Date: Fri, 28 Nov 2014 15:21:43 -0300 From: Nahuel Grisolia <nahuel.grisolia@...il.com> To: john-users@...ts.openwall.com Subject: Re: Palo Alto Networks Web Admin Console "phash" Hi! > On Nov 27, 2014, at 8:08 PM, magnum <john.magnum@...hmail.com> wrote: > > On 2014-11-27 22:37, Nahuel Grisolia wrote: >> Hi all! hope you're doing well! >> >> I'm playing with a Palo Alto Networks device, and noticed that, at least for the Web Console, a "phash" type of hash algorithm. >> >> I'm using JtR Bleeding Jumbo and it recognizes the hash, as an AIX-smd5, AIX LPA, modified crypt-md5. However, as I know the password, I tried it with a dictionary with my password in there, but It didn't crack it, thus I believe that the format is not correct. >> >> Any thoughts? Have you ever tried to crack this type of passwords? > > We can probably work it out. Please supply an example hash with a known plain for us to work with. If applicable, please supply at least two hashes with same password but different user names. Well, let me explain a little bit more the situation. This "phash" is not the way they are storing user's passwords in the DB (I can't tell because I can't access the DB). This is where I obtained the phash: When using a "read-only" user, if you browse to "See Admin Users", you'll see within the JSON response, these hashes... But they actually change every time you log out and log in again... so I don't think it's related directly to the user and nothing else. Anyone here with access to this box to test? I can't do a lot of tests, sorry. I'll try and let you know in that case. Perhaps, Palo Alto has some Test device facing the Internet... Thanks! > > magnum > > Nahu.- Download attachment "signature.asc" of type "application/pgp-signature" (496 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.