Results 1 to 4 of 4

Thread: Hydra for cracking Cisco enable passwords

  1. #1
    Join Date
    Sep 2003

    Hydra for cracking Cisco enable passwords

    I'm testing Hydra against a router I know the username and passwordfor, but I'm getting flaky results. I'm trying to brute force the enable password, but I don't think my command line is quite right. Can someone point me in the right direction please?

    Here's what I'm using. Remember I already know the passwords for Telnet and enable. I'm just trying to see is the enable cracker in Hydra works (for me).

    #hydra cisco-enable -s 23 -P passlist.txt -t 4 -f -m ""

    Here's a run down on what I THINK this is supposed to do:

    1. hit host
    2. try to brute force cisco enable password
    3. -s 23 = the port the service is running on
    4. -P passlist.txt = a list with a valid password that should create a poisitve match for enable
    5. -t 4 = use timing 4 which was recommended by Hydra for enable passwords
    6. -f = stop at first successful login
    7. -m "" = login for Telnet, in this case the passwords is blank ("") for testing

    When it runs, it successfully conects the router and logs into Telnet and attempt enable passwords. The problem is that the results never show the password that was used to login and many times it says "As this login was successful it will be skipped" BUT it doesn't show which login worked! In verbose mode the login/password output list stops at random passwords, never at the proper password.

    Any ideas?

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    If it dumps you at the command prompt, show the running config and copy the encrypted password.

    You could also use something like CAIN or a protocol sniffer to grab which password worked?

    There are several utilities out there that will decrypt the passwords. (Won't work on PIX.)

    I have not played around with hydra so I can't help you with that.
    Maybe I'll mess with it this evening.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Join Date
    May 2005
    The new Cain will decrypt the Cisco Pix MD5 hash, but on my machine running 2.5 million brute force attacks per second it was going to take roughly 11 trillion years to crack.

    I highly advise the use of a very large (40 - 80 gb if you can afford it) sized rainbow table if you want a good chance of cracking it in under a week or so. This is all included with the Cain download at

    "Experience is the hardest teacher, it gives the test first and the lesson after." Anonymous

  4. #4
    Senior Member
    Join Date
    Aug 2003
    for an empty password use '-e n'
    Industry Kills Music.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts