[c-nsp] Brute Forcer [Slightly OT]

James Bensley jwbensley at gmail.com
Mon Jun 27 16:45:13 EDT 2011


On 27 June 2011 21:39, Saku Ytti <saku at ytti.fi> wrote:
> Are you attempting to test how feasible it is in real-life? Or have
> you forgotten the password? If you have configuration backups and it
> is type 7 you can easily recover it. If it is MD5 and it is 8
> characters of non-dictionary you have rather small chance of cracking
> it with CPU, with several GPU it can become practical.
>
> Over telnet it's going to be impractical, even if you could do
> wire-rate (you cannot, not anywhere near) 100M port still cannot reach
> multiple 10k guesses per second (single query in minimum of 4 packets,
> in real implementations more).  In practice control-plane will limit
> it to much under 10k guesses per second, so it would take impractical
> amount of time to brute force it over telnet.

Yes it is for a feasibility study, no forgotten passwords.

Yes I thaught it would be slow going over Telnet, although Hyrda is
multi-threaded which is nice, get a couple of clients running Hyrda
against the same device and thats about as good as it gets because a
low cpu router/switch will probably top out quite easily. But when
going against some higher end routers I am hoping that a half decent
speed will be achievable.

As for the MD5 sums; If I can get to a router config I wont be
cracking them on any desktop machines, Amazon EC2 will do it for me
for about $20 hopefully.

-- 
James.
http://www.jamesbensley.co.cc/



More information about the cisco-nsp mailing list