Re: Read Only Access For Telnet

From: Chris Larson (clarson52@xxxxxxxxxxx)
Date: Fri Aug 30 2002 - 23:31:56 GMT-3

• Next message: Leo Seto: "Re: What the wife said !"
• Previous message: Phil: "Re: OT: Market for CCIE's"
• Maybe in reply to: Wright, Jeremy: "Read Only Access For Telnet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
There is lot's of code and programs/scripts for cracking the type 7
passwords. You shouldn't use them.

John the ripper will not "crack" MD5 hashes. It will crack FreeBSD MD5, but
that is because of FreeBSD's implementation and how it stores it's
passwords. It will not crack the enable secret of a cisco router. Also, to
break the FreeBSD MD5 hashed password files you would first need to get both
the password and shadow password files .

----- Original Message -----
From: "Gareth Bromley" <gbromley@intstar.com>
Cc: <security@groupstudy.com>; <ccielab@groupstudy.com>
Sent: Friday, August 30, 2002 8:37 AM
Subject: Re: Read Only Access For Telnet

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Graham, John wrote:
> | www.solarwinds.net/Tools/Cisco_Networking/Password_Decryptor/
> No need to waste money on expensive toys.
>
> See http://www.fromadia.com/newsread.php?newsid=158 for Perl
> and C code examples.
>
> This is the piece of Perl Code I use when I need to do do
> this sort of thing.
> #!/usr/bin/perl -w
> # $Id: ios7decrypt.pl,v 1.1 1998/01/11 21:31:12 mesrik Exp $
> #
> # Credits for orginal code and description hobbit@avian.org,
> # SPHiXe, .mudge et al. and for John Bashinski
> # for Cisco IOS password encryption facts.
> #
> # Use for any malice or illegal purposes strictly prohibited!
> #
>
> @xlat = ( 0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41,
> 0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c,
> 0x64, 0x4a, 0x4b, 0x44, 0x48, 0x53 , 0x55, 0x42 );
>
> while (<>) {
> ~ if (/(password|md5)\s+7\s+([\da-f]+)/io) {
> ~ if (!(length($2) & 1)) {
> ~ $ep = $2; $dp = "";
> ~ ($s, $e) = ($2 =~ /^(..)(.+)/o);
> ~ for ($i = 0; $i < length($e); $i+=2) {
> ~ $dp .= sprintf "%c",hex(substr($e,$i,2))^$xlat[$s++];
> ~ }
> ~ s/$ep/$dp/;
> ~ }
> ~ }
> ~ print;
> }
>
> If you after enable secrets then I hear, but havent tested
> yet John the Ripper is the tool.
>
> Enjoy,
>
> - --
> - --Gareth Bromley
> CCDP CCNP CSS1 CCIP Security CCSA CCSE NSA RHCE SCSA CISSP
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE9b2cexX2wgg94RlkRAk9DAKCa6xNjP1RAzN9pfAeJepd4vgKCuACfY5gs
> 0DK7zWb4sw69WSjFcGf49xA=
> =qUcp
> -----END PGP SIGNATURE-----

• Next message: Leo Seto: "Re: What the wife said !"
• Previous message: Phil: "Re: OT: Market for CCIE's"
• Maybe in reply to: Wright, Jeremy: "Read Only Access For Telnet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:43 GMT-3