Date: Mon, 8 Dec 2014 17:08:50 +0100 From: Nicolas Collignon <nicolas.collignon@...acktiv.com> To: john-users@...ts.openwall.com Subject: Cisco ACS repository passwords decryption / samples request Hello, I had to audit several Cisco ACS configurations recently and wanted to check for passwords quality. Cisco ACS configurations contain several hashes types including at least md5crypt and another hash format for "ACS repositories". The repository hash format is just 3DES-CBC with hardcoded key/iv. Since the padding handling of Cisco ACS passwords hash function looks wrong^Wweird, i'm not sure if the provided code works for passwords between 8-15 chars and above 16 chars. If anyone is able to provide repository passwords hashes for the following passwords, i could check/fix the code: - @A1aaaaaaaaaaaa - @A2aaaaaaaaaaaab - @A3aaaaaaaaaaaabc - @A4aaaaaaaaaaaaa@...aaaaaaaaaaaa The hashes can be found in the configuration dump. ex: --- repository backup url ftp://x.x.x.x/ACS/ user <login> password hash <40-hexdigits-string> --- I'm sending the email to this list because the question has already been asked in April 2013, subject "RE: Cisco ACS username: hash or crypt or.... and de-encoding?" So the conclusion is john is not needed for ACS repositories. The attached script is able to decrypt all hashes from the 2013 emails: --- $ python cisco_acs_repo_decrypt.py \ e9946ba7c6d935abb632cebc1f3caf125fb12f1d \ 539857e4263c18843a60c877a8372cc4e33a2675 \ 9d6afb513cd6b08be15f600545bba0496fd4efd5 e9946ba7c6d935abb632cebc1f3caf125fb12f1d => Abcd123 539857e4263c18843a60c877a8372cc4e33a2675 => aBcd123 9d6afb513cd6b08be15f600545bba0496fd4efd5 => a --- Hope it can help... -- Nicolas Collignon View attachment "cisco_acs_repo_decrypt.py" of type "text/x-python" (1095 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.