Cracking a Cisco Password
Here is a guide on how to crack a Cisco password. In this guide you will learn how to crack a Cisco hash password.
Brief overview about Cisco passwords
In a Cisco equipment, there are two passwords, namely the “enable” and “telnet”. Within the Cisco “enable” command there are two ways which you can store a password.
- Enable password (Type 7)
- Enable secret (Type 5)
The “enable password” was the original encryption algorithm used by Cisco, and its algorithm was not released to general public. However the algorithm was figured out and there are at least two decryption programs that are available on the internet. “Enable password” has a very weak algorithm and shouldn’t be used. The source code in order to decrypt a type 7 password is readily available on the internet.
“Enable secret” is the replacement for the “enable password”. “Enable secret” is more secure as it encrypts the password using md5 hash. While hashes are one way algorithms, meaning it is not possible to recover the password using the given hash, the trick to crack a Cisco password is by using a dictionary attack or brute force attack.
Cracking Cisco Password Requirements:
- Cisco password hash
- John the Ripper tool
Steps on how to crack a Cisco Password:
1. From the Cisco switch or router, display the running configuration by typing the following at the enable prompt: # show running-config
2. Look for the “enable secret 5” plus the hash or “enable password 7” and the hash.
3. If it uses “enable password 7” then you take note of the hash and use online Cisco password decrypter to decrypt the password. If it uses the “enable secret 5”, then it is a md5 hashed password.
4. Get the hash or place it in a text editor, and save it in the following format. chash: enable:thehashpassword
5. Now use John the Ripper to crack it. # /usr/local/john /path/to/chash