Penetration Testing mailing list archives
Cracking a netscreen (Juniper) password hash
From: Alexander Sandström Krantz A <alexander.a.sandstrom.krantz () ericsson com>
Date: Mon, 28 Apr 2008 13:59:16 +0200
Hi list! I hope you don't get to bored, but I'm back with yet another password hash which I would like to be able to crack. This time it's from a Juniper device running Netscreen OS. As with the Extreme Networks hash post I wrote a while ago, I could use THC Hydra or similar to crack the password remotely, but as you know this method is slow.What I would like to be able to do is run John, or any similar application, to crack the hashes created by the Juniper device using brute force or a wordlist. I found a discussion on this mailinglist from 2003 about Netscreen hashes (http://www.securityfocus.com/archive/101/336007), and one from January this year (http://www.securityfocus.com/archive/101/487496). But it seems like the issue was never solved. Therefore I thought that it might be a good idea to pick up the topic again. In earlier discussions it is suggested that the hash is an MD5-hash with a few minor changes, such as the letters ntscrn (netscreen) added backwards on certain positions in the hash. And that the letters in certain positions in the hash are always upper-case. It has been suggested that removing n...r...c...s...t...n (ntscrn backwards) from the hash would turn it into an MD5-hash, but that seems to be wrong. Additional changes seems to have been made to it (if it's even MD5). The following link contains a number of "username,password,hash"-combinations: http://www.securityfocus.com/archive/101/421434 Example hash (username, password, hash): a,netscreen,nMf9FkrCIgHGccRAxsBAwxBtDtPHfn Does anyone have any information/ideas about these hashes and/or how they can be cracked? There seemed to be a lot of people with good ideas last time I needed help. Cheers, Alexander
Attachment:
smime.p7s
Description:
Current thread:
- Cracking a netscreen (Juniper) password hash Alexander Sandström Krantz A (Apr 28)