Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Extreme Networks password hash

from [Jean-Paul Eklo] Network Security [Permanent Link]
Subject: RE: Extreme Networks password hash
Date: Fri, 18 Apr 2008 14:22:48 +0200 


-

--------------------------------------- 
configure account admin encrypted
452tVo$nEbHpfJFTUGyBrqmtY8q3.
452tVo$nEbHpfJFTUGyBrqmtY8q3.
create account user "user" encrypted "yN/tVo$ARBcY8KlQBq.lvJg2nc5F."
-------------------------------------- 

As these commands contain different hashes, even though both users are given
emtpy passwords, I guess the hash is salted. From the length I also guess that
it's SHA224, but that is a complete guess as I really have no idea.

Does anyone know about the kind of hash used, or recognize the ones in the
configuration? If you do, would you happen to know any tool that can perform
an attack against this kind of hash?

Cheers,
Alexander




Hi Alexander,

Using the openssl command 

openssl passwd  -1 -salt 452tVo

I got  the result :

$1$452tVo$nEbHpfJFTUGyBrqmtY8q3. . I used  452tVo as salt and an MD5 hash.
Just for info for the user's password :

openssl passwd  -1 -salt yN/tVo
Password: 
$1$yN/tVo$ARBcY8KlQBq.lvJg2nc5F.

HTH

Jean-Paul

_________________________________________________________________
Avec Hotmail, vos e-mails vous suivent partout ! Mettez Hotmail sur votre 
mobile !
http://www.messengersurvotremobile.com/?d=hotmail
------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Forms D2K Application Testing, Rogan Dawes
Next by Date:  AW: Forms D2K Application Testing, Martin Muench
Previous by Thread:  Re: DoS Tool, Razi Shaban
Next by Thread:  Re: Extreme Networks password hash, razi garbie
Indexes:  [Date] [Thread] [Top] [All Lists]