RE: Extreme Networks password hash

Thank you for all your help, it's appreciated!

Adding $1$ to the hashes before running JtR works perfect, just didn't know
that you had to do that (but I should probably have been able to guess that
by looking at /etc/shadow or such).

Cheers,
Alexander

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of razi garbie
Sent: den 18 april 2008 08:44
To: Alexander Sandström Krantz A
Cc: pen-test@xxxxxxxxxxxxxxxxx
Subject: Re: Extreme Networks password hash

Hey,

I do recognize the hash but cant point out which it is..
However, you could try john the ripper against it, in most cases JTR tells
you what hash is used.

// Good luck, RG

2008/4/17, Alexander Sandström Krantz A
<alexander.a.sandstrom.krantz@xxxxxxxxxxxx>:
Hi!
I'm interested in finding out what kind of hash Extremeware (v 7.7)
uses to encrypt user passwords. The reason is that I'm trying to find
out how to perform a (dictionary or bruteforce) password attack
against an Extreme Networks switch. I could use Medusa or THC-Hydra
to perform a remote attack, but I would like to avoid it if it's not
necessary because of the performance drawbacks.

I've read through the documentation provided by Extreme, but found
nothing. I know that to set up the admin account with an empty
password, and create an account "user", also with an empty password,
the following configuration is
used:

---------------------------------------
configure account admin encrypted
452tVo$nEbHpfJFTUGyBrqmtY8q3.
452tVo$nEbHpfJFTUGyBrqmtY8q3.
create account user "user" encrypted "yN/tVo$ARBcY8KlQBq.lvJg2nc5F."
--------------------------------------

As these commands contain different hashes, even though both users
are given emtpy passwords, I guess the hash is salted. From the
length I also guess that it's SHA224, but that is a complete guess as I
really have no idea.

Does anyone know about the kind of hash used, or recognize the ones
in the configuration? If you do, would you happen to know any tool
that can perform an attack against this kind of hash?

Cheers,

Alexander



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Relevant Pages

  • Re: People ~Fing with Life
    ... That is what the charge was. ... hash values and the like'. ... this data area had no corresponding entry in the allocation tables. ... Hashes are used for the purposes of error correction ...
    (uk.legal)
  • RE: [7.8.2002 44916] Notice of Copyright Infringement]
    ... Appending a single bit onto the end of the file makes a different hash. ... and you no longer match the hashes. ... The only way to prove you're breaking copyright is to download at ... |"real" warezed version of whatever movie. ...
    (Vuln-Dev)
  • Re: ACCEPT and the SCREEN SECTION.
    ... General-purpose hashes, for hash tables and similar data structures, ... In short, cryptographic hashes like MD5 are used to verify data, ... if a client asks for and receives a chunk ...
    (comp.lang.cobol)
  • Re: what is probability to create two equal hashes for md5 algorithm
    ... Other than that, if the hash is statistically good, the longer the hash, the ... few cases the hashes match. ... md5 and crc32)? ... How much does it cost to compare two hashes? ...
    (sci.crypt)
  • Re: Parsing problem
    ... > I get into hashes I get a headache. ... First off a 'hash' is simply an 'associative array'. ... They are in turn a reference to a hash. ... a punchcard column formated cobol wingDingDingDing style ...
    (perl.beginners)