Re: NetScreen Password Hash

From: Paul Melson (pmelson@gmail.com)
Date: Mon Feb 04 2008 - 21:39:06 EST


On Jan 31, 2008 2:47 AM, Serdar Cetin <cetinserdar@e-kolay.net> wrote:
> I am doing a penetration test and i managed to get the config file of
> netscreen 204 , i want to crack password so i can get Access to device (I
> got the admin manager ips) but i couldnt figure out the type of password
> hash , i have also searched the google nothing but old archive about same
> issue looks like a failure ! , is there any1 knows how to get around the
> password hash or a tool to crack the password hash of netscreen 204 config
> file

As far as I know Netscreen/Juniper has never published details of how
ScreenOS generates the admin password hash. There's a pretty good
treatment of this topic from several years ago on this list:

http://www.derkeiler.com/Mailing-Lists/securityfocus/pen-test/2003-09/0020.html

If the hash is indeed salted, you're probably out of luck. I did a
quick Google search [1] and was able to come up with at least a dozen
unique hashes, several of which contain the cleartext password on the
same page. You might try searching for the password string from your
config file in hopes of getting lightning to strike.

PaulM

[1] http://www.google.com/search?hl=en&q=netscreen+%22set+admin+password%22&btnG=Google+Search

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:23 EDT