Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1997_4

Bugtraq archives for 4th quarter (Oct-Dec) 1997: Re: cisco passwords

Re: cisco passwords

Janos Zsako (zsakoBANKNET.NET)
Tue, 11 Nov 1997 12:27:07 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Greg Bacon: "Re: CERT Advisory CA-97.25 - CGI_metachar"
Previous message: dsiebertICAEN.UIOWA.EDU: "Safe /tmp cleanup"
Maybe in reply to: Jared Mauch: "cisco passwords"

>   From owner-bugtraqnetspace.org Sun Nov  2 02:09:47 1997
>   From: Jared Mauch <jaredpuck.nether.net>

>           I've done a few code cleanups on the decryption stuff and put
>   it up for ftp with these fixes.. i have a few more to make
>   so it'll just grab it from bgp sessions, ospf keys, etc..
>
>           Get it from ftp://puck.nether.net/pub/jared/decrypt.c

It does not work reliably for passwords longer than eight characters.
The problem is that Cisco passwords can be 11 character long, and if the
initial seed is larger than 10, the translation table is too short.
The full translation table is as follows:

char xlat[] = {
        0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f,
        0x41, 0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72,
        0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44, 0x48, 0x53 , 0x55, 0x42
};

This copes also with the case when the passwords that are 11 character long and
the seed is 15.

Janos Zsako

PS. The passwords longer than 11 characters are allowed, however they are
truncated to the first 11 characters (just as they are to 8 in most Unix
implementations).

Next message: Greg Bacon: "Re: CERT Advisory CA-97.25 - CGI_metachar"
Previous message: dsiebertICAEN.UIOWA.EDU: "Safe /tmp cleanup"
Maybe in reply to: Jared Mauch: "cisco passwords"