Alexander,
On Thu, 17 Apr 2008, Alexander Sandström Krantz A wrote:
Hi! I'm interested in finding out what kind of hash Extremeware (v 7.7)
uses to encrypt user passwords. The reason is that I'm trying to find
out how to perform a (dictionary or bruteforce) password attack against
an Extreme Networks switch. I could use Medusa or THC-Hydra to perform a
remote attack, but I would like to avoid it if it's not necessary
because of the performance drawbacks.
[snip]
Does anyone know about the kind of hash used, or recognize the ones in
the configuration? If you do, would you happen to know any tool that can
perform an attack against this kind of hash?
They are FreeBSD-style MD5-based hashes, as implemented by most modern
Linux distributions:
root@pandora:/opt/cracking/john_jumbo# cat /root/extreme.pwd
admin:$1$452tVo$nEbHpfJFTUGyBrqmtY8q3.
user:$1$yN/tVo$ARBcY8KlQBq.lvJg2nc5F.
root@pandora:/opt/cracking/john_jumbo# ./john /root/extreme.pwd
Loaded 2 password hashes with 2 different salts (FreeBSD MD5 [32/32])
(admin)
(user)
guesses: 2 time: 0:00:00:00 100% (2) c/s: 5180 trying:
root@pandora:/opt/cracking/john_jumbo# ./john -show /root/extreme.pwd
admin:
user:
2 password hashes cracked, 0 left
To crack them, just prepend them with the string "$1$" (see crypt(3) for
more details) and run your favorite password cracker, such as John the
Ripper:
http://www.openwall.com/john/
Ciao,
--
Marco Ivaldi, OPST
Red Team Coordinator Data Security Division
@ Mediaservice.net Srl http://mediaservice.net/
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
