Date: Tue, 2 Feb 2010 11:38:33 -0300 From: Nahuel Grisolía <nahuel.grisolia@...il.com> To: john-users@...ts.openwall.com Subject: Re: Cracking CISCO ASA 5510 On 1 February 2010 22:47, Solar Designer <solar@...nwall.com> wrote: > > I was too quick to state that this was not supported. It is. It turns > out that this is the same hashing method that Cisco PIX uses: > > $ cat pw > cisco:2KFQnbNIdI.2KYOU > > $ ./john pw > Loaded 1 password hash (PIX MD5 [pix-md5 MMX]) > cisco (cisco) > > For the specific test above, I had to actually fix a minor bug in > pixMD5_fmt.c (in 18.104.22.168-jumbo-1). Change the line: > > if(!atoi64[ARCH_INDEX(ciphertext[i])]) > > to: > > if(atoi64[ARCH_INDEX(ciphertext[i])] == 0x7F) > > (the original line would not allow for the dot character in the hash > encoding string). > > There are sample hashes and other relevant info here: > > http://ccie.pl/viewtopic.php?t=10210 > http://www.oxid.it/downloads/pix_passwd.txt > http://www.freerainbowtables.com/phpBB3/viewtopic.php?f=2&t=1441 > http://www.openwall.com/lists/john-users/2008/04/15/1 > > Some of the comments claim that there's a salt involved and hint that > the username is being used as a salt. This is not the case for the > PIX/ASA hashes supported by JtR. Maybe those comments were wrong, or > maybe there's something yet unknown (to me) behind them. > > Alexander > Hello! With a PIX (Cisco PIX Security Appliance Software Version 7.1(2)28 Device Manager Version 5.1(2)) with this dummy user: dmcom:lZt7HSIXw3.QP7.R which cleartext password is CscFw-ITC! JtR 1.4.2 with Jumbo2 is not working or i'm doing something wrong... Maybe, if someone can play with a pix or asa, please generate some username-password combinations in order to test this format in JtR.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.