Cisco “password 7″

• “How do I Decrypt Cisco Passwords?” – http://www.topbits.com/decrypt-cisco-passwords.html
• Cisco password decryption – http://insecure.org/sploits/cisco.passwords.html

---

Local info:

• Cisco “password 7″ decryption – Perl code (2010.01.28) – https://eikonal.wordpress.com/2010/01/28/ciso-password-7-decryption-perl-code/
• Cisco “Password 7″ Cracker – javascript code (2010.01.07) – https://eikonal.wordpress.com/wp-admin/post-new.php
• Cisco “Password 7″ Cracker – C code (2010.05.21) – https://eikonal.wordpress.com/2010/05/21/cisco-%e2%80%9cpassword-7%e2%80%b3-decryption-%e2%80%93-c-code/

Cisco “password 7” decryption – Perl code

Source: somewhere from the web.

#!/usr/bin/perl -w # $Id: ios7decrypt.pl,v 1.1 1998/01/11 21:31:12 mesrik Exp $ # # Credits for orginal code and description hobbit@avian.org, # SPHiXe, .mudge et al. and for John Bashinski # for Cisco IOS password encryption facts. # # Use for any malice or illegal purposes strictly prohibited! # @xlat = ( 0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41, 0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44, 0x48, 0x53 , 0x55, 0x42 ); while () { if (/(password|md5)\s+7\s+([\da-f]+)/io) { if (!(length($2) & 1)) { $ep = $2; $dp = ""; ($s, $e) = ($2 =~ /^(..)(.+)/o); for ($i = 0; $i < length($e); $i+=2) { $dp .= sprintf "%c",hex(substr($e,$i,2))^$xlat[$s++]; } s/7\s+$ep/$dp/; } } print; }

---

Related: https://eikonal.wordpress.com/2010/05/21/cisco-%e2%80%9cpassword-7%e2%80%b3/

Cisco “Password 7” Cracker – javascript code

Source: http://www.ifm.net.nz/cookbooks/passwordcracker.html

<script language="JavaScript1.2" type="text/javascript"> <!-- // Is the character a digit? function isDigit(theDigit) { var digitArray = new Array('0','1','2','3','4','5','6','7','8','9') for (j = 0; j < digitArray.length; j++) { if (theDigit == digitArray[j]) return true } return false } // Generate a config file ready for loading function crackPassword(form) { var crypttext=form.crypttext.value.toUpperCase() var plaintext='' var xlat="dsfd;kfoA,.iyewrkldJKDHSUBsgvca69834ncxv9873254k;fg87" var seed, i, val=0 if(crypttext.length & 1) return seed = (crypttext.charCodeAt(0) - 0x30) * 10 + crypttext.charCodeAt(1) - 0x30 if (seed > 15 || !isDigit(crypttext.charAt(0)) || !isDigit(crypttext.charAt(1))) return for (i = 2 ; i <= crypttext.length; i++) { if(i !=2 && !(i & 1)) { plaintext+=String.fromCharCode(val ^ xlat.charCodeAt(seed++)) seed%=xlat.length val = 0; } val *= 16 if(isDigit(crypttext.charAt(i))) { val += crypttext.charCodeAt(i) - 0x30 continue } if(crypttext.charCodeAt(i) >= 0x41 && crypttext.charCodeAt(i) <= 0x46) { val += crypttext.charCodeAt(i) - 0x41 + 0x0a continue } if(crypttext.length != i) return } form.plaintext.value=plaintext } --> </script> <form name="never-you-mind" id="never-you-mind" action="#"> <table border="1"> <tbody><tr><td> <p> Type 7 Password: <input name="crypttext" size="60" type="text"> </p> <p> <input value="Crack Password" onclick="crackPassword(this.form)" type="button"> </p> <p>Plain text: <input name="plaintext" size="40" type="text"> </p> </td></tr></tbody></table> </form>

---

Related: https://eikonal.wordpress.com/2010/05/21/cisco-%e2%80%9cpassword-7%e2%80%b3/

Passwords cracking

Offline crackers

• Cain and Abel – http://www.oxid.it/cain.html
• John the Ripper – http://www.openwall.com/john/
  • More details here: https://eikonal.wordpress.com/2010/05/25/john-the-ripper/
• Pwdump – Windows LM and NTLM password hashes dumper – http://en.wikipedia.org/wiki/Pwdump. Has numerous implementations:
  • http://samba.org/samba/ftp/pwdump/
  • http://www.securiteam.com/tools/5ZQ0G000FU.html
  • pwdump6 – http://www.foofus.net/~fizzgig/pwdump/
  • fgdump – http://www.foofus.net/~fizzgig/fgdump/
  • pwdump7 – http://www.tarasco.org/security/pwdump_7/index.html
  • pwdump3 – http://openwall.com/passwords/microsoft-windows-nt-2000-xp-2003-vista-7#pwdump
    • pwdump3 > hashes.txt
    • then use johnTheRipper
• OphCrack – http://ophcrack.sourceforge.net/
  • Description: http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/
• RainbowCrack – http://project-rainbowcrack.com/
  • Pre-computed tables can be bought here – http://project-rainbowcrack.com/buy.php
• L0phtcrack – http://www.l0phtcrack.com/
• THC Hydra – http://freeworld.thc.org/thc-hydra/
• FSCrack – http://www.foundstone.com/us/resources/termsofuse.asp?file=fscrack.zip
• Brutus – http://www.hoobie.net/brutus/
• Aircrack –
• Airsnort –
• SolarWinds –
• chknull – http://phreak.org/archives/expoits/novell – checks novell accounts with no passwords — GONE
• Pandora – http://nmrc.org/project/pandora/ – a set of tools for hacking, intruding, and testing the security and insecurity of Novell Netware
• Ravan – JavaScript distributed computing system – http://www.andlabs.org/tools/ravan.html
• White Chapel – password cracking front end – https://github.com/mubix/WhiteChapel

Online tools

• Cisco Password Cracker (2007.06) – http://www.ifm.net.nz/cookbooks/passwordcracker.html
• Microsoft’s online password strength checker – https://www.microsoft.com/protect/fraud/passwords/checker.aspx?WT.mc_id=Site_Link
• Javascript Password Strength Meter – http://www.geekwisdom.com/dyn/passwdmeter. Local copy of code: https://eikonal.wordpress.com/2010/07/14/javascript-password-strength-meter/.
• WPACracker – http://www.wpacracker.com/ [ONLINE CRACKER]

Articles

• “Everyday Password Cracking” by Thorsten Fisher – http://www.irmplc.com/downloads/whitepapers/Everyday_Password_Cracking.pdf
• Password Recovery Speeds – http://www.lockdown.co.uk/?pg=combi&s=articles
• Rainbow Hash Cracking – http://www.codinghorror.com/blog/2007/09/rainbow-hash-cracking.html
• What is Rainbow Crack and How to do it: The Time-Memory Tradeoff Hash Cracker : How to Crack Windows passwords – http://learnethicalhacking.wordpress.com/2010/02/04/learn-how-to-hack-facebook-passwords-and-accounts-using-phishing-attack-facebook-fake-page/
• Cracking Windows Password Hashes – http://thehackingoftech.wordpress.com/2010/01/24/cracking-windows-password-hashes/
• How to recover Windows XP passwords with PwDump and MdCrack – http://winguard.blogspot.com/2009/05/how-to-recover-windows-xp-passwords.html

Generating password hashes

• Generating unix-style MD5 password hashes:
  • openssl passwd -1 -salt QIGCa pippo
  • produces: $1$QIGCa$/ruJs8AvmrknzKTzM2TYE.
• Generating password hash for native system crypt() function:
  • perl -e ‘print crypt(“pippo”, “\$1\$QIGCa”),”\n”‘
  • produces: $1Su6NR9CFU/6

VARIOUS

• Cracking Kerberos passwords
  • The only tool I know residing on this niche is ntsecurity’s KerbCrack/KerbSniff (http://ntsecurity.nu/toolbox/kerbcrack/).
  • Usage: kerbcrack.exe kerbcap.snf -b1 9

---

Related here: Default passwords, wordlist and Rainbow tables – https://eikonal.wordpress.com/2010/03/29/default-passwords/ | John The Ripper – https://eikonal.wordpress.com/2010/05/25/john-the-ripper/