Results 1 to 4 of 4

Thread: Hydra for cracking Cisco enable passwords

  1. March 24th, 2005, 03:33 PM #1
    Trench_Rot
    Trench_Rot is offline
    Member
    Join Date
    Sep 2003
    Posts
    42

    Hydra for cracking Cisco enable passwords

    I'm testing Hydra against a router I know the username and passwordfor, but I'm getting flaky results. I'm trying to brute force the enable password, but I don't think my command line is quite right. Can someone point me in the right direction please?

    Here's what I'm using. Remember I already know the passwords for Telnet and enable. I'm just trying to see is the enable cracker in Hydra works (for me).

    #hydra 192.168.1.1 cisco-enable -s 23 -P passlist.txt -t 4 -f -m ""

    Here's a run down on what I THINK this is supposed to do:

    1. hit host 192.168.1.1
    2. try to brute force cisco enable password
    3. -s 23 = the port the service is running on
    4. -P passlist.txt = a list with a valid password that should create a poisitve match for enable
    5. -t 4 = use timing 4 which was recommended by Hydra for enable passwords
    6. -f = stop at first successful login
    7. -m "" = login for Telnet, in this case the passwords is blank ("") for testing

    When it runs, it successfully conects the router and logs into Telnet and attempt enable passwords. The problem is that the results never show the password that was used to login and many times it says "As this login was successful it will be skipped" BUT it doesn't show which login worked! In verbose mode the login/password output list stops at random passwords, never at the proper password.

    Any ideas?
    Reply With Quote Reply With Quote
  2. March 24th, 2005, 04:16 PM #2
    phishphreek
    phishphreek is offline
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    If it dumps you at the command prompt, show the running config and copy the encrypted password.

    You could also use something like CAIN or a protocol sniffer to grab which password worked?

    There are several utilities out there that will decrypt the passwords. (Won't work on PIX.)

    I have not played around with hydra so I can't help you with that.
    Maybe I'll mess with it this evening.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
    Reply With Quote Reply With Quote
  3. May 14th, 2005, 08:19 AM #3
    The_Captain
    The_Captain is offline
    Member
    Join Date
    May 2005
    Posts
    92
    The new Cain will decrypt the Cisco Pix MD5 hash, but on my machine running 2.5 million brute force attacks per second it was going to take roughly 11 trillion years to crack.

    I highly advise the use of a very large (40 - 80 gb if you can afford it) sized rainbow table if you want a good chance of cracking it in under a week or so. This is all included with the Cain download at

    www.oxid.it
    "Experience is the hardest teacher, it gives the test first and the lesson after." Anonymous
    Reply With Quote Reply With Quote
  4. May 15th, 2005, 02:48 PM #4
    stanger
    stanger is offline
    Senior Member
    Join Date
    Aug 2003
    Posts
    185
    for an empty password use '-e n'
    Industry Kills Music.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules