From: Mark Evans (Mark.Evans@Optimation.co.nz)
Date: Mon Sep 08 2003 - 18:06:54 EDT
> From: Michael LaSalvia [mailto:mike@genxweb.net]
> Cc: pen-test@securityfocus.com
> Subject: Re: Cracking a Netscreen password
>
> They said thatthe password in the config file is
> md5 but the device can either use des or md5.
in terms of producing a hash then md5 (or sha1)
is viable - but des ?!?
another key component of this is that there is no
apparent salt (or variation) in the hashing, thus
every netscreen i have encountered thus far
(screenos 4) has been set to a default password
of 'netscreen' and this has always been hashed to
nKVUM2rwMUzPcrkG5sWIHdCtqkAibn
(indeed googling for this string gets a few hits)
if you change the admin name (via set admin name)
then the password is auto reset to 'netscreen'
but the hash is different. suggesting that the
hash is a combo of both the name & password.
setting the same admin name on two different (types
of) netscreens to (for example) 'admin' and the
password to (for example) 'test' results in the
same hash on both boxes.
cheers,
-- me --------------------------------------------------------------------------- FREE Trial! New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL and PROFESSIONAL TL software. Fast, reliable vulnerability assessment technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825 ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:39 EDT