From: Juan Carlos Reyes Muñoz (jcreyes@etb.net.co)
Date: Sun Nov 06 2005 - 11:15:11 EST
Hello,
You can see http://corky.net/2600/cisco-decrypt-password.shtml too.
I am not sure if John the Ripper can crack a Cisco 5 Password, but you can
launch a brute force or dictionary attack against it.
Juan Carlos Reyes Muñoz
GIAC Certified Forensic Analyst - SANS Institute
____________________________________
Consultor en Seguridad Informática
Móvil: (57 311) 513 92 80
Bogotá - Colombia - South America
Miami Mailbox
1900 N.W. 97th Avenue
Suite No. 722-1971
Miami, FL 33172
____________________________________
Las opiniones expresadas en esta comunicación son enteramente personales. De
igual manera, esta comunicación y todos sus datos adjuntos pueden ser
confidenciales y exclusivamente para el destinatario. Si por algún motivo
recibe esta comunicación y usted NO es el destinatario, hágamelo saber
respondiendo a este correo y por favor destruya cualquier copia del mismo y
de los datos adjuntos. Por favor tambien trate de olvidar cualquier cosa que
haya leido en esta comunicación, excepto en esta parte. Está prohibido
cualquier uso inadecuado de esta información, así como la generación de
copias de este mensaje. Gracias.
The contents and thoughts included in this e-mail are completely personal.
This e-mail message and any attachments may be confidential and privileged.
If you are not the intended recipient, please notify me immediately by
replying to this message and please destroy all copies of this message and
attachments.Please also try to forget everything you have read that was
contained in this E-Mail message, except this part. Misuse, copying and
redistribution of this e-mail are forbidden. Thank you.
-----Mensaje original-----
De: Pachulski, Keith [mailto:keithp@corp.ptd.net]
Enviado el: Viernes, 04 de Noviembre de 2005 01:26 p.m.
Para: Todd Towles; Unknown User; pen-test@securityfocus.com
Asunto: RE: Cisco Secret 5 and John Password Cracker
Tomas deals with only the secret, hance the name "too many secrets"...
original> -----Original Message-----
original> From: Todd Towles [mailto:toddtowles@brookshires.com]
original> Sent: Friday, November 04, 2005 10:32 AM
original> To: Pachulski, Keith; Unknown User; pen-test@securityfocus.com
original> Subject: RE: Cisco Secret 5 and John Password Cracker
original>
original>
original> Even the secret 5 ones? All of the Normal Cisco
original> Crackers that I have
original> seen only do the Type 7 level password.
original>
original> GetPass & Cain and Abel both do Type 7 level cracking as well.
original>
original>
original> > -----Original Message-----
original> > From: Pachulski, Keith [mailto:keithp@corp.ptd.net]
original> > Sent: Friday, November 04, 2005 8:02 AM
original> > To: Unknown User; pen-test@securityfocus.com
original> > Subject: RE: Cisco Secret 5 and John Password Cracker
original> >
original> > Look for a program called tomas.exe aka Too Many Secrets -
original> > this one does work for the cisco passwords.
original> >
original> > original> -----Original Message-----
original> > original> From: Unknown User [mailto:9nkn0wn@gmail.com]
original> > original> Sent: Thursday, November 03, 2005 9:27 AM
original> > original> To: pen-test@securityfocus.com
original> > original> Subject: Cisco Secret 5 and John Password Cracker
original> > original>
original> > original>
original> > original> Hi
original> > original>
original> > original> I have recovered some cisco passwords
original> that are encrypted
original> > original> using the secret 5 format. They look like this
original> > original>
original> > original> $1$Wgqc$sbb8R/2rtOhc7t86J5axj.
original> > original>
original> > original> The question is can i simply plug this into a
original> > standard unix
original> > original> type shadow file format and use john to
original> crack. I've
original> > tried this
original> > original> but I'm not convinced that John is actually
original> > working. Its also
original> > original> incrediblly slow.
original> > original> Any other tools available to crack these
original> types of passwords.
original> > original>
original> > original> Thanks
original> > original>
original> >
original>
----------------------------------------------------------------------------
-- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:08 EDT