|
Message-ID: <20100202014737.GA27210@openwall.com> Date: Tue, 2 Feb 2010 04:47:37 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Cracking CISCO ASA 5510 On Mon, Feb 01, 2010 at 11:54:16AM -0300, Nahuel Grisol?a wrote: > Hello there, I want to crack the following: > > username USER1 password 8X6XXXXXXXXXXHZB encrypted > username USER2 password H1HXXXXXXXXX8rwR. encrypted > > Does JtR support this? I was too quick to state that this was not supported. It is. It turns out that this is the same hashing method that Cisco PIX uses: $ cat pw cisco:2KFQnbNIdI.2KYOU $ ./john pw Loaded 1 password hash (PIX MD5 [pix-md5 MMX]) cisco (cisco) For the specific test above, I had to actually fix a minor bug in pixMD5_fmt.c (in 1.7.4.2-jumbo-1). Change the line: if(!atoi64[ARCH_INDEX(ciphertext[i])]) to: if(atoi64[ARCH_INDEX(ciphertext[i])] == 0x7F) (the original line would not allow for the dot character in the hash encoding string). There are sample hashes and other relevant info here: http://ccie.pl/viewtopic.php?t=10210 http://www.oxid.it/downloads/pix_passwd.txt http://www.freerainbowtables.com/phpBB3/viewtopic.php?f=2&t=1441 http://www.openwall.com/lists/john-users/2008/04/15/1 Some of the comments claim that there's a salt involved and hint that the username is being used as a salt. This is not the case for the PIX/ASA hashes supported by JtR. Maybe those comments were wrong, or maybe there's something yet unknown (to me) behind them. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.