Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   















      :: Inet-Admins
Inet-Admins mailing list archive (inet-admins@info.east.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[inet-admins] Fw: Re: [seg-l] Passwords en Cisco (fwd)



 ,

 .
------
Ilya Shulman   ish@east.ru        +7-095-956-4951 ISH-RIPN
East Connection ISP, Moscow, Russia. http://www.east.ru
-----Original Message-----
From: Gustavo A. Lozano <glozano@COLINTER.NET>
To: BUGTRAQ@NETSPACE.ORG <BUGTRAQ@NETSPACE.ORG>
Date: 1  1997 . 1:02
Subject: Re: [seg-l] Passwords en Cisco (fwd)


>
>
>Gustavo A. Lozano.
>Internet de Colombia S.A.
>glozano@colinter.net
>
>fingerprint = 74 37 A4 1F FA D3 B1 CC  C2 E2 07 80 1E 0F 4A B6
>
>
>---------- Forwarded message ----------
>Date: Fri, 30 May 1997 23:40:12 +0100
>From: AcidGum <ACIDGUM@hotmail.com>
>Reply-To: seg-l@secnet.com
>To: seg-l@secnet.com
>Subject: Re: [seg-l] Passwords en Cisco
>
>edo@infocable.cl wrote:
>
>#! /bin/sh
>## Decrypts cisco "encrypted" passwords.  Feed this confg files as
>stdin.
>## Anything that looks like a "type 7 encrypted" string gets decrypted.
>## This should really be a C program, but is presented as a script just
>to
>## piss off a certain group of people.  One beer, please...
>
>while read xx ; do
>  case "$xx" in
>    *d\ 7\ [01]??* ) ;;
>    *) continue ;;
>  esac
>  DEC=`echo "$xx" | sed -e 's/.* //' -e 's/\(^..\).*/\1/'`
>  DP1=`expr $DEC + 1`
>  HEX=`echo "$xx" | sed -e 's/.* //' -e 's/^..\(..*\)/\1/'`
>  echo 'dsfd;kfoA,.iyewrkldJKDHSUB' | cut -c "${DP1}-30" >
>/tmp/cis$$.pad
>  echo '#' > /tmp/cis$$.in
>  for xx in 1-2 3-4 5-6 7-8 9-10 11-12 13-14 15-16 17-18 19-20 21-22 ;
>do
>    echo "${HEX}" | cut -c $xx | sed -e '/^$/q' -e 's/^/0x/' >>
>/tmp/cis$$.in
>  done
>  echo -n "${DEC}${HEX}: "
>  data -g < /tmp/cis$$.in | xor /tmp/cis$$.pad
>  echo ''
>done
>rm -f /tmp/cis$$.pad /tmp/cis$$.in
>exit 0
>
># Discussion:
>
># When "service password-encryption" is configured into a cisco router
>and
># the configuration subsequently viewed, the passwords are no longer
>printed
># as plaintext but as strings of randomish-looking garbage.  Analysis of
>
># several samples reveals the scrambling algorithm to be trivially weak.
>
># Dr. Delete derived and published an analysis and decryption program
>some
># time ago, but since that didn't seem to be generally available at the
>time
># I went looking for it, here is an independent explanation.  This was
>worked
># out on PAPER over a plate of nachos in a hotel bar in downtown LA, but
>
># still illustrates where a general-purpose "xor" handler can be useful
>for
># quickly cracking lame "proprietary" algorithms of this genre.
>
># Passwords can be up to eleven mixed-case characters.  In the
>"encrypted"
># representation, the first two bytes of the long string are a random
>decimal
># offset between 0 and 15 into a magic block of characters, and the
>remaining
># bytes are ascii-hex representations of the password bytes xored
>against
># the character-block bytes from the given offset on down.  The
>character
># block is "dsfd;kfoA,.iyewrkldJKDHSUB", which is enough for a
>maximum-length
># password at the maximum offset.
>
># Another character block consisting of "sgvca69834ncxv9873254k;fg87" is
>
># located after the first one in the IOS image, which may be relevant to
>
># something else and is simply mentioned here for posterity.  It is also
>
># interesting to note that the strings "%02d" and "%02x" occur
>immediately
># afterward, which in light of the above is another clue.
>
>> >
>> > > Edo.
>> >
>> >
>> > quieres que las password en un router cisco no se vean
>> desencriptadas?
>> >
>> > si es eso lo que quieres usa el comando:
>> >
>> > service password-encription
>>
>> No era precisamente eso , sino mas bien el metodo de encriptacion que
>> usan , de hecho me encontre que no es similar [ en unix x ej algo
>> normal
>> seria zdDlhM3s9LPzK , pero en cisco el formato es 04025D0319731D ] y
>> quisiera saber cual en si es la diferencia , y si por ejemplo el
>> crack
>> es capaz de detectar este algoritmo. A todo esto ese formato me sale
>> al crear acceso a usuarios ppp/slip .
>>
>> > Hernan
>>
>> Saludos
>> Edo.
>
>* Espero esto sea lo ke buscas.
>
>
>Saludos AcidGum
>http://spin.com.mx/~rarriola/
>


=============================================================================
"inet-admins" Internet access mailing list. Maintained by East Connection ISP.
Mail "unsubscribe inet-admins" to Majordomo@info.east.ru if you want to quit.



 




Copyright © Lexa Software, 1996-2009.