This website will crack Cisco 7 passwords instantly. http://www.ibeast.com/content/tools/ciscopassword/. This shows that this type of “encryption” is useless when an attacker has access to view the configuration of the switch. Better to use more stringent encryption like 4096 bit. But this is the way that Cisco work. If you get access to a Cisco switch and can use this command to show the running-config:
lannister#show running-config |
Then the passwords are visible…
Current configuration : 2315 bytes ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname lannister ! boot-start-marker boot-end-marker ! enable password 7 071F205F5D1E161713 ! username cisco password 7 065009271D1C59400116 aaa new-model ! ! ! ! ! aaa session-id common system mtu routing 1500 ip subnet-zero ! ip domain-name arya ! ! ! ! ! ! ! --More-- |
So, make your switches more secure. Prohibit physical access with locked cabinets, do not use the default VLAN for the management interface(s) and educate the Cisco network administrators on secure practices and how to properly configure the switches to function correctly on the network, but still be secure from unwanted access. Use SSH for remote access instead of Telnet.
This is a better way to set an enable password.
lannister(config)#enable secret password1 |
Current configuration : 2325 bytes ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname lannister ! boot-start-marker boot-end-marker ! enable secret 5 $1$OO2w$t./V1m3JAubQArABZUqG8/ ! username cisco password 7 065009271D1C59400116 aaa new-model ! ! ! ! ! aaa session-id common system mtu routing 1500 ip subnet-zero ! ip domain-name arya ! ! ! ! ! ! ! --More-- |
This can still be cracked with this tool, but if you set a strong password, it should be more secure than a useless and insecure MD5 hash. Setting a longer password, i.e a long sentence, makes this tool take a very long time indeed. If you used upper case and numbers, then the password would take an exponentially greater amount of time to crack. Also if you use characters like !@#$%^&*()/ that makes it even more secure. Very effective to make the required wordlist much larger than is tenable. That is the best way to increase security. But if the switches and routers are in a secure location and it is locked, then physical security takes over. Then the system is far more secure. A very good way to ensure that your network is truly safe from snoopers and hackers.
Crack the Telnet password on a Cisco switch.
https://securitronlinux.com/debian-testing/how-to-crack-the-cisco-telnet-password-on-a-cisco-2960-switch/.
How to list all passwords on a Cisco switch.
https://securitronlinux.com/bejiitaswrath/how-to-list-all-passwords-on-a-cisco-switch/.