March 24th, 2005, 03:33 PM
Hydra for cracking Cisco enable passwords
I'm testing Hydra against a router I know the username and passwordfor, but I'm getting flaky results. I'm trying to brute force the enable password, but I don't think my command line is quite right. Can someone point me in the right direction please?
Here's what I'm using. Remember I already know the passwords for Telnet and enable. I'm just trying to see is the enable cracker in Hydra works (for me).
#hydra 192.168.1.1 cisco-enable -s 23 -P passlist.txt -t 4 -f -m ""
Here's a run down on what I THINK this is supposed to do:
1. hit host 192.168.1.1
2. try to brute force cisco enable password
3. -s 23 = the port the service is running on
4. -P passlist.txt = a list with a valid password that should create a poisitve match for enable
5. -t 4 = use timing 4 which was recommended by Hydra for enable passwords
6. -f = stop at first successful login
7. -m "" = login for Telnet, in this case the passwords is blank ("") for testing
When it runs, it successfully conects the router and logs into Telnet and attempt enable passwords. The problem is that the results never show the password that was used to login and many times it says "As this login was successful it will be skipped" BUT it doesn't show which login worked! In verbose mode the login/password output list stops at random passwords, never at the proper password.
March 24th, 2005, 04:16 PM
If it dumps you at the command prompt, show the running config and copy the encrypted password.
You could also use something like CAIN or a protocol sniffer to grab which password worked?
There are several utilities out there that will decrypt the passwords. (Won't work on PIX.)
I have not played around with hydra so I can't help you with that.
Maybe I'll mess with it this evening.
is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
May 14th, 2005, 09:19 AM
The new Cain will decrypt the Cisco Pix MD5 hash, but on my machine running 2.5 million brute force attacks per second it was going to take roughly 11 trillion years to crack.
I highly advise the use of a very large (40 - 80 gb if you can afford it) sized rainbow table if you want a good chance of cracking it in under a week or so. This is all included with the Cain download at
"Experience is the hardest teacher, it gives the test first and the lesson after." Anonymous
May 15th, 2005, 03:48 PM
for an empty password use '-e n'