Cracking Cisco Passwords with John the Ripper

Sunday, April 19th, 2009

InfoSec Survival Guide: Cracking Cisco Passwords with John

http://infosecsurvivalguide.blogspot.com/2008/11/cracking-cisco-passwords-with-john.html

http://www.openwall.com/john/pro/macosx/

http://www.macshadows.com/forums/index.php?showtopic=8506

John the Ripper 1.7.3.1

http://mac.softpedia.com/get/Security/John-the-Ripper.shtml

John the Ripper 1.7.2 for G4 PowerPC, G5 PowerPC and Intel Macs (Universal Binary) (released 11/30/07)

http://www.macunix.net/JTR/john-1.7.2-macosx-universal.zip

Download the pre-patched (for OS X salted SHA1 hashes too) pre-compiled version of John the Ripper here:

http://www.macunix.net/JTR/

Unzip the archive.

Open Terminal.

Drag the file “john” from the folder “run” from within the unzipped “john-1.7.2-macosx-universal” folder to the Terminal window and let go.

Type a space.

Drag the text file containing your hash ( student:078D486A55E9922772C7F6F46113038E4800D6EDF4D31720 ) to the Terminal window and let go.

Click back in the Terminal window and press the return key.
QUOTE
Loaded 1 password hash (Salt SHA1 [salt-sha1])
barlow (student)

Posted in Uncategorized | No Comments »

how to reset root password on vmware esx classic

Thursday, March 19th, 2009

Follow these steps if you need to reset the root password on an ESX classic.

Note: Ignore the “quote marks” in the instructions below.

1 – turn on system (if it’s on then reboot it with Ctrl-Alt-Del from console)
2 – when grub appears press the “tab” key
3 – highlight VMware ESX line using the “arrow” keys
4 – press the “e” key
5 – scroll to kernel line using the “arrow” keys
6 – press the “e” key (again, I know!)
7 – press the “end” key to move cursor to end of the kernel line
8 – type the word “single” (using the keys)
9 – press the “b” key to boot the ESX host into single user mode
10 – eventually a “sh-3.2#” root prompt will appear
11 – use the command “passwd” to reset the password
12 – use the command “reboot” to reboot the ESX machine
13 – login to the console or the vic using the new password!

That’s it! I hope this procedure works for you. Your feedback is appreciated.

Morale of this story is:
1 – always protect the physical environment where you ESX host is located.
2 – always secure the Lights Out/Remote Access/IP-KVM/console access to your host.
3 – consider using a GRUB password on your ESX host so as to prevent password resets.

Posted in virtualization | No Comments »