hashcat Forum

Full Version: Cisco IOS hashes
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I am new to the forum, so I hope I have used all the available resources first..

MD5crack, Cain and JtR can all be used to crack a cisco IOS MD5 hash, but I can't find anything in Hashcat that will work. Before I bang my head into the wall anymore, I figured it would be worth asking..

Can Hashcat be used to crack a Cisco IOS MD5?

From what I have gathered, a typical unix style MD5 would be in the format

Code:
$1$<8 byte salt>$<hash>
It seems that the Cisco IOS MD5 uses a similar but smaller format
Code:
$1$<4 byte salt>$<hash>
This smaller format will always give a line length exception.

I started to just bang away at every MD5 available and came up empty.
Am I missing something or is it just not available?

Thanks!!
yes, you are lucky :-)

for example:

$ openssl passwd -1 -salt pdQG -table foobar
foobar $1$pdQG$0WzLBXV98voWIUEdIiLm11

thumbstone hashcat-0.35 # cat > hash
$1$pdQG$0WzLBXV98voWIUEdIiLm11
thumbstone hashcat-0.35 # echo foobar > word
thumbstone hashcat-0.35 # ./hashcat-cli32.bin -m 500 hash word
...
$1$pdQG$0WzLBXV98voWIUEdIiLm11:foobar
All hashes have been recovered
Thanks for the insight... I first tried using hashcat in the gui format, where these hashes did a complete failboat even when i selected the MD5(unix). It would seem that I made the mistake of doing a copy/paste from the nice helpful section from the gui hashcat and tried it in command line. Failed as well...

When you put the hash into an actual file, it works fine!
The length problem I was getting wasn't the salt was too short... the command line was reading the $1$....$ wrong and was chopping the entire hash apart, so hashcat never saw it. Turns out windows command shell and Bash both hate dollar signs.