Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <18B2C6E38A3A324986B392B2D18ABC5102101E7315@fnb1mbx01.gci.com>
Date: Fri, 12 Apr 2013 12:54:20 -0800
From: Leif Sawyer <lsawyer@....com>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: RE: Cisco ACS username: hash or crypt or.... and
 de-encoding?

CamelCase fun:
(1st)
 (config-Repository)# user Abcd123 password plain Abcd123
 (config-Repository)# do sho run | incl Abcd
  user Abcd123 password hash e9946ba7c6d935abb632cebc1f3caf125fb12f1d

 (config-Repository)# user aBcd123 password plain aBcd123
 (config-Repository)# do sho run | incl ABcd
 (config-Repository)# do sho run | incl aBcd
  user aBcd123 password hash 539857e4263c18843a60c877a8372cc4e33a2675

 (config-Repository)# user abCd123 pass plain abCd123
 (config-Repository)# do sho run | incl abCd
  user abCd123 password hash a4e5a1366f5481836afa295a2222d4a5149198e6

 (config-Repository)# user abcD123 pass plain abcD123
 (config-Repository)# do sho run | incl abcD
  user abcD123 password hash ae17d09d088e77813fbf3ea1052211adeeae74f0

(2nd-repeat)
 (config-Repository)# user Abcd123 pass plain Abcd123
 (config-Repository)# do sho run | incl Abcd
  user Abcd123 password hash e9946ba7c6d935abb632cebc1f3caf125fb12f1d

So, yes, the same password generates the same hash each time.

Here's some bitshifting:

(config-Repository)# user bitshift pas plain a
(config-Repository)# do sho run | incl bitshift
  user bitshift password hash 9d6afb513cd6b08be15f600545bba0496fd4efd5
(config-Repository)# user bitshift pas plain b
(config-Repository)# do sho run | incl bitshift
  user bitshift password hash f26ce505b78fe2364b821b5e672fa797a02a15fc
(config-Repository)# user bitshift pas plain c
(config-Repository)# do sho run | incl bitshift
  user bitshift password hash 134e23b343fb117dc6c0fe228ff05abec95afd8c
(config-Repository)# user bitshift pas plain d
(config-Repository)# do sho run | incl bitshift
  user bitshift password hash 4a50c48b93c3e1b4b7de0cd74a4c8c282a147ae3
(config-Repository)# user bitshift pas plain e
(config-Repository)# do sho run | incl bitshift
  user bitshift password hash 970fe9c1040a098220b2efb70e3ab18f276e8255
(config-Repository)# user bitshift pas plain f
(config-Repository)# do sho run | incl bitshift
  user bitshift password hash 6959c265c4a7929004a777d9adcf35f03d213c0d
(config-Repository)# user bitshift pas plain g
(config-Repository)# do sho run | incl bitshift
  user bitshift password hash 6f7f1bdff76b8124348799bfec91580cea7edf2f
(config-Repository)# user bitshift pas plain h
(config-Repository)# do sho run | incl bitshift
  user bitshift password hash 127a5a459eb67e0725b80c6ecb78c28a212500d6
(config-Repository)# user bitshift pas plain i
(config-Repository)# do sho run | incl bitshift
  user bitshift password hash 2d3c19d35152c64aae872d61ccb440b8719556c9
(config-Repository)# user bitshift pas plain j
(config-Repository)# do sho run | incl bitshift
  user bitshift password hash 9da0a1957e02ef6d3c3d5b12e22c1902d4282006
(config-Repository)# user bitshift pas plain k
(config-Repository)# do sho run | incl bitshift
  user bitshift password hash b938bb18a2d001b59990404d9611827ee9237922
(config-Repository)# user bitshift pas plain l
(config-Repository)# do sho run | incl bitshift
  user bitshift password hash 0221ae699d867d3be37206655a36ee5cf30dd9b5
(config-Repository)# user bitshift pas plain m
(config-Repository)# do sho run | incl bitshift
  user bitshift password hash 1563f1dfba638baac268d7cbf693aebfe8b1a16b
(config-Repository)# user bitshift pas plain n
(config-Repository)# do sho run | incl bitshift
  user bitshift password hash 201f8285e602844deddda96d2e81b241aae96d8c
(config-Repository)# user bitshift pas plain o
(config-Repository)# do sho run | incl bitshift
  user bitshift password hash e79bb91674364d569f6b545d99c5892362b2e3df
(config-Repository)# user bitshift pas plain p
(config-Repository)# do sho run | incl bitshift
  user bitshift password hash d80ec932fad70ccfa16490dde0f6628ba5150d54


-----Original Message-----
From: Rich Rumble [mailto:richrumble@...il.com] 
Sent: Friday, April 12, 2013 10:38 AM
To: john-users@...ts.openwall.com
Subject: Re: [john-users] Cisco ACS username: hash or crypt or.... and de-encoding?

On Fri, Apr 12, 2013 at 1:38 PM, Leif Sawyer <lsawyer@....com> wrote:

> I noted that Cisco calls it a 'hash'  -- but since it needs to be 
> cleartext for the ftp process to use it, wouldn't this be a misnomer?
>
You can have a hash that is reversible,  but typical password hashes are 1-way and not reversible.

>
> In any case,  here's a handful of different  passwords and hashes, in 
> case somebody can do something with it:
>
> Are they always the same, does "password" always equal
"e047fabda9d3659e8d95a73223324f
85149e394f" ? Since it's likely a non-salted and reversible hash, a simple script should to the job in these cases. If you can share some more, perhaps with a few CaMELcasE, perhaps Abcd123, ABcd123, ABCd123.
-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.