Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 15 May 2006 03:17:45 +0400
From: Solar Designer <>
Subject: Re: Cisco Type 5 Passwords

On Sun, May 14, 2006 at 03:34:58PM -0400, Amir Sadoughi wrote:
> I have heard it is possible to utilize JTR to crack Cisco Type 5 passwords, but I believe the passwords are hashed 1000 times with MD5 and then Base64 encoded,  or something like that. Does JTR have a specific option for this or is it possible to extend JTR through the beauty of OSS to fit this feature?

Cisco uses the same FreeBSD-derived hashing method that John readily
supports.  You can use the following "sed" one-liner to extract
passwords from Cisco IOS config files in a format usable by John:

sed -n 's/[ :]/_/g; s/^\(.\{1,\}\)_5_\($1$[$./0-9A-Za-z]\{27,31\}\)_*$/\1:\2/p' < cisco-device-config > passwd

(It might work with config files from non-IOS Cisco devices as well, but
I have not tried that.)

With these lines (and more) in cisco-device-config:

enable secret level 2 5 $1$WhZT$YYEI3f0wwWJGAXtAayK/Q.
enable secret 5 $1$4C5N$JCdhRhHmlH4kdmLz.vsyq0

the sed script's output is:


which John cracks like this:

Loaded 2 password hashes with 2 different salts (FreeBSD MD5 [32/32])
test             (enable_secret_level_2)
guesses: 1  time: 0:00:00:18 8% (2)  c/s: 2033  trying: tricky1

Alexander Peslyak <solar at>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598 - bringing security into open computing environments

Was I helpful?  Please give your feedback here:

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.