September 22nd, 2014

TACACS+ password cracking^w auditing

If you’re using the tac_plus implementation of Cisco’s TACACS+ server and want to do password auditing, I’ve written a quick script that will take the config file with all of its users and output a john the ripper compatible password file. You can run john directly against this generated file.

Here’s an abbreviated example:

$ ./tacacs-passwd-dump.py
usage: ./tacacs-passwd-dump.py <input tacacs file> <output passwd file>

$ ./tacacs-passwd-dump.py tac_plus.cfg tacacs.passwd
[*] Got user [john] [john smith]
[*] Got user [fred] [fred smith]
[*] Imported [2] accounts
[*] Done.

$ john tacacs.passwd
Loaded 2 password hashes with 2 different salts (Traditional DES [128/128 BS SSE2])
lamepassword (foo1)

Imhotep theme designed by Chris Lin. Proudly powered by Wordpress.
XHTML | CSS | RSS | Comments RSS