Cisco Secret 5 and John Password Cracker. Hi I have recovered some cisco passwords that are encrypted using the secret 5 format. They look like this $1$Wgqc$sbb8R. Will allow Cisco customers to configure the new password type for both enable secret password and username username secret password. This will allow Cisco customers to gradually migrate to the new password type, while allowing them to use the existing syntax to preserve backward compatibility. The exact syntax for the new commands. Aug 17, 2011 Crack Cisco IOS Password Hashes, Crack Cisco Type 5 & Type 7 Password Hashes Question Defense. Open those both enable secret hash.

I've got a copy of a Cisco ASA config and i want to crack the following example passwords I've got the following lines in the config ASA Version 8.4(2)! Installer Deezer Sur Ipod Touch more. Hostname ciscoasa enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted names! So I want to try and crack the enable password, but i don't know what format it is or what tool i can use to brute force it. (Note the hash there is not the real hash, just a random hash i found online like the original) I already know the password is “cisco” for passwd, but if that was different, how can i go about cracking it? Are these two passwords the same format/hash type (the first doesn't have any 'punctuation' but that might just be by chance.

I'm familiar with cracking the MD5 passwords, level/type 7 'secrets' etc but not cracking the enable password for IOS devices. Extra Credit: There are also the following lines with multiple usernames in it which i assume are the same format as above.! No threat-detection statistics tcp-intercept ntp server webvpn username test password hmQhTUMT1T5Z4KHC encrypted privilege 15! I tried adding the 'known' cisco hash into the PIX-MD5 in cain manually, but it didn't work (used a dict with cisco in it). See below: Hope someone can help, Thanks! The Cisco ASA config you have provided appears to use CISCO PIX-MD5 hashes.

Both the VPN settings mentioned above and the enable/passwd are not salted, contrary to what the suggests in Peleus's post. It is worth while checking this site: In there you can enter 'cisco' as the password and you'll recieve the common 2KFQnbNI­dI.2KYOU hash back out as you have in the above config. You can repeat the process for blank If you've used before, the following command worked perfectly to crack it on windows for me. CudaHashcat-plus64.exe --hash-type 2400 C: Users user Desktop hashes.txt C: Users user Desktop password.lst On my machine i got about 70,000k/s with GPU acceleration. I always recommend using a good word-list like this. The easiest way is to use an online tool. It may have already stored passwords and their hash: Using Cain and Abel you should be able to crack your current password of 2KFQnbNIdI.2KYOU fairly fast with a dictionary or bruteforce.

Not sure of the issue you are having with Cain but it should work (try bruteforce as well). Below is the example to bruteforce the hash with cain: Click on Cracker, Click on Cisco PIX-MD5 Hashes, Click the '+' button, add your hash.

Select various options to use for the crack. The cracked password is show in the text box as 'cisco'.

The password shows up in the password field now. From what I can tell in the docs this is a 'type 6' password and this seems to be related to encrypting a pre-shared key. 'type 6' seems to be an improvement over 'type 7' in that there is a per-device salt, though it is reversible. I did some googling of the exact password line since you said its the default password, this article suggests running more system:running-config which will show you the preshared key ().