RE: Cisco Secret 5 and John Password Cracker

From: Todd Towles (toddtowles@brookshires.com)
Date: Fri Nov 04 2005 - 10:31:52 EST


Even the secret 5 ones? All of the Normal Cisco Crackers that I have
seen only do the Type 7 level password.

GetPass & Cain and Abel both do Type 7 level cracking as well.

> -----Original Message-----
> From: Pachulski, Keith [mailto:keithp@corp.ptd.net]
> Sent: Friday, November 04, 2005 8:02 AM
> To: Unknown User; pen-test@securityfocus.com
> Subject: RE: Cisco Secret 5 and John Password Cracker
>
> Look for a program called tomas.exe aka Too Many Secrets -
> this one does work for the cisco passwords.
>
> original> -----Original Message-----
> original> From: Unknown User [mailto:9nkn0wn@gmail.com]
> original> Sent: Thursday, November 03, 2005 9:27 AM
> original> To: pen-test@securityfocus.com
> original> Subject: Cisco Secret 5 and John Password Cracker
> original>
> original>
> original> Hi
> original>
> original> I have recovered some cisco passwords that are encrypted
> original> using the secret 5 format. They look like this
> original>
> original> $1$Wgqc$sbb8R/2rtOhc7t86J5axj.
> original>
> original> The question is can i simply plug this into a
> standard unix
> original> type shadow file format and use john to crack. I've
> tried this
> original> but I'm not convinced that John is actually
> working. Its also
> original> incrediblly slow.
> original> Any other tools available to crack these types of passwords.
> original>
> original> Thanks
> original>
>

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:08 EDT