How to crack Cisco IOS enable secret

Moderator: BarsMonster

Post Reply [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
wargps
Posts: 4
Joined: Sat Aug 08, 2009 2:15 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

How to crack Cisco IOS enable secret

Post by wargps » Sat Aug 08, 2009 2:23 am

Hi,

May I know if BarsWF can crack Cisco IOS enable secret or not?

if so, how can I do it in BarsWF?

Here is an example of a Cisco enable secret

$1$Vu62$b1Umxq7tw.QHuXyzbsZJO0

The password is : a

Thank you for your great help very much

Sc00bz
Posts: 136
Joined: Fri Oct 03, 2008 8:28 am
Contact:

Re: How to crack Cisco IOS enable secret

Post by Sc00bz » Sat Aug 08, 2009 2:41 am

not yet but it's planed

Bitweasil
Posts: 110
Joined: Fri Nov 07, 2008 6:50 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: How to crack Cisco IOS enable secret

Post by Bitweasil » Sat Aug 08, 2009 9:56 am

Cisco IOS MD5 is just MD5CRYPT with a short hash value, IIRC.

No GPU brute forcers that I'm aware of support this yet.

The algorithm really kind of sucks for GPUs.

_haxxor_
Posts: 52
Joined: Mon Oct 27, 2008 7:57 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: How to crack Cisco IOS enable secret

Post by _haxxor_ » Sat Aug 08, 2009 12:58 pm

use passwordspro with MD5(Unix)

neinbrucke
Posts: 82
Joined: Sun Nov 02, 2008 8:53 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: How to crack Cisco IOS enable secret

Post by neinbrucke » Sat Aug 08, 2009 8:35 pm

Sc00bz wrote:not yet but it's planed
does that mean you are somehow involved with barswf development? :)

Sc00bz
Posts: 136
Joined: Fri Oct 03, 2008 8:28 am
Contact:

Re: How to crack Cisco IOS enable secret

Post by Sc00bz » Sat Aug 08, 2009 9:08 pm

neinbrucke wrote:
Sc00bz wrote:not yet but it's planed
does that mean you are somehow involved with barswf development? :)
No, I read it on this forum somewhere. Unless that was cryptohaze hmmm... Well either way it's planed for here or there. :D

wargps
Posts: 4
Joined: Sat Aug 08, 2009 2:15 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: How to crack Cisco IOS enable secret

Post by wargps » Sun Aug 09, 2009 10:16 am

_haxxor_ wrote:use passwordspro with MD5(Unix)
Hi,

Thanks for suggestion,
but PasswordsPro's performance is far far far far lag bebind than BarsWF does.
it may take 1 more year time :wall: at my computer to crack down the password of which BarsWF may only take few minutes to do so :joy:

I wish BarsWF can support more decryption method in near futre :mrgreen:

_haxxor_
Posts: 52
Joined: Mon Oct 27, 2008 7:57 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: How to crack Cisco IOS enable secret

Post by _haxxor_ » Sun Aug 09, 2009 6:22 pm

wargps wrote:
_haxxor_ wrote:use passwordspro with MD5(Unix)
Hi,

Thanks for suggestion,
but PasswordsPro's performance is far far far far lag bebind than BarsWF does.
it may take 1 more year time :wall: at my computer to crack down the password of which BarsWF may only take few minutes to do so :joy:

I wish BarsWF can support more decryption method in near futre :mrgreen:
if i'm not mistaking md5(unix) = md5(md5(...(md5(pass)))..) 1000 times (and some salt somewhere ). that's at least 1000 slower than usual md5(pass)

Bitweasil
Posts: 110
Joined: Fri Nov 07, 2008 6:50 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: How to crack Cisco IOS enable secret

Post by Bitweasil » Sun Aug 09, 2009 7:55 pm

It's far more complex than that.

It's some initial operations, then 1000 iterations of a fairly annoying algorithm that does some string concatenation (GPUs are awful at this) depending on which operation you're on (using modulus, which GPUs are really bad at too).

Then it does some final operations and calls it good.

That middle step is... really ugly for GPUs. It has a long period for loop unrolling, and unrolled loops would have a high register count.

It's doable, but probably only suited to wordlists/mutated wordlists. It's not really fast enough to brute force except for small spaces.

User avatar
Igor
Posts: 19
Joined: Sun Nov 09, 2008 12:22 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: How to crack Cisco IOS enable secret

Post by Igor » Mon Aug 10, 2009 1:07 pm

wargps wrote:Hi,
Here is an example of a Cisco enable secret

$1$Vu62$b1Umxq7tw.QHuXyzbsZJO0

The password is : a
As Bitweasel wrote, bruteforcing MD5(crypt) isn't really feasible for anything but short passwords - however, if you want to find out a password generated by humans, not by dead chickens falling on a keyboard, John the Ripper might help. There's a pre-patched version with MPI-Support available here. This should be able to reach 61000 p/s on an Intel i7 965. Note that it is also written by a russian.

What we do with MD5(crypt) hashes is to bruteforce just 1-5 characters, so that we don't miss stuff like #!123 or something like that. Main part is to fire up an mpi-john on a quadcore system and let it run for at least a weekend or -better yet- a whole week. Also, any information about the password is put into a wordlist or used for permutations. This may yield results - however, there's almost no chance to reveal a long, half-random password or even a passphrase. If you have lots of passwords you need to split them up somehow, as they'll slow your system to a crawl.

If you insist on bruteforcing MD5(crypt), at least reduce the keyspace you want to search by limiting the amount of special characters. Extensive -and painful- studies have shown that most people do not generate their passwords by banging their head on a keyboard several times, because although it results in strong passwords, it's really, really hard to make the same passwords twice. So use basic stuff like - + / , . ! and so on, and leave ² ³ ^ ´ and so on alone. The more thought you put into the creation of the candidates, the higher your chances of a success will be.

User avatar
BarsMonster
Site Admin
Posts: 1118
Joined: Wed Oct 01, 2008 7:58 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: How to crack Cisco IOS enable secret

Post by BarsMonster » Mon Aug 10, 2009 2:57 pm

Igor wrote:if you want to find out a password generated by humans, not by dead chickens falling on a keyboard
ROFL :crazy: :str: :crazy:
Update: Just realized that I am using "dead chicken" passwords :crazy:

Tal
Posts: 12
Joined: Sun Aug 02, 2009 9:06 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: How to crack Cisco IOS enable secret

Post by Tal » Mon Aug 10, 2009 8:37 pm

BarsMonster wrote:
Igor wrote:if you want to find out a password generated by humans, not by dead chickens falling on a keyboard
ROFL :crazy: :str: :crazy:
Update: Just realized that I am using "dead chicken" passwords :crazy:
Lets see how well it fares against the super computer!
MD5 it and throw it in :crazy:

Post Reply
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Who is online

Users browsing this forum: No registered users and 1 guest