RE: Cracking a Netscreen password

From: John Petropoulos (jpetropoulos_at_jetnet.ca)
Date: 09/11/03

Next message: Reava, Jeffrey [IT/0200]: "RE: NAT.EXE Exceptions"

Previous message: Chris Harrington: "Strange logon attempts to Win2k server"
Maybe in reply to: Marc Ruef: "Cracking a Netscreen password"
Next in thread: symbiot: "RE: Cracking a Netscreen password"
Maybe reply: lawal_at_shaw.ca: "Re: RE: Cracking a Netscreen password"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Ranjeet Shetye'" <ranjeet.shetye2@zultys.com>, Mark Evans <Mark.Evans@Optimation.co.nz>
Date: Thu, 11 Sep 2003 10:54:55 -0400

Very interesting...
Anyone notice that the second, fifth, nineth, twelfth, sixteenth,
eighteenth, twentyth, twenty-third letter and twentyseventh are always
capital... Here are some L\P's.

admin\password
set admin name "admin"
set admin password nMjFM0rdC9iOc+xIFsGEm3LtAeGZhn
John\password
set admin name "john"
set admin password nHEtLFr5EnYBcD6IMsHJT3JtlXNb1n
Jack\password
set admin name "jack"
set admin password nED6IvrHKazIc9ZApsEJkrPtjXP9yn
Frank\password
set admin name "frank"
set admin password nE8aAXr/DA+IcULCJszP9mFtT1AK9n
Aaa\aaa
et admin name "aaa"
set admin password nJDNEkrVIc7HcdTCPs3J4wCt04L7en
Bbb\bbb
et admin name "bbb"
set admin password nNZxAgrwFrYBcXGC7s2DC+Jt60Bydn
Ccc\ccc
set admin name "ccc"
set admin password nFv0OCrMGaUCcdoFIsEAUOKt/LLO2n
Ddd\ddd
set admin name "ddd"
set admin password nCuvPBrvCcTEctoHKs4OHTOttvBqxn

===================================================
012345678901234567890123456789

nMjFM0rdC9iOc+xIFsGEm3LtAeGZhn
nHEtLFr5EnYBcD6IMsHJT3JtlXNb1n
nED6IvrHKazIc9ZApsEJkrPtjXP9yn
nE8aAXr/DA+IcULCJszP9mFtT1AK9n
nJDNEkrVIc7HcdTCPs3J4wCt04L7en
nNZxAgrwFrYBcXGC7s2DC+Jt60Bydn
nFv0OCrMGaUCcdoFIsEAUOKt/LLO2n
nCuvPBrvCcTEctoHKs4OHTOttvBqxn
.^..^...^..^...^...^..^...^...
n.....r.....c....s.....t.....n

===================================================

-----Original Message-----
From: Ranjeet Shetye [mailto:ranjeet.shetye2@zultys.com]
Sent: September 10, 2003 5:31 PM
To: Mark Evans
Cc: 'Ing. Christian Moldes (AdvanceTeam S.R.L.)'; pen-test SecurityFocus.com
Subject: RE: Cracking a Netscreen password

On Tue, 2003-09-09 at 18:06, Mark Evans wrote:
> > From: Ing. Christian Moldes (AdvanceTeam S.R.L.)
> > Subject: RE: Cracking a Netscreen password
> >
> >
> >
> > Look at this
> >
> > nKVUM2rwMUzPcrkG5sWIHdCtqkAibn n.....r.....c....s.....t.....n
> >
> > It's NetScreen without some letters (from right to left)
>
> coincidence?
>
> set admin name qqqqqqqq
>
> get conf:
>
> set admin password nB4pNNriDXXFc5eEms5BCVEtjzIp6n

trivia, but i still felt like posting it:

Removing the reversed-'netscreen'-without-the-'e's i.e. the
"n.....r.....c....s.....t.....n", we end up with a 25 octet string, which
means 128 bits, which **strongly** suggests an MD5 hash.

Of course, I am not a netscreen user, so for all i know, their user manual
already tells you that they use MD5 hash :) but I doubt that, seeing their
juvenile "ubertrick" to mask the length of the hash.

-- 
Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
Ranjeet dot Shetye2 at Zultys dot com
http://www.zultys.com/
 
The views, opinions, and judgements expressed in this message are solely
those of the author. The message contents have not been reviewed or approved
by Zultys.
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL 
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment 
technology powered by the award-winning FoundScan engine. Try it free for
21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL 
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment 
technology powered by the award-winning FoundScan engine. Try it free for  21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------

Next message: Reava, Jeffrey [IT/0200]: "RE: NAT.EXE Exceptions"

Previous message: Chris Harrington: "Strange logon attempts to Win2k server"
Maybe in reply to: Marc Ruef: "Cracking a Netscreen password"
Next in thread: symbiot: "RE: Cracking a Netscreen password"
Maybe reply: lawal_at_shaw.ca: "Re: RE: Cracking a Netscreen password"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Cracking a Netscreen password
... get conf: ... set admin password nB4pNNriDXXFc5eEms5BCVEtjzIp6n ... reliable vulnerability assessment technology powered by the award-winning FoundScan engine. ...
(Pen-Test)
RE: Cracking a Netscreen password
... > eighteenth, twentyth, twenty-third letter and twentyseventh are always ... > set admin password nMjFM0rdC9iOc+xIFsGEm3LtAeGZhn ... remove the always-CAPS letters - cos MD5 ... technology powered by the award-winning FoundScan engine. ...
(Pen-Test)
RE: Cracking a Netscreen password
... > set admin password nB4pNNriDXXFc5eEms5BCVEtjzIp6n ... which **strongly** suggests an MD5 hash. ... Ranjeet dot Shetye2 at Zultys dot com ... technology powered by the award-winning FoundScan engine. ...
(Pen-Test)