From: tyoud@securityfocus.com
Date: Mon Jan 09 2006 - 20:59:27 EST
Netscreen firewalls, for example, the Netscreen 5GT, keep a hash of the admin login and password in the configuration file.
Tantalyzingly, they do nutty things like sprinkle the consonants of the word "netscreen" backwards into the hash,
and as John Petropoulos and Ranjeet Shetye noticed, they appear to not have a very random random number generator producing the base64-style hashes. (see http://www.derkeiler.com/Mailing-Lists/securityfocus/pen-test/2003-09/0090.html for example).
I thought to myself how easy it would be to provide some known plaintext for cryptographers so that they could take a swipe at the problem.
So here it is! Comma-separated for easy inclusion into a .csv file. The format is admin account name, plaintext password, password hash:
a,netscreen,nMf9FkrCIgHGccRAxsBAwxBtDtPHfn
b,netscreen,nEYwA6rHECaGcyzH7s4Ef0JtJ7Ovqn
c,netscreen,nN5vNxrTBa8BcRSP/spI+ODthnNA2n
d,netscreen,nOCPNWrkJkwPckyCksdGLFLtyALefn
e,netscreen,nNpfMYrzM1XKcoLICsEJD0KtVrP1xn
f,netscreen,nBmjG1rMLAjCcYsLgszHNUOtbgIi9n
g,netscreen,nOW0EirCBXrFcTSO+sTCunJtxoCWjn
h,netscreen,nNCzEsrULPqLctaIzstDiIFt4BAPRn
i,netscreen,nIoALErdKihGcd2Mzs7OIaMtwSN3nn
j,netscreen,nAImPHraLbsBcP8AysVI8rLtELI42n
k,netscreen,nPWUAwruKnjLcjyBxsrKSGOt0lFYLn
l,netscreen,nFHuCLrgAOhGctLK9sRHVhItfGDlQn
m,netscreen,nLPsGhrXBVOKc+tLEsJC8rFtQPFAGn
n,netscreen,nJbjOqr3AoLKckvBEsMPm+ItwxIcfn
o,netscreen,nLZnKZrwNhpAcUoCKs4EroGtMPFtCn
p,netscreen,nD25PgrPJFvBc3FFas0KTZBtUhJSzn
q,netscreen,nCSmHBrgK61AcuYDSsVEE3KtggD6ln
r,netscreen,nN5kDCroNgcHcvwHlsUN1OKtuEFhgn
s,netscreen,nFlSErrGAtXJcjSF+sWIdhEtg7Dp9n
t,netscreen,nD7PForEEuOMcQsCEstJuNKtEFMBbn
u,netscreen,nHk0H3rNLZ2Lc6oIFs9KbGEtLrNWon
v,netscreen,nFXlPkrKEleJceeDSsNIkXEtteI/9n
w,netscreen,nPW/I8reK1ZNclTDkswGQMDt6QJ0sn
y,netscreen,nHDKMPrcOpmMciIKfssLjPAtosDbNn
z,netscreen,nHGAClrCCt5BcKIIssoHe+PtrZMjCn
A,netscreen,nNMGB7reAaTEcqrLcsoCPFEtrvHfBn
B,netscreen,nNBrKbrfFYYOcFlAUsjMPcCt+HFtOn
C,netscreen,nCeoP/r/FpkKcaaG1s5MKdBtc5CzTn
D,netscreen,nDKKLsrXBfdHc7EHGseHtvEtpEEjBn
E,netscreen,nGLcArrkMejGcAgHzsGFFsAtDTFw7n
F,netscreen,nAynD8reA82EcpNNYsbKoOMtJdEQun
G,netscreen,nJIFEfrsBwtIccwMzsfF+iKtfeDihn
H,netscreen,nCs0EIrUIc0JcyAPcs5FyIDttiDRjn
I,netscreen,nBi2J8rjAPFDcLSLKsnFA2AtHrJ9qn
J,netscreen,nMoONMrKI1OLcTQA/sIPxyPthkD7nn
K,netscreen,nP+uFRrcH58Cce0I9sCAkLPtxOLPKn
L,netscreen,nOGxO2rOAAjPc0wGJsyEJCJtJcHFAn
M,netscreen,nAPxCjrSLn2LcT8AzsJEfqItC+EPpn
N,netscreen,nLZOBGrNKDUFcO2FQszE3+Kt6wMvIn
O,netscreen,nESGF2rmA3jPcFpOFspHZnHt89B1fn
P,netscreen,nOQsAQrBDyZOcWMI4sQClOFt1QNCEn
Q,netscreen,nNspOdrQFPRGcbnM5sZJOsHtE/IDLn
R,netscreen,nKqrFuruMykAccyMAsgNahItkxFcNn
S,netscreen,nI7oJKrpARbBcF9FnsIP6lMtdYDSGn
T,netscreen,nN3VDlr8B6kGc7hASsZOKgHthlEk/n
U,netscreen,nEieEKryKpbKcLmIysDIeLNtXLEcAn
V,netscreen,nAQlA2rHONNAchsLasSK9hOtxoLZsn
W,netscreen,nO79C8r3P9pAciZB+sEAYiEt89NZ6n
X,netscreen,nFkfAorJK8SPc0kGpseI75GtD9MTzn
Y,netscreen,nLaeAkr0HBlEcXmIAsdJKqLt+HIQPn
Z,netscreen,nMjQJJrcConFckPG2s1P4SGtxkDJJn
0,netscreen,nP7GBrryJf+Lc/gOksoDBrEtXND5vn
1,netscreen,nFzfM+rHAcFPcgEMBs2HEmMtZDK/Cn
2,netscreen,nHPSGGr9F8BNc5kLps6AZlOtDKJcEn
3,netscreen,nL6wDFrUFv/HcnhGQsiK+5JtWwLbZn
4,netscreen,nOvRNzraDhBOc0lEps2HHVJtW3Apun
5,netscreen,nA8YPxrKKSTOcrXCYsrPN5MtA5JbXn
6,netscreen,nA50LarvC5LIcMTBTsQK76OtWUAaJn
7,netscreen,nL5OFFriJC0AcCYAlsiJhdOt9bOIkn
8,netscreen,nA/TGyr2D65KcsmBusxKKcPt+VO+Kn
9,netscreen,nD27NurwMm4KcQrAOsNJNsNtsxPx/n
0,netscreen,nP7GBrryJf+Lc/gOksoDBrEtXND5vn
+,netscreen,nPlDJjr9FkADcpTIPs8HFQFtjuFeUn
/,netscreen,nFYbOmrlGHuFcL3Ogs1Js+PtZeI1Ln
netscreen,a,nCAyE9rEMlJCciPASsYEyRMtjrKcrn
netscreen,b,nCD+GurSCh6Nc23I5sZCZbFtcYOtWn
netscreen,c,nJBHPir3M3gAc99JnsoNsQAtGsNAvn
netscreen,d,nGoVPPrkAhMHcieDksYBP6Gt9TLsxn
netscreen,e,nO4VErrvBu4KcboG3sMCq0MtzdPapn
netscreen,f,nFnZIgrSOVRMcyfDWsMGJoLtlnHaIn
netscreen,g,nJkUOIrzLXAJc20OTsYGGhLt6/PxNn
netscreen,h,nFf9PprAMVkOc91BMsvHrhDtqsMnun
netscreen,i,nKmNIArXKhwJc97LQsjDg1Nt2nMMOn
netscreen,j,nHgBLMrfJGnDcpkOksvI6XOtO+Fern
netscreen,k,nOUGPHrXAGLOcH7BpswKp0KtshEKhn
netscreen,l,nEUtIOrWKDqJcIZAhspHc/CtTsIHGn
netscreen,m,nIM0LUrhJYKEcRqAisRLGuDtpLMykn
netscreen,n,nLHRCjrfCZJCcxCJLsdAZYJtlnNiYn
netscreen,o,nIueE5rcGW7Mc1lGLscKgEMtZVGRmn
netscreen,p,nB6LMQrfP0cJccMDVsiFKzJtuDFgkn
netscreen,q,nKUpKjr6EusIczHFbsTHjMJt3kJCxn
netscreen,r,nP/pPir2HYKFc0nP6sjGa+CtyYExyn
netscreen,s,nAKXGbr/MltDcyOPHshIdbBtejOyrn
netscreen,t,nIy3PHr3ImzFcj7B7sPKSfHtHfHmEn
netscreen,u,nCfmAorcMPyNc4SEMsCOE8Etp6KJVn
netscreen,v,nDrgJvrjPyjLchkFisRG2WJtfKIvUn
netscreen,w,nHLtNkriBotNcisOVsaAVhBt8RGJ1n
netscreen,x,nKxKPlr7NmKJczpG/spL5cPt9SKpbn
netscreen,y,nCdFHSrrI0cBcMbHlsxKVKEtLqKkLn
netscreen,z,nCkcDmrjCSoMcngAqskKjsHtfaO1Gn
netscreen,A,nMJ8FWrXP1ENcIuNisMPtoAtKvOosn
netscreen,B,nDiBOVrcOukLckMNTsnHf/HtLlLHPn
netscreen,C,nAo5OyrPHmINc73KwsUMMxKtk8M8yn
netscreen,D,nGguOSrhPJZEchwLws7KGUNt5xGDyn
netscreen,E,nLfWLQrDLWSLc3lJSsSN2nKtBSDYRn
netscreen,F,nCX2F9rPJAeLcUaOzsnN+tEtkMHvpn
netscreen,G,nHO0MKrUKJ5Dcx2AOsCNKBAtk6F90n
netscreen,H,nCV5KTrJLFAJcE5GjspJz8Et0nNT2n
netscreen,I,nB/mMdrkNv9FchSCpsuKv3ItFgOY1n
netscreen,J,nCBcLgrNPZaKcdfD9sJJJ4Gt/fItUn
netscreen,K,nFroOurpHK1DcdQCYsnDsCCtzmPNan
netscreen,L,nFtTD4rAOpUAcDbNYs/BbDItfTPXmn
netscreen,M,nKXnPOrMA+bNcz7KZsSDqpLtpzC8An
netscreen,N,nID1Lkr+AdHKc8sPksNBxeNtfZOzan
netscreen,O,nG3DD7rKDBLJcuJCCsoFvANtHQLWhn
netscreen,P,nPg+GdrYJf6GcX0NfsuNOKAtxuOqFn
netscreen,Q,nI2SN2roPvWPcNjDIseA5ALtjIPIFn
netscreen,R,nP/pPir2HYKFc0nP6sjGa+CtyYExyn
netscreen,S,nCeyKHrtBGhFceFL8sGIqIGtUCOT/n
netscreen,T,nGWFHnr+MF/EcrJHRseP9RBtIyNVJn
netscreen,U,nPrtNvruNZFPcFBDIsAKszHt6VP0Dn
netscreen,V,nP36AurPFP5Lc42EdsnIPtFt5SNayn
netscreen,W,nFMjAkrzDRIIcBEOhsWMsCHt+ZHlhn
netscreen,X,nEn4JKrvDEfLciiLysqNC3ItQfB41n
netscreen,Y,nOyVIHrXP/fHcTvCnszOM5It5HHECn
netscreen,Z,nFRLClrFDiRIcR6M7sfAL/MttaGh1n
netscreen,0,nJB7PBrUJQnHcolEnsnLbkGt7+Bnpn
netscreen,1,nKeZGvrkNDkPcAPBmsCA4HOtH7GS7n
netscreen,2,nOQZIFrvATpIcOdASsZMK8OtfMK4an
netscreen,3,nPpJA8rpL0CKcpTAYsOJ2LAtrMM68n
netscreen,4,nLxjIprbBdiEcwHAusWPcwKtcIEdIn
netscreen,5,nGu7CdrtMKOHcehC6scAR6It/EEJPn
netscreen,6,nPoTEoryJMGBcT1IZsXMezJtbCE7Nn
netscreen,7,nMKkGrryI4EDcZoJosoPC0HtEtD10n
netscreen,8,nIi9IerwI9GMcAiESsoDQoCtQpCIin
netscreen,9,nGJaIZrsLX0FcsLGvsoCNtGtYaJ6Hn
netscreen,0,nJB7PBrUJQnHcolEnsnLbkGt7+Bnpn
netscreen,+,nP7jFBrSBEPDcYQMOsAHKXGtsSCecn
netscreen,/,nNfJCMrUA45GcrfOTsmDXFGtltLJGn
Do we need more data? (I have more)
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:20 EDT