Re: Cracking a Netscreen password

From: lawal@shaw.ca
Date: Thu Sep 04 2003 - 02:02:52 EDT

• Next message: nee cee: "Re: Domino WebAdmin.nsf priviledge escalation"
• Previous message: York, Wayde: "RE: Has anyone found the WFS-1"
• Maybe in reply to: Marc Ruef: "Cracking a Netscreen password"
• Next in thread: Jordan Wiens: "Re: Cracking a Netscreen password"
• Reply: Jordan Wiens: "Re: Cracking a Netscreen password"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Marc,

I believe the config files have an MD5 hash of teh actual password. If you haver access to the config file, which obviously reveals the hash, you can perform a brute force attack on the password. You can write a script that will generate a random password, and take the MD5 hash of it. Then compare the MD5 hash from the password generated by the scriot with the hash obtained from the config file. If it matches, then you have the password. However, cracking the password does not automatically give you access to the Netscreen device. If the administratotr has disabled all management features from the WAN side, you will be unable to get in. However, if you have compromised a host on the internal LAN, then, you can probably get on to the netscreen device from the inside.

Hope this information helps.

Regards
Ola

----- Original Message -----
From: Marc Ruef <maru@scip.ch>
Date: Wednesday, September 3, 2003 6:22 am
Subject: Cracking a Netscreen password

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Dear List,
>
> I have to do a security audit for one of our customers. I was
> able to catch some config files of their Netscreen devices.
> There is a line "set admin password" where follows the
> encrypted or hashed password.
>
> Does somebody know how to crack it or what kind of
> encryption/hash is used? I can't find a source that provides
> me the information I am looking for. John the Ripper can't
> recognize the encrpytion and abords his attempt.
>
> Sincerely,
>
> Marc Ruef
>
> - --
> ) scip AG (
> Technoparkstr. 1
> 8005 Zürich
> T +41 1 445 18 18
> F +41 1 445 18 19
>
> maru@scip.ch
> www.scip.ch - Publizierung aktuellster IT-Sicherheitsluecken -
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0
>
> iQA/AwUBP1Xc9xe5hzJzqVMhEQK4OgCghg1yv3qwB+RXRgPGV+fcNDoBI2oAoKCJ
> rm2p6OWBoKaH4ggnlke23tsB
> =SyXf
> -----END PGP SIGNATURE-----
>
>
> -------------------------------------------------------------------
> --------
> FREE Trial!
> New for security consultants and in-house pros: FOUNDSTONE
> PROFESSIONAL
> and PROFESSIONAL TL software. Fast, reliable vulnerability
> assessment
> technology powered by the award-winning FoundScan engine. Try it
> free for 21 days at:
> http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
> -------------------------------------------------------------------
> ---------
>
>

---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------

• Next message: nee cee: "Re: Domino WebAdmin.nsf priviledge escalation"
• Previous message: York, Wayde: "RE: Has anyone found the WFS-1"
• Maybe in reply to: Marc Ruef: "Cracking a Netscreen password"
• Next in thread: Jordan Wiens: "Re: Cracking a Netscreen password"
• Reply: Jordan Wiens: "Re: Cracking a Netscreen password"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:39 EDT