Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 2 Feb 2010 22:31:49 +0300
From: Solar Designer <>
Subject: Re: Cracking CISCO ASA 5510

On Tue, Feb 02, 2010 at 03:11:09PM -0300, Nahuel Grisol?a wrote:
> alex:h3mJrcH0901pqX/m
> cisco:3USUcOPFUiMCO4Jk
> cisco1:3USUcOPFUiMCO4Jk
> admcom:lZt7HSIXw3.QP7.R
> alex:ripper
> cisco and cisco1 : cisco (no salt!)

I've figured this out.  There is a salt - it is the first four
characters of the username.  This salt gets appended to the password.
The code currently in john- cracks your hashes above as:


Similarly, I was able to crack some hashes found on the web:


It was said that the usernames were "john" and "jack", and the password
was simply "cisco".

Thus, for cracking individual passwords you may use a wordlist rule like:


or an external filter() like:

void filter()
	int i;

	i = 0;
	while (word[i])
	word[i++] = 'c';
	word[i++] = 'i';
	word[i++] = 's';
	word[i++] = 'c';
	word[i] = 0;

The filter() is compatible with any cracking mode, for example:

$ ./john -i -e=newpix pw
Loaded 3 password hashes with no different salts (PIX MD5 [pix-md5 MMX])
ciscocisc        (cisco)

Obviously, it will only succeed in cracking the correct-username hash.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.