[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100202193149.GA6069@openwall.com>
Date: Tue, 2 Feb 2010 22:31:49 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Cracking CISCO ASA 5510
On Tue, Feb 02, 2010 at 03:11:09PM -0300, Nahuel Grisol?a wrote:
> alex:h3mJrcH0901pqX/m
> cisco:3USUcOPFUiMCO4Jk
> cisco1:3USUcOPFUiMCO4Jk
> admcom:lZt7HSIXw3.QP7.R
>
> alex:ripper
> cisco and cisco1 : cisco (no salt!)
I've figured this out. There is a salt - it is the first four
characters of the username. This salt gets appended to the password.
The code currently in john-1.7.4.2-jumbo-2 cracks your hashes above as:
h3mJrcH0901pqX/m:ripperalex
3USUcOPFUiMCO4Jk:ciscocisc
lZt7HSIXw3.QP7.R:CscFw-ITC!admc
Similarly, I was able to crack some hashes found on the web:
hN7LzeyYjw12FSIU:ciscojohn
7DrfeZ7cyOj/PslD:ciscojack
It was said that the usernames were "john" and "jack", and the password
was simply "cisco".
Thus, for cracking individual passwords you may use a wordlist rule like:
[List.Rules:NewPIX]
Az"cisc"
or an external filter() like:
[List.External:NewPIX]
void filter()
{
int i;
i = 0;
while (word[i])
i++;
word[i++] = 'c';
word[i++] = 'i';
word[i++] = 's';
word[i++] = 'c';
word[i] = 0;
}
The filter() is compatible with any cracking mode, for example:
$ ./john -i -e=newpix pw
Loaded 3 password hashes with no different salts (PIX MD5 [pix-md5 MMX])
ciscocisc (cisco)
Obviously, it will only succeed in cracking the correct-username hash.
Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
