From: Ranjeet Shetye (ranjeet.shetye2@zultys.com)
Date: Thu Sep 11 2003 - 18:02:52 EDT
On Thu, 2003-09-11 at 07:54, John Petropoulos wrote:
> Very interesting...
> Anyone notice that the second, fifth, nineth, twelfth, sixteenth,
> eighteenth, twentyth, twenty-third letter and twentyseventh are always
> capital... Here are some L\P's.
>
> admin\password
> set admin name "admin"
> set admin password nMjFM0rdC9iOc+xIFsGEm3LtAeGZhn
> John\password
> set admin name "john"
> set admin password nHEtLFr5EnYBcD6IMsHJT3JtlXNb1n
> Jack\password
> set admin name "jack"
> set admin password nED6IvrHKazIc9ZApsEJkrPtjXP9yn
> Frank\password
> set admin name "frank"
> set admin password nE8aAXr/DA+IcULCJszP9mFtT1AK9n
> Aaa\aaa
> et admin name "aaa"
> set admin password nJDNEkrVIc7HcdTCPs3J4wCt04L7en
> Bbb\bbb
> et admin name "bbb"
> set admin password nNZxAgrwFrYBcXGC7s2DC+Jt60Bydn
> Ccc\ccc
> set admin name "ccc"
> set admin password nFv0OCrMGaUCcdoFIsEAUOKt/LLO2n
> Ddd\ddd
> set admin name "ddd"
> set admin password nCuvPBrvCcTEctoHKs4OHTOttvBqxn
>
>
> ===================================================
> 012345678901234567890123456789
>
> nMjFM0rdC9iOc+xIFsGEm3LtAeGZhn
> nHEtLFr5EnYBcD6IMsHJT3JtlXNb1n
> nED6IvrHKazIc9ZApsEJkrPtjXP9yn
> nE8aAXr/DA+IcULCJszP9mFtT1AK9n
> nJDNEkrVIc7HcdTCPs3J4wCt04L7en
> nNZxAgrwFrYBcXGC7s2DC+Jt60Bydn
> nFv0OCrMGaUCcdoFIsEAUOKt/LLO2n
> nCuvPBrvCcTEctoHKs4OHTOttvBqxn
> .^..^...^..^...^...^..^...^...
> n.....r.....c....s.....t.....n
remove the netscreen, remove the always-CAPS letters - cos MD5
doesn't create glitches like that, to the best of my knowledge. what
you're left with is 128 bits long.
n^..^.r.^..^c..^.s.^..^t..^..n can be expressed as the following regex:
n[A-Z][A-Za-z0-9/+]{2,2}[A-Z][A-Za-z0-9/+]r[A-Za-z0-9/+][A-Z][A-Za-z0-9/+]{2,2}[A-Z]c[A-Za-z0-9/+]{2,2}[A-Z][A-Za-z0-9/+]s[A-Za-z0-9/+][A-Z][A-Za-z0-9/+]{2,2}[A-Z]t[A-Za-z0-9/+]{2,2}[A-Z][A-Za-z0-9/+]{2,2}n
After removing reversed netscreen, you get:
[A-Z][A-Za-z0-9/+]{2,2}[A-Z][A-Za-z0-9/+][A-Za-z0-9/+][A-Z][A-Za-z0-9/+]{2,2}[A-Z][A-Za-z0-9/+]{2,2}[A-Z][A-Za-z0-9/+][A-Za-z0-9/+][A-Z][A-Za-z0-9/+]{2,2}[A-Z][A-Za-z0-9/+]{2,2}[A-Z][A-Za-z0-9/+]{2,2}
=[A-Z][A-Za-z0-9/+]{2,2}[A-Z][A-Za-z0-9/+]{2,2}[A-Z][A-Za-z0-9/+]{2,2}[A-Z][A-Za-z0-9/+]{2,2}[A-Z][A-Za-z0-9/+]{2,2}[A-Z][A-Za-z0-9/+]{2,2}[A-Z][A-Za-z0-9/+]{2,2}[A-Z][A-Za-z0-9/+]{2,2}
= [A-Z][A-Za-z0-9/+]{2,2} -> the whole expression is repeated a total of
8 times. (what is the regex for this ? thanks)
After removing the always-CAPS letters, you get:
[A-Za-z0-9/+]{2,2} -> the whole expression repeated a total of 8 times.
= [A-Za-z0-9/+]{16,16}
= 8 bits * 16
= 128 bit hash
= MD5 ?
-- Ranjeet Shetye Senior Software Engineer Zultys Technologies Ranjeet dot Shetye2 at Zultys dot com http://www.zultys.com/ The views, opinions, and judgements expressed in this message are solely those of the author. The message contents have not been reviewed or approved by Zultys. --------------------------------------------------------------------------- FREE Trial! New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL and PROFESSIONAL TL software. Fast, reliable vulnerability assessment technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825 ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:39 EDT