From: Travis Barlow (TBarlow@barringtongrp.ca)
Date: Fri Nov 04 2005 - 09:19:48 EST
Try Cain & Abel
http://www.oxid.it/cain.html
Cain & Abel is a password recovery tool for Microsoft Operating Systems.
It allows easy recovery of various kind of passwords by sniffing the
network, cracking encrypted passwords using Dictionary, Brute-Force and
Cryptanalysis attacks, recording VoIP conversations, decoding scrambled
passwords, revealing password boxes, uncovering cached passwords and
analyzing routing protocols. The program does not exploit any software
vulnerabilities or bugs that could not be fixed with little effort. It
covers some security aspects/weakness present in protocol's standards,
authentication methods and caching mechanisms; its main purpose is the
simplified recovery of passwords and credentials from various sources,
however it also ships some "non standard" utilities for Microsoft
Windows users.
Cain & Abel has been developed in the hope that it will be useful for
network administrators, teachers, security consultants/professionals,
forensic staff, security software vendors, professional penetration
tester and everyone else that plans to use it for ethical reasons. The
author will not help or support any illegal activity done with this
program. Be warned that there is the possibility that you will cause
damages and/or loss of data using this software and that in no events
shall the author be liable for such damages or loss of data. Please
carefully read the License Agreement included in the program before
using it.
The latest version is faster and contains a lot of new features like APR
(Arp Poison Routing) which enables sniffing on switched LANs and
Man-in-the-Middle attacks. The sniffer in this version can also analyze
encrypted protocols such as SSH-1 and HTTPS, and contains filters to
capture credentials from a wide range of authentication mechanisms. The
new version also ships routing protocols authentication monitors and
routes extractors, dictionary and brute-force crackers for all common
hashing algorithms and for several specific authentications,
password/hash calculators, cryptanalysis attacks, password decoders and
some not so common utilities related to network and system security.
-----Original Message-----
From: Unknown User [mailto:9nkn0wn@gmail.com]
Sent: Thursday, November 03, 2005 10:27 AM
To: pen-test@securityfocus.com
Subject: Cisco Secret 5 and John Password Cracker
Hi
I have recovered some cisco passwords that are encrypted using the
secret 5 format. They look like this
$1$Wgqc$sbb8R/2rtOhc7t86J5axj.
The question is can i simply plug this into a standard unix type
shadow file format and use john to crack. I've tried this but I'm not
convinced that John is actually working. Its also incrediblly slow.
Any other tools available to crack these types of passwords.
Thanks
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:08 EDT