|
Message-ID: <20100202193149.GA6069@openwall.com> Date: Tue, 2 Feb 2010 22:31:49 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Cracking CISCO ASA 5510 On Tue, Feb 02, 2010 at 03:11:09PM -0300, Nahuel Grisol?a wrote: > alex:h3mJrcH0901pqX/m > cisco:3USUcOPFUiMCO4Jk > cisco1:3USUcOPFUiMCO4Jk > admcom:lZt7HSIXw3.QP7.R > > alex:ripper > cisco and cisco1 : cisco (no salt!) I've figured this out. There is a salt - it is the first four characters of the username. This salt gets appended to the password. The code currently in john-1.7.4.2-jumbo-2 cracks your hashes above as: h3mJrcH0901pqX/m:ripperalex 3USUcOPFUiMCO4Jk:ciscocisc lZt7HSIXw3.QP7.R:CscFw-ITC!admc Similarly, I was able to crack some hashes found on the web: hN7LzeyYjw12FSIU:ciscojohn 7DrfeZ7cyOj/PslD:ciscojack It was said that the usernames were "john" and "jack", and the password was simply "cisco". Thus, for cracking individual passwords you may use a wordlist rule like: [List.Rules:NewPIX] Az"cisc" or an external filter() like: [List.External:NewPIX] void filter() { int i; i = 0; while (word[i]) i++; word[i++] = 'c'; word[i++] = 'i'; word[i++] = 's'; word[i++] = 'c'; word[i] = 0; } The filter() is compatible with any cracking mode, for example: $ ./john -i -e=newpix pw Loaded 3 password hashes with no different salts (PIX MD5 [pix-md5 MMX]) ciscocisc (cisco) Obviously, it will only succeed in cracking the correct-username hash. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.