Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 2 Feb 2010 04:47:37 +0300
From: Solar Designer <>
Subject: Re: Cracking CISCO ASA 5510

On Mon, Feb 01, 2010 at 11:54:16AM -0300, Nahuel Grisol?a wrote:
> Hello there, I want to crack the following:
> username USER1 password 8X6XXXXXXXXXXHZB encrypted
> username USER2 password H1HXXXXXXXXX8rwR. encrypted
> Does JtR support this?

I was too quick to state that this was not supported.  It is.  It turns
out that this is the same hashing method that Cisco PIX uses:

$ cat pw

$ ./john pw
Loaded 1 password hash (PIX MD5 [pix-md5 MMX])
cisco            (cisco)

For the specific test above, I had to actually fix a minor bug in
pixMD5_fmt.c (in  Change the line:



		if(atoi64[ARCH_INDEX(ciphertext[i])] == 0x7F)

(the original line would not allow for the dot character in the hash
encoding string).

There are sample hashes and other relevant info here:

Some of the comments claim that there's a salt involved and hint that
the username is being used as a salt.  This is not the case for the
PIX/ASA hashes supported by JtR.  Maybe those comments were wrong, or
maybe there's something yet unknown (to me) behind them.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.