 5 and John Password Cracker Unknown User (Nov 04)
- Re: Cisco Secret 5 and John Password Cracker Francisco Pecorella (Nov 04)
- Cisco Secret 5 algorithm? Jeroen (Nov 05)
- Re: Cisco Secret 5 algorithm? MeNSaKeZ (Nov 06)
- Cisco Secret 5 algorithm? Jeroen (Nov 05)
- Re: Cisco Secret 5 and John Password Cracker Jason Thompson (Nov 05)
- <Possible follow-ups>
- RE: Cisco Secret 5 and John Password Cracker Pachulski, Keith (Nov 04)
- RE: Cisco Secret 5 and John Password Cracker Travis Barlow (Nov 04)
- RE: Cisco Secret 5 and John Password Cracker Christine Kronberg (Nov 07)
- RE: Cisco Secret 5 and John Password Cracker Todd Towles (Nov 05)
- RE: Cisco Secret 5 and John Password Cracker Pachulski, Keith (Nov 05)
- RE: Cisco Secret 5 and John Password Cracker Juan Carlos Reyes Muñoz (Nov 06)
- RE: Cisco Secret 5 and John Password Cracker Juan Carlos Reyes Muñoz (Nov 06)
- Re: Cisco Secret 5 and John Password Cracker Francisco Pecorella (Nov 04)