perhaps this is why sho run and sho conf are not level 1 commands?? Brian "Sonic" Whalen Success = Preparation + Opportunity
On Sun, 21 Oct 2001, Gareth Hinton wrote: > The reason I asked was to see if other peoples impression was the same as > mine. I've got the tools for the level 7 passwords, but was under the > impression that the enable secret was almost impossible. > I do some work for a fairly large company that had some penetration testing > done this week by a government agency. > One of the "hackers" told me that depending on the length and complexity of > the password he could crack the enable password from the MD5 hash pretty > quickly. > The passwords we normally use for enable secrets are over 8 character random > alphanumeric strings, so it was taking some time. > Not believing him entirely, I suggested that I simplify the password a > little to a dictionary word of 7 characters. I changed it to "kittens" and > it took his unix box around 5 seconds to go through the dictionary > performing MD5 hash on every word, then comparing the result with the real > hash. > > I was quite surprised at how quick it was. Admittedly they need to see the > MD5 hash somehow, but I've never gone over the top to cover these up before > now. > > We also (a little carelessly) got caught out with a few switches with "IP > HTTP SERVER" on as default, so the weakness with http allowed level 15 > access to the switches. Oops. > > Just thought I'd bring it up anyway. I think "no ip http server" and more > complex passwords are in order. > > > Regards, > > Gareth > > ""John Neiberger"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > The enable secret would not be an easy thing to crack. The enable > password, > > however, can be cracked easily with a number of utilities available for > free > > on the internet. > > > > If you have hackers attacking your network who have the capability to > crack > > the enable secret then you have much bigger problems. > > > > As I recall, the enable secret displayed when you do a show run is a > one-way > > hash, so the original cannot be determined from the encrypted version. > I'll > > have to check into that. > > > > A good hacker would spend his time elsewhere. Sitting at the login prompt > > trying to guess passwords for a few years probably isn't a wise way to > spend > > one's time. Hackers tend to go for the low-hanging fruit. > > > > Regards, > > John > > > > On Sun, 21 Oct 2001 09:13:35 -0400, Gareth Hinton wrote: > > > > | Hi all, > > | > > | I'm asking this as a matter of interest after something I saw this > week: > > | Given the following line of config: > > | > > | enable secret 5 $1$32Pc$uq7Tr7gq4v22PqEG4WFF90 > > | > > | What are the chances of cracking the enable secret? (Without raising > > | suspicicion by having 40 million attempts on the box itself.) > > | Lets say the password is an 8 character string of letters only, not > > | necessarily a dictionary word. > > | > > | What's everybody's view, could it be easily hacked or not? > > | > > | > > | Thanks, > > | > > | Gaz > > | > > | > > | > > | > > _______________________________________________________ > > http://inbox.excite.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23708&t=23670 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
