Penetration Testing mailing list archives
Re: Netscreen Pen-Test
From: David Eduardo Acosta Rodríguez <david.acosta () internet-solutions com co>
Date: Tue, 10 Jan 2006 17:34:24 -0500
Hi: See the implementation of Rainbowcrack project http://www.antsight.com/zsl/rainbowcrack/ with MD5 support. Greetings, Ing. David E. Acosta R. Security Consultant - CISSP Internet Solutions Colombia "The Information Security Experts" http://www.internet-solutions.com.co david.acosta () internet-solutions com co Phone (movil): (57) 3108810829 Phone (office): + 571 3120910 ext 17 Fax (office): +571 3120577 CONFIDENCIAL. La información contenida en este e-mail y cualquier archivo anexo es confidencial y sólo puede ser utilizada por el individuo o la compañía a la cual está dirigido. Si no es usted el destinatario autorizado, cualquier retención, difusión, distribución o copia de este mensaje está prohibida y es sancionada por la ley. Si por error recibe este mensaje, le ofrecemos disculpas y le agradecemos reenviar el mensaje al emisor original y eliminarlo de su inbox inmediatamente. ----- Original Message ----- From: <tyoud () securityfocus com>; <at () securityfocus com>; <u () securityfocus com>; <dot () securityfocus com>; <washington () securityfocus com>; <dot () securityfocus com>; <e () securityfocus com>; <d () securityfocus com>; <u () securityfocus com> To: <pen-test () securityfocus com> Sent: Monday, January 09, 2006 8:59 PM Subject: Netscreen Pen-Test
Hello pen-testers. Netscreen firewalls, for example, the Netscreen 5GT, keep a hash of the
admin login and password in the configuration file.
Tantalyzingly, they do nutty things like sprinkle the consonants of the
word "netscreen" backwards into the hash,
and as John Petropoulos and Ranjeet Shetye noticed, they appear to not
have a very random random number generator producing the base64-style hashes. (see http://www.derkeiler.com/Mailing-Lists/securityfocus/pen-test/2003-09/0090.html for example).
I thought to myself how easy it would be to provide some known plaintext
for cryptographers so that they could take a swipe at the problem.
So here it is! Comma-separated for easy inclusion into a .csv file. The
format is admin account name, plaintext password, password hash:
a,netscreen,nMf9FkrCIgHGccRAxsBAwxBtDtPHfn b,netscreen,nEYwA6rHECaGcyzH7s4Ef0JtJ7Ovqn c,netscreen,nN5vNxrTBa8BcRSP/spI+ODthnNA2n d,netscreen,nOCPNWrkJkwPckyCksdGLFLtyALefn e,netscreen,nNpfMYrzM1XKcoLICsEJD0KtVrP1xn f,netscreen,nBmjG1rMLAjCcYsLgszHNUOtbgIi9n g,netscreen,nOW0EirCBXrFcTSO+sTCunJtxoCWjn h,netscreen,nNCzEsrULPqLctaIzstDiIFt4BAPRn i,netscreen,nIoALErdKihGcd2Mzs7OIaMtwSN3nn j,netscreen,nAImPHraLbsBcP8AysVI8rLtELI42n k,netscreen,nPWUAwruKnjLcjyBxsrKSGOt0lFYLn l,netscreen,nFHuCLrgAOhGctLK9sRHVhItfGDlQn m,netscreen,nLPsGhrXBVOKc+tLEsJC8rFtQPFAGn n,netscreen,nJbjOqr3AoLKckvBEsMPm+ItwxIcfn o,netscreen,nLZnKZrwNhpAcUoCKs4EroGtMPFtCn p,netscreen,nD25PgrPJFvBc3FFas0KTZBtUhJSzn q,netscreen,nCSmHBrgK61AcuYDSsVEE3KtggD6ln r,netscreen,nN5kDCroNgcHcvwHlsUN1OKtuEFhgn s,netscreen,nFlSErrGAtXJcjSF+sWIdhEtg7Dp9n t,netscreen,nD7PForEEuOMcQsCEstJuNKtEFMBbn u,netscreen,nHk0H3rNLZ2Lc6oIFs9KbGEtLrNWon v,netscreen,nFXlPkrKEleJceeDSsNIkXEtteI/9n w,netscreen,nPW/I8reK1ZNclTDkswGQMDt6QJ0sn y,netscreen,nHDKMPrcOpmMciIKfssLjPAtosDbNn z,netscreen,nHGAClrCCt5BcKIIssoHe+PtrZMjCn A,netscreen,nNMGB7reAaTEcqrLcsoCPFEtrvHfBn B,netscreen,nNBrKbrfFYYOcFlAUsjMPcCt+HFtOn C,netscreen,nCeoP/r/FpkKcaaG1s5MKdBtc5CzTn D,netscreen,nDKKLsrXBfdHc7EHGseHtvEtpEEjBn E,netscreen,nGLcArrkMejGcAgHzsGFFsAtDTFw7n F,netscreen,nAynD8reA82EcpNNYsbKoOMtJdEQun G,netscreen,nJIFEfrsBwtIccwMzsfF+iKtfeDihn H,netscreen,nCs0EIrUIc0JcyAPcs5FyIDttiDRjn I,netscreen,nBi2J8rjAPFDcLSLKsnFA2AtHrJ9qn J,netscreen,nMoONMrKI1OLcTQA/sIPxyPthkD7nn K,netscreen,nP+uFRrcH58Cce0I9sCAkLPtxOLPKn L,netscreen,nOGxO2rOAAjPc0wGJsyEJCJtJcHFAn M,netscreen,nAPxCjrSLn2LcT8AzsJEfqItC+EPpn N,netscreen,nLZOBGrNKDUFcO2FQszE3+Kt6wMvIn O,netscreen,nESGF2rmA3jPcFpOFspHZnHt89B1fn P,netscreen,nOQsAQrBDyZOcWMI4sQClOFt1QNCEn Q,netscreen,nNspOdrQFPRGcbnM5sZJOsHtE/IDLn R,netscreen,nKqrFuruMykAccyMAsgNahItkxFcNn S,netscreen,nI7oJKrpARbBcF9FnsIP6lMtdYDSGn T,netscreen,nN3VDlr8B6kGc7hASsZOKgHthlEk/n U,netscreen,nEieEKryKpbKcLmIysDIeLNtXLEcAn V,netscreen,nAQlA2rHONNAchsLasSK9hOtxoLZsn W,netscreen,nO79C8r3P9pAciZB+sEAYiEt89NZ6n X,netscreen,nFkfAorJK8SPc0kGpseI75GtD9MTzn Y,netscreen,nLaeAkr0HBlEcXmIAsdJKqLt+HIQPn Z,netscreen,nMjQJJrcConFckPG2s1P4SGtxkDJJn 0,netscreen,nP7GBrryJf+Lc/gOksoDBrEtXND5vn 1,netscreen,nFzfM+rHAcFPcgEMBs2HEmMtZDK/Cn 2,netscreen,nHPSGGr9F8BNc5kLps6AZlOtDKJcEn 3,netscreen,nL6wDFrUFv/HcnhGQsiK+5JtWwLbZn 4,netscreen,nOvRNzraDhBOc0lEps2HHVJtW3Apun 5,netscreen,nA8YPxrKKSTOcrXCYsrPN5MtA5JbXn 6,netscreen,nA50LarvC5LIcMTBTsQK76OtWUAaJn 7,netscreen,nL5OFFriJC0AcCYAlsiJhdOt9bOIkn 8,netscreen,nA/TGyr2D65KcsmBusxKKcPt+VO+Kn 9,netscreen,nD27NurwMm4KcQrAOsNJNsNtsxPx/n 0,netscreen,nP7GBrryJf+Lc/gOksoDBrEtXND5vn +,netscreen,nPlDJjr9FkADcpTIPs8HFQFtjuFeUn /,netscreen,nFYbOmrlGHuFcL3Ogs1Js+PtZeI1Ln netscreen,a,nCAyE9rEMlJCciPASsYEyRMtjrKcrn netscreen,b,nCD+GurSCh6Nc23I5sZCZbFtcYOtWn netscreen,c,nJBHPir3M3gAc99JnsoNsQAtGsNAvn netscreen,d,nGoVPPrkAhMHcieDksYBP6Gt9TLsxn netscreen,e,nO4VErrvBu4KcboG3sMCq0MtzdPapn netscreen,f,nFnZIgrSOVRMcyfDWsMGJoLtlnHaIn netscreen,g,nJkUOIrzLXAJc20OTsYGGhLt6/PxNn netscreen,h,nFf9PprAMVkOc91BMsvHrhDtqsMnun netscreen,i,nKmNIArXKhwJc97LQsjDg1Nt2nMMOn netscreen,j,nHgBLMrfJGnDcpkOksvI6XOtO+Fern netscreen,k,nOUGPHrXAGLOcH7BpswKp0KtshEKhn netscreen,l,nEUtIOrWKDqJcIZAhspHc/CtTsIHGn netscreen,m,nIM0LUrhJYKEcRqAisRLGuDtpLMykn netscreen,n,nLHRCjrfCZJCcxCJLsdAZYJtlnNiYn netscreen,o,nIueE5rcGW7Mc1lGLscKgEMtZVGRmn netscreen,p,nB6LMQrfP0cJccMDVsiFKzJtuDFgkn netscreen,q,nKUpKjr6EusIczHFbsTHjMJt3kJCxn netscreen,r,nP/pPir2HYKFc0nP6sjGa+CtyYExyn netscreen,s,nAKXGbr/MltDcyOPHshIdbBtejOyrn netscreen,t,nIy3PHr3ImzFcj7B7sPKSfHtHfHmEn netscreen,u,nCfmAorcMPyNc4SEMsCOE8Etp6KJVn netscreen,v,nDrgJvrjPyjLchkFisRG2WJtfKIvUn netscreen,w,nHLtNkriBotNcisOVsaAVhBt8RGJ1n netscreen,x,nKxKPlr7NmKJczpG/spL5cPt9SKpbn netscreen,y,nCdFHSrrI0cBcMbHlsxKVKEtLqKkLn netscreen,z,nCkcDmrjCSoMcngAqskKjsHtfaO1Gn netscreen,A,nMJ8FWrXP1ENcIuNisMPtoAtKvOosn netscreen,B,nDiBOVrcOukLckMNTsnHf/HtLlLHPn netscreen,C,nAo5OyrPHmINc73KwsUMMxKtk8M8yn netscreen,D,nGguOSrhPJZEchwLws7KGUNt5xGDyn netscreen,E,nLfWLQrDLWSLc3lJSsSN2nKtBSDYRn netscreen,F,nCX2F9rPJAeLcUaOzsnN+tEtkMHvpn netscreen,G,nHO0MKrUKJ5Dcx2AOsCNKBAtk6F90n netscreen,H,nCV5KTrJLFAJcE5GjspJz8Et0nNT2n netscreen,I,nB/mMdrkNv9FchSCpsuKv3ItFgOY1n netscreen,J,nCBcLgrNPZaKcdfD9sJJJ4Gt/fItUn netscreen,K,nFroOurpHK1DcdQCYsnDsCCtzmPNan netscreen,L,nFtTD4rAOpUAcDbNYs/BbDItfTPXmn netscreen,M,nKXnPOrMA+bNcz7KZsSDqpLtpzC8An netscreen,N,nID1Lkr+AdHKc8sPksNBxeNtfZOzan netscreen,O,nG3DD7rKDBLJcuJCCsoFvANtHQLWhn netscreen,P,nPg+GdrYJf6GcX0NfsuNOKAtxuOqFn netscreen,Q,nI2SN2roPvWPcNjDIseA5ALtjIPIFn netscreen,R,nP/pPir2HYKFc0nP6sjGa+CtyYExyn netscreen,S,nCeyKHrtBGhFceFL8sGIqIGtUCOT/n netscreen,T,nGWFHnr+MF/EcrJHRseP9RBtIyNVJn netscreen,U,nPrtNvruNZFPcFBDIsAKszHt6VP0Dn netscreen,V,nP36AurPFP5Lc42EdsnIPtFt5SNayn netscreen,W,nFMjAkrzDRIIcBEOhsWMsCHt+ZHlhn netscreen,X,nEn4JKrvDEfLciiLysqNC3ItQfB41n netscreen,Y,nOyVIHrXP/fHcTvCnszOM5It5HHECn netscreen,Z,nFRLClrFDiRIcR6M7sfAL/MttaGh1n netscreen,0,nJB7PBrUJQnHcolEnsnLbkGt7+Bnpn netscreen,1,nKeZGvrkNDkPcAPBmsCA4HOtH7GS7n netscreen,2,nOQZIFrvATpIcOdASsZMK8OtfMK4an netscreen,3,nPpJA8rpL0CKcpTAYsOJ2LAtrMM68n netscreen,4,nLxjIprbBdiEcwHAusWPcwKtcIEdIn netscreen,5,nGu7CdrtMKOHcehC6scAR6It/EEJPn netscreen,6,nPoTEoryJMGBcT1IZsXMezJtbCE7Nn netscreen,7,nMKkGrryI4EDcZoJosoPC0HtEtD10n netscreen,8,nIi9IerwI9GMcAiESsoDQoCtQpCIin netscreen,9,nGJaIZrsLX0FcsLGvsoCNtGtYaJ6Hn netscreen,0,nJB7PBrUJQnHcolEnsnLbkGt7+Bnpn netscreen,+,nP7jFBrSBEPDcYQMOsAHKXGtsSCecn netscreen,/,nNfJCMrUA45GcrfOTsmDXFGtltLJGn Do we need more data? (I have more) --------------------------------------------------------------------------
----
Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers do!
Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 --------------------------------------------------------------------------
-----
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Netscreen Pen-Test tyoud (Jan 10)
- Re: Netscreen Pen-Test David Eduardo Acosta Rodríguez (Jan 10)