Does anyone know the password encryption used for the Cisco IE1000 swtiches?
From the running config:
username admin privilege 15 password encrypted f4938f70f013e8a70bee2fc24ba411157042e4ed5cd5db72d19f8d763b7f1880bcaf71378c29ade98af6726366d1f602445f255d6ab59929968e57760155cee1
I thought it was SHA2-512 however using -m 1700 does not find the known password
Cheers
Thanks Philsmd, it is not an enable password it is the user account password. The 'show encryption service stat' command is not available.
It doesn't matter what I change the password to the hash is always 128 characters
After doing some further testing, the hash changes each time you change the password even if the password is the same...
Example password: !1Abcdef (There are password minimum complexity requirements)
4d16005dafff396d2ed7e0e84ee91fe736f8d8336d63d4d410bfbc848c0060ba3d06a76c9d25072c09c3d6ef8c7f1f6a86873209bece980fc6ff40fe83056ea0
And setting the same password again results in:
d709fb5819ada6c5e7f2652ac0aa11ff304f947b45512476bb46a8f40e348c43c7a601976b6b36131b39d67552ca85f06cbbedffefa499c29a9021df7131b9dc
that's interesting. so it seems to be a hash indeed.
The problem is that we do not know the algorithm, Maybe that's a Cisco secret, I guess.
You could try to kindly ask some cisco support/technicians to provide more information about the security of the credentials and which algorithm is used etc.
I guess the other possibility would be to download the firmware from
https://software.cisco.com/download/home/286307836 (this page unfortunately requires a login, I don't have the firmware, nor a cisco login, maybe somebody else have and can download/investigate the firmware and if anything is different between these versions etc ... maybe both 1.6 and 1.8.1 would be interesting)...
the last option would be to guess the algorithm, but it could be kind of everything e.g. salted non-iterated hashes or PBKDF2 or even more modern hashing algorithms... several parameters like the iteration count could be unknown and therefore it could be a very difficult guessing gaming (because of this "secret algorithm", obfuscation).
In my opinion the algorithm should be clearly mentioned in the manual/documentation... this is really a bad obfuscation/hiding game of secret (again, I assume that it's really not common knowledge and public what the password hashing algorithm is, I may be wrong... but it doesn't seem that there is much information available online how these 128 bytes are generated)...
I think the first step should be to reach out to some cisco staff and tell them that for compliance/security reasons you need to know how secure this algorithm is and how you can double-check the security by being able to reproduce these password hashing steps.
Tried a few things with PBKDF2-HMAC-SHA256 but no dice. Tried iteration count 1-3000, then up to 30500 in 500 steps and also 2^x, x ∈ ℕ<17. Both salt+hash and hash+salt.