Penetration Testing mailing list archives
Re: Extreme Networks password hash
From: Tim <tim-pentest () sentinelchicken org>
Date: Thu, 17 Apr 2008 10:02:19 -0700
--------------------------------------- configure account admin encrypted 452tVo$nEbHpfJFTUGyBrqmtY8q3. 452tVo$nEbHpfJFTUGyBrqmtY8q3. create account user "user" encrypted "yN/tVo$ARBcY8KlQBq.lvJg2nc5F." --------------------------------------
I don't know of any tools for this specific hash, but if you're trying to work out the algorithm, there's a few questions that need answered. First off, this looks a lot like base64 encoding right? But not quite... Base64 strings are generally made up of the [A-Za-z0-9/+=] character set, with '=' being a padding character. Your strings have mysterious '.' and '$'. Why? I've seen variants of base64 where '/', '+', and/or '=' are simply translated to another character because these are inconvenient in the specific context. For instance on your command line, perhaps '=' and '+' are operators and it's a pain to escape them. One of your hashes has a '/' so '.' may map to equals or plus. Now as for your '$', it could also map to equals or plus, but it's quite the coincidence that the $ appears at the same position in both hashes. I suspect it's simply a delimiter to separate a salt from the hash. The padding seems a little wonky, but you could have a base64 encoded salt of say 32 bits, followed by a hash of perhaps 128 bits. Just depends on how what you think the '.' character is all about. More example hashes would be helpful here. good luck, tim ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Extreme Networks password hash Alexander Sandström Krantz A (Apr 17)
- Re: Extreme Networks password hash RB (Apr 18)
- Re: Extreme Networks password hash Marco Ivaldi (Apr 18)
- Re: Extreme Networks password hash Peter Kosinar (Apr 18)
- Re: Extreme Networks password hash Tim (Apr 18)
- DoS Tool Baykal, Adnan (CSCIC) (Apr 23)
- Re: DoS Tool Razi Shaban (Apr 23)
- DoS Tool Baykal, Adnan (CSCIC) (Apr 23)
- RE: Extreme Networks password hash Jean-Paul Eklo (Apr 18)
- Re: Extreme Networks password hash razi garbie (Apr 18)
- RE: Extreme Networks password hash Alexander Sandström Krantz A (Apr 21)