lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <43165.193.113.48.7.1101313483.squirrel@193.113.48.7>
From: pjp at paulo-pereira.net (Paulo Pereira)
Subject: previledge password in cisco routers

Interesting point. I assumed a legit access therefore my suggestions, but
I guess you are right, a legit person would most probably not consider a
brute force attack on his own box. Although some times people do shoot
themselves in the foot doing something stupid that kicks them out of the
box and then have to travel a few hundred miles to get access to the box.

Paulo Pereira

<quote who="Leeuwen, Allan van">
> And may I add that your other posts look more or less the same ....
> I'm putting my money on you being a skiddie :)
>
> l8r
>
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Michael
> Rutledge
> Sent: Wednesday, November 24, 2004 2:42 PM
> To: full-disclosure@...ts.netsys.com
> Cc: john morris
> Subject: Re: [Full-Disclosure] previledge password in cisco routers
>
> The amount of help you receive on this mailing list is going to depend
> greatly on one question:  Do you own the box?  (or the router as it is
> in your case).  As it stands, and I mean this in the best way possible,
> you look like a script kiddie looking to get some leetness by doing
> something easy.  The suggestions you get on FD are not going to be as
> helpful to you if you are trying to hack someone else's hardware.
>
> That said, I happily look forward to the flames you are about to get for
> asking how to hack someone's router. This will be an entertaining
> Wednesday after all.  :)
>
> -Michael
>
>
> On Wed, 24 Nov 2004 04:28:18 -0800 (PST), Paulo Pereira
> <pjp@...lo-pereira.net> wrote:
>> John,
>>
>> if you have an old config you may decode it with some available tools
>> in the web. A google search for "cisco password recovery" may help
> you.
>>
>> If you use TACACS change it there... or force the TACACS to disappear
>> to use the local one... it really depends on the configs you have in
> the box.
>>
>> Regards,
>>
>> Paulo Pereira
>>
>> <quote who="john morris">
>>
>>
>> > Ooops.. i reframe my question. Is there a way to get the enable
>> > password remotely . Brute force is not my option
>> >
>> >
>> >
>> > (FROM LINKS TO LINKS WE ARE ALL LINKED)
>> >
>> > cheersssss.....
>> >
>> > morris
>> >
>> > _______________________________________________
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>> >
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.netsys.com/full-disclosure-charter.html
>>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>
> ===========================================================
>
> De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is alleen
> bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt,
> wordt u verzocht de inhoud niet te gebruiken en de afzender direct te
> informeren door het bericht te retourneren. Hoewel Orange maatregelen
> heeft genomen om virussen in deze email of attachments te voorkomen, dient
> u ook zelf na te gaan of virussen aanwezig zijn aangezien Orange niet
> aansprakelijk is voor computervirussen die veroorzaakt zijn door deze
> email.
>
> The information contained in this message may be confidential and is
> intended to be only for the addressee. Should you receive this message
> unintentionally, please do not use the contents herein and notify the
> sender immediately by return e-mail. Although Orange has taken steps to
> ensure that this email and attachments are free from any virus, you do
> need to verify the possibility of their existence as Orange can take no
> responsibility for any computer virus which might be transferred by way of
> this email.
>
> ===========================================================
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ