How to crack Cisco IOS enable secret

[wargps]

Hi,

May I know if BarsWF can crack Cisco IOS enable secret or not?

if so, how can I do it in BarsWF?

Here is an example of a Cisco enable secret

$1$Vu62$b1Umxq7tw.QHuXyzbsZJO0

The password is : a

Thank you for your great help very much

[Sc00bz]

not yet but it's planed

[Bitweasil]

Cisco IOS MD5 is just MD5CRYPT with a short hash value, IIRC.

No GPU brute forcers that I'm aware of support this yet.

The algorithm really kind of sucks for GPUs.

[_haxxor_]

use passwordspro with MD5(Unix)

[neinbrucke]

not yet but it's planed

does that mean you are somehow involved with barswf development?

[Sc00bz]

not yet but it's planed

does that mean you are somehow involved with barswf development?

No, I read it on this forum somewhere. Unless that was cryptohaze hmmm... Well either way it's planed for here or there.

[wargps]

use passwordspro with MD5(Unix)

Hi,

Thanks for suggestion,
but PasswordsPro's performance is far far far far lag bebind than BarsWF does.
it may take 1 more year time at my computer to crack down the password of which BarsWF may only take few minutes to do so

I wish BarsWF can support more decryption method in near futre

[_haxxor_]

use passwordspro with MD5(Unix)

Hi,

Thanks for suggestion,
but PasswordsPro's performance is far far far far lag bebind than BarsWF does.
it may take 1 more year time at my computer to crack down the password of which BarsWF may only take few minutes to do so

I wish BarsWF can support more decryption method in near futre

if i'm not mistaking md5(unix) = md5(md5(...(md5(pass)))..) 1000 times (and some salt somewhere ). that's at least 1000 slower than usual md5(pass)

[Bitweasil]

It's far more complex than that.

It's some initial operations, then 1000 iterations of a fairly annoying algorithm that does some string concatenation (GPUs are awful at this) depending on which operation you're on (using modulus, which GPUs are really bad at too).

Then it does some final operations and calls it good.

That middle step is... really ugly for GPUs. It has a long period for loop unrolling, and unrolled loops would have a high register count.

It's doable, but probably only suited to wordlists/mutated wordlists. It's not really fast enough to brute force except for small spaces.

[Igor]

Hi,
Here is an example of a Cisco enable secret

$1$Vu62$b1Umxq7tw.QHuXyzbsZJO0

The password is : a

As Bitweasel wrote, bruteforcing MD5(crypt) isn't really feasible for anything but short passwords - however, if you want to find out a password generated by humans, not by dead chickens falling on a keyboard, John the Ripper might help. There's a pre-patched version with MPI-Support available here. This should be able to reach 61000 p/s on an Intel i7 965. Note that it is also written by a russian.

What we do with MD5(crypt) hashes is to bruteforce just 1-5 characters, so that we don't miss stuff like #!123 or something like that. Main part is to fire up an mpi-john on a quadcore system and let it run for at least a weekend or -better yet- a whole week. Also, any information about the password is put into a wordlist or used for permutations. This may yield results - however, there's almost no chance to reveal a long, half-random password or even a passphrase. If you have lots of passwords you need to split them up somehow, as they'll slow your system to a crawl.

If you insist on bruteforcing MD5(crypt), at least reduce the keyspace you want to search by limiting the amount of special characters. Extensive -and painful- studies have shown that most people do not generate their passwords by banging their head on a keyboard several times, because although it results in strong passwords, it's really, really hard to make the same passwords twice. So use basic stuff like - + / , . ! and so on, and leave ² ³ ^ ´ and so on alone. The more thought you put into the creation of the candidates, the higher your chances of a success will be.

[BarsMonster]

if you want to find out a password generated by humans, not by dead chickens falling on a keyboard

ROFL
Update: Just realized that I am using "dead chicken" passwords

[Tal]

if you want to find out a password generated by humans, not by dead chickens falling on a keyboard

ROFL
Update: Just realized that I am using "dead chicken" passwords

Lets see how well it fares against the super computer!
MD5 it and throw it in