Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 2 Feb 2010 11:38:33 -0300
From: Nahuel Grisolía <nahuel.grisolia@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Cracking CISCO ASA 5510

On 1 February 2010 22:47, Solar Designer <solar@...nwall.com> wrote:

>
> I was too quick to state that this was not supported.  It is.  It turns
> out that this is the same hashing method that Cisco PIX uses:
>
> $ cat pw
> cisco:2KFQnbNIdI.2KYOU
>
> $ ./john pw
> Loaded 1 password hash (PIX MD5 [pix-md5 MMX])
> cisco            (cisco)
>
> For the specific test above, I had to actually fix a minor bug in
> pixMD5_fmt.c (in 1.7.4.2-jumbo-1).  Change the line:
>
>                if(!atoi64[ARCH_INDEX(ciphertext[i])])
>
> to:
>
>                if(atoi64[ARCH_INDEX(ciphertext[i])] == 0x7F)
>
> (the original line would not allow for the dot character in the hash
> encoding string).
>
> There are sample hashes and other relevant info here:
>
> http://ccie.pl/viewtopic.php?t=10210
> http://www.oxid.it/downloads/pix_passwd.txt
> http://www.freerainbowtables.com/phpBB3/viewtopic.php?f=2&t=1441
> http://www.openwall.com/lists/john-users/2008/04/15/1
>
> Some of the comments claim that there's a salt involved and hint that
> the username is being used as a salt.  This is not the case for the
> PIX/ASA hashes supported by JtR.  Maybe those comments were wrong, or
> maybe there's something yet unknown (to me) behind them.
>
> Alexander
>

Hello! With a PIX (Cisco PIX Security Appliance Software Version 7.1(2)28
Device Manager Version 5.1(2)) with this dummy user:

dmcom:lZt7HSIXw3.QP7.R

which cleartext password is CscFw-ITC!

JtR 1.4.2 with Jumbo2 is not working or i'm doing something wrong...

Maybe, if someone can play with a pix or asa, please generate some
username-password combinations in order to test this format in JtR.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.