Penetration Testing mailing list archives
AW: Unisphere Password Hashes
From: Marc.Werner () t-systems com
Date: Mon, 12 Sep 2005 08:51:54 +0200
Hi Miguel, I've already tried a real-live-known password and the decrypted string doesn't make sense too. So I'm sure the algorithm isn't Base64... Cheers Marc -----Ursprüngliche Nachricht----- Von: Miguel Dilaj [mailto:mdilaj () nccglobal com] Gesendet: Freitag, 9. September 2005 09:48 An: Werner, Marc Cc: pen-test () securityfocus com Betreff: RE: Unisphere Password Hashes Hi again, What about providing a few real-live known passwords and their encrypted counterparts? It won't be the first time the "example from the manual" is rubbish (Lotus Notes/Domino comes to mind...) On the other hand, if base64 decryption of your example produces "cd1163", I mean THAT as the password, even with it being composed of perfectly valid hex digits. A "hash" or "encrypted password" of 3 hex bytes seems simply too short for me... Cheers, Miguel -----Original Message----- From: Marc.Werner () t-systems com [mailto:Marc.Werner () t-systems com] Sent: 08 September 2005 09:31 To: pen-test () securityfocus com Cc: mdilaj () nccglobal com Subject: AW: Unisphere Password Hashes Hi, this hash seems to be not a base64 hash. I tried to decrypt the one I found in a (real live) config. Cain wasn't able to crack this. Trying the example from the manual cain showed me "cd1163" as the hex-dump of the given example... Any other ideas??? Cheers Marc -----Ursprüngliche Nachricht----- Von: Miguel Dilaj [mailto:mdilaj () nccglobal com] Gesendet: Donnerstag, 8. September 2005 10:02 An: pen-test () securityfocus com Cc: Werner, Marc Betreff: RE: Unisphere Password Hashes Hi Marc, This is the base64 for "cd1163", so I suppose that this was the password ;-) Cheers, Miguel
Does anyone know how the passwords on unisphere (juniper) ERXs are hashed?
They look like zRFj_6>^]1OkZR@e!|S$ (example from the manual). Do they have different hash types for different
security levels? Thank you in advance!!!
**************************************************************************** ******************************* DISCLAIMER: This e-mail contains proprietary information, some or all of which may be legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail. If you are not the intended recipient you may not use, disclose, distribute, copy, print or rely on this e-mail. **************************************************************************** ******************************* ---------------------------------------------------------------------------- -- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- *********************************************************************************************************** DISCLAIMER: This e-mail contains proprietary information, some or all of which may be legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail. If you are not the intended recipient you may not use, disclose, distribute, copy, print or rely on this e-mail. *********************************************************************************************************** ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- AW: Unisphere Password Hashes Marc . Werner (Sep 08)
- RE: Unisphere Password Hashes Miguel Dilaj (Sep 11)
- <Possible follow-ups>
- AW: Unisphere Password Hashes Marc . Werner (Sep 12)