RE: Cisco Secret 5 and John Password Cracker

[Juan Carlos Reyes Muñoz <jcreyes () etb net co>]

Hello,

You can see http://corky.net/2600/cisco-decrypt-password.shtml too.


I am not sure if John the Ripper can crack a Cisco 5 Password, but you can
launch a brute force or dictionary attack against it.

Juan Carlos Reyes Muñoz
GIAC Certified Forensic Analyst - SANS Institute
____________________________________
Consultor en Seguridad Informática
Móvil: (57 311) 513 92 80
Bogotá - Colombia - South America
 
Miami Mailbox
1900 N.W. 97th Avenue
Suite No. 722-1971
Miami, FL 33172
____________________________________
 
Las opiniones expresadas en esta comunicación son enteramente personales. De
igual manera, esta comunicación y todos sus datos adjuntos pueden ser
confidenciales y exclusivamente para el destinatario. Si por algún motivo
recibe esta comunicación y usted NO es el destinatario, hágamelo saber
respondiendo a este correo y por favor destruya cualquier copia del mismo y
de los datos adjuntos. Por favor tambien trate de olvidar cualquier cosa que
haya leido en esta comunicación, excepto en esta parte. Está prohibido
cualquier uso inadecuado de esta información, así como la generación de
copias de este mensaje. Gracias.
 
The contents and thoughts included in this e-mail are completely personal.
This e-mail message and any attachments may be confidential and privileged.
If you are not the intended recipient, please notify me immediately by
replying to this message and please destroy all copies of this message and
attachments.Please also try to forget everything you have read that was
contained in this E-Mail message, except this part. Misuse, copying and
redistribution of this e-mail are forbidden. Thank you.

-----Mensaje original-----
De: Pachulski, Keith [mailto:keithp () corp ptd net] 
Enviado el: Viernes, 04 de Noviembre de 2005 01:26 p.m.
Para: Todd Towles; Unknown User; pen-test () securityfocus com
Asunto: RE: Cisco Secret 5 and John Password Cracker

Tomas deals with only the secret, hance the name "too many secrets"...

original> -----Original Message-----
original> From: Todd Towles [mailto:toddtowles () brookshires com]
original> Sent: Friday, November 04, 2005 10:32 AM
original> To: Pachulski, Keith; Unknown User; pen-test () securityfocus com
original> Subject: RE: Cisco Secret 5 and John Password Cracker
original> 
original> 
original> Even the secret 5 ones? All of the Normal Cisco 
original> Crackers that I have
original> seen only do the Type 7 level password. 
original> 
original> GetPass & Cain and Abel both do Type 7 level cracking as well.
original> 
original> 
original> > -----Original Message-----
original> > From: Pachulski, Keith [mailto:keithp () corp ptd net] 
original> > Sent: Friday, November 04, 2005 8:02 AM
original> > To: Unknown User; pen-test () securityfocus com
original> > Subject: RE: Cisco Secret 5 and John Password Cracker
original> > 
original> > Look for a program called tomas.exe aka Too Many Secrets - 
original> > this one does work for the cisco passwords.
original> > 
original> > original> -----Original Message-----
original> > original> From: Unknown User [mailto:9nkn0wn () gmail com]
original> > original> Sent: Thursday, November 03, 2005 9:27 AM
original> > original> To: pen-test () securityfocus com
original> > original> Subject: Cisco Secret 5 and John Password Cracker
original> > original> 
original> > original> 
original> > original> Hi
original> > original> 
original> > original>  I have recovered some cisco passwords 
original> that are encrypted 
original> > original> using the secret 5 format. They look like this
original> > original> 
original> > original>  $1$Wgqc$sbb8R/2rtOhc7t86J5axj.
original> > original> 
original> > original>  The question is can i simply plug this into a 
original> > standard unix 
original> > original> type shadow file format and use john to 
original> crack. I've 
original> > tried this 
original> > original> but I'm not convinced that John is actually 
original> > working. Its also 
original> > original> incrediblly slow.
original> > original> Any other tools available to crack these 
original> types of passwords.
original> > original> 
original> > original>  Thanks
original> > original> 
original> > 
original> 

----------------------------------------------------------------------------
--
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are

futile against web application hacking. Check your website for
vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers
do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------