From: Paul Bakker (bakker@fox-it.com)
Date: Thu Dec 11 2003 - 03:32:19 EST
Hi Miles..
Shouldn't the length of the hash be longer in case of this?
MD5 hashes are 16 bytes and SHA-1 hashes are 20 bytes...
These hashes only have 16 bytes after the last $ sign...
Paul
> -----Oorspronkelijk bericht-----
> Van: Miles Stevenson [mailto:miles@mstevenson.org]
> Verzonden: woensdag 10 december 2003 18:23
> Aan: Paul Bakker
> CC: pen-test@securityfocus.com
> Onderwerp: Re: Cisco Catalyst 4006 CatOS Password Hash
>
>
> Hi Paul.
>
> I believe $2$ is indicative of an SHA-1 hash, as opposed to MD5.
>
> -Miles
>
> On Wed, 2003-12-10 at 06:32, Paul Bakker wrote:
> > During a pentest/audit I received from the client the
> configurations for their Cisco Catalyst 4006 and their other
> Cisco IOS switches.
> >
> > The passwords in the Cisco IOS configuration file are in in
> the known usual format of the FreeBSD MD5 hash...
> > Like $1$xxxx$xxxxxxxxxxxxxxxxxxx
> >
> > These are easily crackable/recognized by both John the
> Ripper and Cain&Abel.
> >
> > The passwords on the Catalyst are in the same format (for
> the eye), but instead of starting with $1$ they start with
> $2$..... Both John and Cain do not recognize these hashes.
> >
> > Can anybody shed some light on the hash function used to
> create these and any tools that can be used to eudit the
> password strenght of these passwords (Or how John or Cain can
> be sed for this...)
> >
> > --
> > Paul Bakker
> >
> >
> --------------------------------------------------------------
> -------------
> >
> --------------------------------------------------------------
> --------------
> --
> Miles Stevenson
> miles@mstevenson.org
>
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:44 EDT