You think your ISP is dumb?

GT-RobGT-Rob Member Posts: 1,090
in Off-Topic
Long story short, I was working with my ISP (I won't name them, but heres a hint. They are the largest ISP in Canada...), and asked about the QoS config on a new router they installed at one of our branches. So what does the guy send me?


The entire 'show run' of the router, WITHOUT service-password encryption on...


Thats right, in clear text, the VTY, Console, SNMP, etc, passwords, that I assume are probably generic across all routers (based on the comments on the config). All their ACLs, ntp servers, syslog servers, all their MPLS traffic engineering that basically lays out their entire network for me. Honestly I could a LOT of damage with this info, and I am shocked that they just handed it over to me because the engineer didn't know better.
http://frozenrouter.blogspot.com
· Share on FacebookShare on Twitter

Comments

  • stlsmoorestlsmoore Member Posts: 515 ■■■□□□□□□□
    haha NICCCE :D
    My Cisco Blog Adventure: http://shawnmoorecisco.blogspot.com/

    Don't Forget to Add me on LinkedIn!
    https://www.linkedin.com/in/shawnrmoore
    · Share on FacebookShare on Twitter
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    GT-Rob wrote: »
    Long story short, I was working with my ISP (I won't name them, but heres a hint. They are the largest ISP in Canada...), and asked about the QoS config on a new router they installed at one of our branches. So what does the guy send me?


    The entire 'show run' of the router, WITHOUT service-password encryption on...


    Thats right, in clear text, the VTY, Console, SNMP, etc, passwords, that I assume are probably generic across all routers (based on the comments on the config). All their ACLs, ntp servers, syslog servers, all their MPLS traffic engineering that basically lays out their entire network for me. Honestly I could a LOT of damage with this info, and I am shocked that they just handed it over to me because the engineer didn't know better.

    Even with the service password encryption on you can go to some websites and break that pretty easily. This is all sorts of fail.
    · Share on FacebookShare on Twitter
  • CSCOnoobCSCOnoob Member Posts: 120
    knwminus wrote: »
    Even with the service password encryption on you can go to some websites and break that pretty easily.

    True. Since MD5 has been cracked, there are a lot of websites that can convert it to clear text.
    · Share on FacebookShare on Twitter
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    CSCOnoob wrote: »
    True. Since MD5 has been cracked, there are a lot of websites that can convert it to clear text.

    The service-password encryption doesn't use MD5 it used some weak encryption. The secret password uses MD5.

    Edit: Although I did find some different MD5 crackers....
    · Share on FacebookShare on Twitter
  • CSCOnoobCSCOnoob Member Posts: 120
    knwminus wrote: »
    The service-password encryption doesn't use MD5 it used some weak encryption. The secret password uses MD5.

    Edit: Although I did find some different MD5 crackers....

    Yes, it does not. I am just saying that MD5 has been cracked so the whole config that uses it will be vulnerable. Routing protocols and HSRP authentication are MD5 right?
    · Share on FacebookShare on Twitter
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    you can't crack a type 5 directly, it's just a hash, and IOS does use salted hashes. Only way to crack it is good old brute force dictionary attacks. Generate a strong password and try to actually crack it's MD5 hash, it'll probably take you longer than it's worth. Or have time to live.

    As far as the ISP in question, yes, they're freaking morons.
    · Share on FacebookShare on Twitter
  • CSCOnoobCSCOnoob Member Posts: 120
    Yes, you are right. You can't crack the MD5 directly. You can, however, can crack with two tools, IIRC. I haven't done it myself but there was one website that can convert the hash and then you need to go to use another website or a DOS program to convert it to clear text.
    · Share on FacebookShare on Twitter
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    hashes are one way, you can't convert them directly back into the same text. Dictionary or brute force attacks are basically hashing different combinations and comparing them to the hash you do have until you get a match. This is one reason why security folks hate people that use simple dictionary based passwords.

    MD5 is vulnerable to collisions, however, where two different items can result in the same hash, and this is where the real weakness comes in.
    · Share on FacebookShare on Twitter
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    GT-Rob wrote: »
    The entire 'show run' of the router, WITHOUT service-password encryption on...

    That is just shocking... icon_eek.gif
    · Share on FacebookShare on Twitter
  • tierstentiersten Member Posts: 4,505
    CSCOnoob wrote: »
    Yes, you are right. You can't crack the MD5 directly. You can, however, can crack with two tools, IIRC. I haven't done it myself but there was one website that can convert the hash and then you need to go to use another website or a DOS program to convert it to clear text.
    The passwords are "cracked" by people generating massive tables that contains a list of likely passwords and then just looking up what plaintexts gives that hash as a result. It is a space-time tradeoff and can be done with any hashing algorithm if you have sufficient space and computational resources to generate it. Not all the available tables have every combination possible of characters and length of password so it isn't 100% guaranteed that you'll be able to recover the password from the hash if the user used some unusual characters.

    The actual breaking of MD5 is that people have worked out how to generate collisions so two different plaintexts will result in the same hash value. It should be equivalent to a brute force operation to generate a collision in your hashing algorithm intentionally but in the case of MD5 it is possible to do so with a reasonable amount of effort. The two plaintexts have to be carefully chosen and crafted so give you this result. For passwords, the massive rainbow table is the better choice since the table is reusable.

    If the authentication system you're trying to reverse the hashes for has a salting system that wasn't taken into account of by the people generated your table then the table is useless and won't give you a result.

    Cryptologists deem an algorithm broken if you can reduce the amount of work required to break it using bruteforce by only a couple magnitudes. For some algorithms, that still means you'd be spending years doing it using large clusters. They deem it to be broken because they know that computional resources are getting faster over time and will only make it quicker to break.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.