From: Ranjeet Shetye (ranjeet.shetye2@zultys.com)
Date: Wed Sep 10 2003 - 17:30:46 EDT
On Tue, 2003-09-09 at 18:06, Mark Evans wrote:
> > From: Ing. Christian Moldes (AdvanceTeam S.R.L.)
> > Subject: RE: Cracking a Netscreen password
> >
> >
> >
> > Look at this
> >
> > nKVUM2rwMUzPcrkG5sWIHdCtqkAibn
> > n.....r.....c....s.....t.....n
> >
> > It's NetScreen without some letters (from right to left)
>
> coincidence?
>
> set admin name qqqqqqqq
>
> get conf:
>
> set admin password nB4pNNriDXXFc5eEms5BCVEtjzIp6n
trivia, but i still felt like posting it:
Removing the reversed-'netscreen'-without-the-'e's i.e. the
"n.....r.....c....s.....t.....n", we end up with a 25 octet string,
which means 128 bits, which **strongly** suggests an MD5 hash.
Of course, I am not a netscreen user, so for all i know, their user
manual already tells you that they use MD5 hash :) but I doubt that,
seeing their juvenile "ubertrick" to mask the length of the hash.
-- Ranjeet Shetye Senior Software Engineer Zultys Technologies Ranjeet dot Shetye2 at Zultys dot com http://www.zultys.com/ The views, opinions, and judgements expressed in this message are solely those of the author. The message contents have not been reviewed or approved by Zultys. --------------------------------------------------------------------------- FREE Trial! New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL and PROFESSIONAL TL software. Fast, reliable vulnerability assessment technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825 ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:39 EDT