RE: Penetrating a Cisco Catalyst with CatOS

From: Wozny, Scott (US - New York) (swozny@deloitte.com)
Date: Wed Jul 20 2005 - 15:17:37 EDT


Cats hash their passwords with MD5 by default.

Hope this helps,

Scott

-----Original Message-----
From: Marc.Werner@t-systems.com [mailto:Marc.Werner@t-systems.com]
Sent: Wednesday, July 20, 2005 8:22 AM
To: pen-test@securityfocus.com
Subject: Penetrating a Cisco Catalyst with CatOS

Hi list,

in my actual pen-test-project I was able to get a cisco-config by SNMP. The passwords are encrypted. Does anyone know the algorithm? The password hash starts with $2$, an "normal" IOShash starts with $1$. Is it probably blowfish?
Thanks for your help in advance!!!

Mit freundlichen Grüßen / Kind regards

Marc Werner
T-Systems International GmbH
Research & Development Engineer
Technology Center
Engineering Networks, Products & Services
Multi Access Solutions & AAA Technologies
Sendefunkstelle Haus 5, 25335 Elmshorn
Tel +49 4121 29198819
PC Fax +49 1805 3344902042
Fax +49 4121 29198899
Mobil +49 170 5637815
E-Mail: marc.werner@t-systems.com
Internet: http://www.t-systems.com

This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. [v.E.1]



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:36 EDT