Cracking a netscreen (Juniper) password hash

Hi list!
I hope you don't get to bored, but I'm back with yet another password hash
which I would like to be able to crack. This time it's from a Juniper device
running Netscreen OS. As with the Extreme Networks hash post I wrote a while
ago, I could use THC Hydra or similar to crack the password remotely, but as
you know this method is slow.What I would like to be able to do is run
John, or any similar application, to crack the hashes created by the Juniper
device using brute force or a wordlist.

I found a discussion on this mailinglist from 2003 about Netscreen hashes
(http://www.securityfocus.com/archive/101/336007), and one from January this
year (http://www.securityfocus.com/archive/101/487496). But it seems like
the issue was never solved. Therefore I thought that it might be a good idea
to pick up the topic again.

In earlier discussions it is suggested that the hash is an MD5-hash with a
few minor changes, such as the letters ntscrn (netscreen) added backwards on
certain positions in the hash. And that the letters in certain positions in
the hash are always upper-case. It has been suggested that removing
n...r...c...s...t...n (ntscrn backwards) from the hash would turn it into an
MD5-hash, but that seems to be wrong. Additional changes seems to have been
made to it (if it's even MD5).

The following link contains a number of
"username,password,hash"-combinations:
http://www.securityfocus.com/archive/101/421434
Example hash (username, password, hash):

a,netscreen,nMf9FkrCIgHGccRAxsBAwxBtDtPHfn

Does anyone have any information/ideas about these hashes and/or how they
can be cracked? There seemed to be a lot of people with good ideas last time
I needed help.

Cheers,
Alexander

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Relevant Pages

  • Re: Cracking Ettercap Generated hashes
    ... What you have there are the challenge/response hashes. ... You can crack ... i got a hash through Ettercap(ARP ... Chief Information Security Officer ...
    (Pen-Test)
  • Re: Craking Serv-u passwords stored in .ini file.
    ... let me say that I ran across Lepton's crack about a year ... > 1) hash the password, with or without prepending the salt, doesn't matter. ... > 4) append the salt to the last hash if you like, but I don't see any particular reason to do so ...
    (Pen-Test)
  • Re: [Full-disclosure] Best way to crack NT passwds
    ... You needn't actually crack the password if you know your hash, ... Xurron> I have tried many softwares for cracking NTLM hashes, like NC4, ... Cain and have't tried Rainbow Crack yet. ... that hashes on some site and it did recover my passwd in around 5min. ...
    (Full-Disclosure)
  • reversing hash ?
    ... Looking for a solution to crack a javascript hash coded string! ... I'm not active in informatics professionally but I do some programming in my ... Could anyone tell me how I could crack this code? ...
    (sci.crypt)
  • Re: Vigenere style One time pad?
    ... >> since everyone is so sure that it's so remarkably easy to crack a ... Don't think Jim does, either. ... Hash: SHA1 ...
    (sci.crypt)