From: miguel.dilaj@pharma.novartis.com
Date: Fri Sep 05 2003 - 03:31:53 EDT
Hi all,
If it's a "pure" MD5 hash, our tool Lepton's Crack will help you to crack
it.
You can get it from Freshmeat, there you've a pointer to the website.
Recently, Piero Brunati ported it to VC++ (our tool compiles on Linux or
Windows with Cygwin), adding a couple additional features, see
http://www.nestonline.com/lcrack/
Cheers,
Miguel
aka Nekromancer
lawal@shaw.ca
04/09/2003 07:02
To: Marc Ruef <maru@scip.ch>
cc: pen-test@securityfocus.com
Subject: Re: Cracking a Netscreen password
Category:
Hi Marc,
I believe the config files have an MD5 hash of teh actual password. If you
haver access to the config file, which obviously reveals the hash, you can
perform a brute force attack on the password. You can write a script that
will generate a random password, and take the MD5 hash of it. Then compare
the MD5 hash from the password generated by the scriot with the hash
obtained from the config file. If it matches, then you have the password.
However, cracking the password does not automatically give you access to
the Netscreen device. If the administratotr has disabled all management
features from the WAN side, you will be unable to get in. However, if you
have compromised a host on the internal LAN, then, you can probably get on
to the netscreen device from the inside.
Hope this information helps.
Regards
Ola
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:39 EDT