Below we describe all three methods of storing passwords in the Cisco IOS device configuration and how to obtain the password from each method either by simply reading the password, by quickly converting the password from the Cisco defined encryption algorithm, or by cracking MD5 UNIX password hashes.Not secure except for protecting against shoulder surfing attacks.
Decrypt Secret 5 Plus Which IsMy preferred application to crack these types of hashes is oclHashcat and more specifically oclHashcat-plus which is open source and can be downloaded here.Below is information on what the Cisco configuration line will look like that stores the Type 5 password, an example Cisco Type 5 password hash, and an example cracking a Cisco Type 5 password.
Decrypt Secret 5 Password From EachDecrypt Secret 5 How To Obtain TheIn the command issued below the gpu-watchdog0 switch tells oclHashcat to not monitor the GPU temperature, the -m 500 switch tells oclHashcat what type of hash we are cracking (in this example it is MD5(Unix), ciscotype5.txt is a text file located in the same directory as the oclHashcat application and includes our example hash, and wordlistssmall.dic specifies the wordlist we are using in this example. With GPU password cracking there are not many passwords that are safe anymore. In the example below I ran the Perl script on my Macbook and the password was returned in less than 5 seconds. So no matter how the password is stored in a Cisco configuration if you have access to the configuration you can likely crack the password. AccessDeniedAwsUsersThe Access Key Id 1ZNGM52M8EWAXJFFRR82 is not enabled for accessing this version of Product Advertising API. We do offer a pay for service located at so contact us via the contact information on that site if you want a quote for the above hashes.
0 Comments
Leave a Reply. |