Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Extreme Networks password hash

From: Jean-Paul Eklo <kuneklo () hotmail com>
Date: Fri, 18 Apr 2008 14:22:48 +0200


-

--------------------------------------- 
configure account admin encrypted
452tVo$nEbHpfJFTUGyBrqmtY8q3.
452tVo$nEbHpfJFTUGyBrqmtY8q3.
create account user "user" encrypted "yN/tVo$ARBcY8KlQBq.lvJg2nc5F."
-------------------------------------- 

As these commands contain different hashes, even though both users are given
emtpy passwords, I guess the hash is salted. From the length I also guess that
it's SHA224, but that is a complete guess as I really have no idea.

Does anyone know about the kind of hash used, or recognize the ones in the
configuration? If you do, would you happen to know any tool that can perform
an attack against this kind of hash?

Cheers,
Alexander




Hi Alexander,

Using the openssl command 

openssl passwd  -1 -salt 452tVo

I got  the result :

$1$452tVo$nEbHpfJFTUGyBrqmtY8q3. . I used  452tVo as salt and an MD5 hash.
Just for info for the user's password :

openssl passwd  -1 -salt yN/tVo
Password: 
$1$yN/tVo$ARBcY8KlQBq.lvJg2nc5F.

HTH

Jean-Paul

_________________________________________________________________
Avec Hotmail, vos e-mails vous suivent partout ! Mettez Hotmail sur votre mobile !
http://www.messengersurvotremobile.com/?d=hotmail
------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: