How to crack Cisco IOS enable secret
Moderator: BarsMonster
-
- Posts: 4
- Joined: Sat Aug 08, 2009 2:15 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
How to crack Cisco IOS enable secret
Hi,
May I know if BarsWF can crack Cisco IOS enable secret or not?
if so, how can I do it in BarsWF?
Here is an example of a Cisco enable secret
$1$Vu62$b1Umxq7tw.QHuXyzbsZJO0
The password is : a
Thank you for your great help very much
May I know if BarsWF can crack Cisco IOS enable secret or not?
if so, how can I do it in BarsWF?
Here is an example of a Cisco enable secret
$1$Vu62$b1Umxq7tw.QHuXyzbsZJO0
The password is : a
Thank you for your great help very much
-
- Posts: 110
- Joined: Fri Nov 07, 2008 6:50 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
Re: How to crack Cisco IOS enable secret
Cisco IOS MD5 is just MD5CRYPT with a short hash value, IIRC.
No GPU brute forcers that I'm aware of support this yet.
The algorithm really kind of sucks for GPUs.
No GPU brute forcers that I'm aware of support this yet.
The algorithm really kind of sucks for GPUs.
-
- Posts: 82
- Joined: Sun Nov 02, 2008 8:53 pm [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
Re: How to crack Cisco IOS enable secret
does that mean you are somehow involved with barswf development?Sc00bz wrote:not yet but it's planed

Re: How to crack Cisco IOS enable secret
No, I read it on this forum somewhere. Unless that was cryptohaze hmmm... Well either way it's planed for here or there.neinbrucke wrote:does that mean you are somehow involved with barswf development?Sc00bz wrote:not yet but it's planed

-
- Posts: 4
- Joined: Sat Aug 08, 2009 2:15 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
Re: How to crack Cisco IOS enable secret
Hi,_haxxor_ wrote:use passwordspro with MD5(Unix)
Thanks for suggestion,
but PasswordsPro's performance is far far far far lag bebind than BarsWF does.
it may take 1 more year time


I wish BarsWF can support more decryption method in near futre

-
- Posts: 52
- Joined: Mon Oct 27, 2008 7:57 pm [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
Re: How to crack Cisco IOS enable secret
if i'm not mistaking md5(unix) = md5(md5(...(md5(pass)))..) 1000 times (and some salt somewhere ). that's at least 1000 slower than usual md5(pass)wargps wrote:Hi,_haxxor_ wrote:use passwordspro with MD5(Unix)
Thanks for suggestion,
but PasswordsPro's performance is far far far far lag bebind than BarsWF does.
it may take 1 more year timeat my computer to crack down the password of which BarsWF may only take few minutes to do so
![]()
I wish BarsWF can support more decryption method in near futre
-
- Posts: 110
- Joined: Fri Nov 07, 2008 6:50 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
Re: How to crack Cisco IOS enable secret
It's far more complex than that.
It's some initial operations, then 1000 iterations of a fairly annoying algorithm that does some string concatenation (GPUs are awful at this) depending on which operation you're on (using modulus, which GPUs are really bad at too).
Then it does some final operations and calls it good.
That middle step is... really ugly for GPUs. It has a long period for loop unrolling, and unrolled loops would have a high register count.
It's doable, but probably only suited to wordlists/mutated wordlists. It's not really fast enough to brute force except for small spaces.
It's some initial operations, then 1000 iterations of a fairly annoying algorithm that does some string concatenation (GPUs are awful at this) depending on which operation you're on (using modulus, which GPUs are really bad at too).
Then it does some final operations and calls it good.
That middle step is... really ugly for GPUs. It has a long period for loop unrolling, and unrolled loops would have a high register count.
It's doable, but probably only suited to wordlists/mutated wordlists. It's not really fast enough to brute force except for small spaces.
- Igor
- Posts: 19
- Joined: Sun Nov 09, 2008 12:22 pm [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
Re: How to crack Cisco IOS enable secret
As Bitweasel wrote, bruteforcing MD5(crypt) isn't really feasible for anything but short passwords - however, if you want to find out a password generated by humans, not by dead chickens falling on a keyboard, John the Ripper might help. There's a pre-patched version with MPI-Support available here. This should be able to reach 61000 p/s on an Intel i7 965. Note that it is also written by a russian.wargps wrote:Hi,
Here is an example of a Cisco enable secret
$1$Vu62$b1Umxq7tw.QHuXyzbsZJO0
The password is : a
What we do with MD5(crypt) hashes is to bruteforce just 1-5 characters, so that we don't miss stuff like #!123 or something like that. Main part is to fire up an mpi-john on a quadcore system and let it run for at least a weekend or -better yet- a whole week. Also, any information about the password is put into a wordlist or used for permutations. This may yield results - however, there's almost no chance to reveal a long, half-random password or even a passphrase. If you have lots of passwords you need to split them up somehow, as they'll slow your system to a crawl.
If you insist on bruteforcing MD5(crypt), at least reduce the keyspace you want to search by limiting the amount of special characters. Extensive -and painful- studies have shown that most people do not generate their passwords by banging their head on a keyboard several times, because although it results in strong passwords, it's really, really hard to make the same passwords twice. So use basic stuff like - + / , . ! and so on, and leave ² ³ ^ ´ and so on alone. The more thought you put into the creation of the candidates, the higher your chances of a success will be.
- BarsMonster
- Site Admin
- Posts: 1118
- Joined: Wed Oct 01, 2008 7:58 pm [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
Re: How to crack Cisco IOS enable secret
ROFLIgor wrote:if you want to find out a password generated by humans, not by dead chickens falling on a keyboard



Update: Just realized that I am using "dead chicken" passwords

-
- Posts: 12
- Joined: Sun Aug 02, 2009 9:06 pm [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
Re: How to crack Cisco IOS enable secret
Lets see how well it fares against the super computer!BarsMonster wrote:ROFLIgor wrote:if you want to find out a password generated by humans, not by dead chickens falling on a keyboard![]()
![]()
Update: Just realized that I am using "dead chicken" passwords
MD5 it and throw it in

Who is online
Users browsing this forum: No registered users and 1 guest