Re: Cisco Secret 5 algorithm?

From: MeNSaKeZ (mensakez.alertas@gmail.com)
Date: Sun Nov 06 2005 - 05:27:53 EST


I think this is MD5 im use CAIN for decripte it
----- Original Message -----
From: "Jeroen" <jeroen@isvet.nl>
To: <pen-test@securityfocus.com>
Sent: Friday, November 04, 2005 10:49 PM
Subject: Cisco Secret 5 algorithm?

> Unknown User wrote:
>
>> I have recovered some cisco passwords that are encrypted using the
>> secret 5 format. They look like this
>>
>> $1$Wgqc$sbb8R/2rtOhc7t86J5axj.
>>
>> The question is can i simply plug this into a standard unix type
>> shadow file format and use john to crack. I've tried this but I'm not
>> convinced that John is actually working. Its also incrediblly slow.
>> Any other tools available to crack these types of passwords.
>
>
> I know tomas and Cain. But actually I'm looking for the algorithm used. As
> far as I know right now it's a BASE64 of a MD5 with a salt in it. And the
> last part is unknown to me... Can anyone help me out with some
> hints/links/source? Cause this might me an interesting project for
> hardware
> integration (= FAST!).
>
>
> Greets,
>
> Jeroen
>
>
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers
> are
> futile against web application hacking. Check your website for
> vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before
> hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:08 EDT