Gareth, I create an "enable secret" password on a Cisco router 2610 with the password as you mentioned "kittens". Remember this is an MD5 encrypted string ($1$Em47$DEsFfXv/Px6y/cEmjMwfE0). You know what, I take this string and use the program called "john the ripper" running on my linux box to crack it. This linux is a pentium 200MHz with 64MB of RAM. It takes exactly 5 minutes to crack this password. I would imagine for longer "enable secret" password, it takes longer but not as difficult as it sounds.
Regards, >From: "Gareth Hinton" >Reply-To: "Gareth Hinton" >To: [EMAIL PROTECTED] >Subject: Re: OT: Enable secret hacking [7:23670] >Date: Sun, 21 Oct 2001 13:34:19 -0400 > >The reason I asked was to see if other peoples impression was the same as >mine. I've got the tools for the level 7 passwords, but was under the >impression that the enable secret was almost impossible. >I do some work for a fairly large company that had some penetration testing >done this week by a government agency. >One of the "hackers" told me that depending on the length and complexity of >the password he could crack the enable password from the MD5 hash pretty >quickly. >The passwords we normally use for enable secrets are over 8 character >random >alphanumeric strings, so it was taking some time. >Not believing him entirely, I suggested that I simplify the password a >little to a dictionary word of 7 characters. I changed it to "kittens" and >it took his unix box around 5 seconds to go through the dictionary >performing MD5 hash on every word, then comparing the result with the real >hash. > >I was quite surprised at how quick it was. Admittedly they need to see the >MD5 hash somehow, but I've never gone over the top to cover these up before >now. > >We also (a little carelessly) got caught out with a few switches with "IP >HTTP SERVER" on as default, so the weakness with http allowed level 15 >access to the switches. Oops. > >Just thought I'd bring it up anyway. I think "no ip http server" and more >complex passwords are in order. > > >Regards, > >Gareth > >""John Neiberger"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > The enable secret would not be an easy thing to crack. The enable >password, > > however, can be cracked easily with a number of utilities available for >free > > on the internet. > > > > If you have hackers attacking your network who have the capability to >crack > > the enable secret then you have much bigger problems. > > > > As I recall, the enable secret displayed when you do a show run is a >one-way > > hash, so the original cannot be determined from the encrypted version. >I'll > > have to check into that. > > > > A good hacker would spend his time elsewhere. Sitting at the login >prompt > > trying to guess passwords for a few years probably isn't a wise way to >spend > > one's time. Hackers tend to go for the low-hanging fruit. > > > > Regards, > > John > > > > On Sun, 21 Oct 2001 09:13:35 -0400, Gareth Hinton wrote: > > > > | Hi all, > > | > > | I'm asking this as a matter of interest after something I saw this >week: > > | Given the following line of config: > > | > > | enable secret 5 $1$32Pc$uq7Tr7gq4v22PqEG4WFF90 > > | > > | What are the chances of cracking the enable secret? (Without raising > > | suspicicion by having 40 million attempts on the box itself.) > > | Lets say the password is an 8 character string of letters only, not > > | necessarily a dictionary word. > > | > > | What's everybody's view, could it be easily hacked or not? > > | > > | > > | Thanks, > > | > > | Gaz > > | > > | > > | > > | > > _______________________________________________________ > > http://inbox.excite.com _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23704&t=23670 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]