Re: Extreme Networks password hash

[Tim <tim-pentest () sentinelchicken org>]

> --------------------------------------- 
> configure account admin encrypted
> 452tVo$nEbHpfJFTUGyBrqmtY8q3.
> 452tVo$nEbHpfJFTUGyBrqmtY8q3.
> create account user "user" encrypted "yN/tVo$ARBcY8KlQBq.lvJg2nc5F."
> -------------------------------------- 

I don't know of any tools for this specific hash, but if you're trying
to work out the algorithm, there's a few questions that need answered.
First off, this looks a lot like base64 encoding right?  But not
quite...

Base64 strings are generally made up of the [A-Za-z0-9/+=] character
set, with '=' being a padding character.  Your strings have mysterious
'.' and '$'.  Why?  I've seen variants of base64 where '/', '+', and/or
'=' are simply translated to another character because these are
inconvenient in the specific context.  For instance on your command
line, perhaps '=' and '+' are operators and it's a pain to escape them.
One of your hashes has a '/' so '.' may map to equals or plus.  

Now as for your '$', it could also map to equals or plus, but it's quite
the coincidence that the $ appears at the same position in both hashes.
I suspect it's simply a delimiter to separate a salt from the hash.  The
padding seems a little wonky, but you could have a base64 encoded salt
of say 32 bits, followed by a hash of perhaps 128 bits.  Just depends on
how what you think the '.' character is all about.  More example hashes
would be helpful here.

good luck,
tim

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------