[j-nsp] Unscramble authentication-key

Hank Nussbacher hank at mail.iucc.ac.il
Mon Apr 19 15:20:26 EDT 2004


At 11:28 AM 19-04-04 -0400, Eric Van Tol wrote:
>An aside to this is, if the remote end is a Cisco, there are tools out
>there that can easily decode their encryption strings.  SolarWinds
>(www.solarwinds.net) makes a tool that can decode the Cisco strings.  It
>cannot do MD5, though, so you may be out of luck if the remote end is
>not a Cisco.

Cain and Abel can decode Cisco MD5 hash strings:
http://www.oxid.it/
as well as a few other MD5 algorithms (like RIPv2 and OSPF).  It will use 
dictionary and well as brute force attacks.

-Hank


>evt
>
>-----Original Message-----
>From: Jared Mauch [mailto:jared at puck.nether.net]
>Sent: Monday, April 19, 2004 4:24 AM
>To: Robert Kiessling
>Cc: juniper-nsp at puck.nether.net
>Subject: Re: [j-nsp] Unscramble authentication-key
>
>
>On Mon, Apr 19, 2004 at 10:15:18AM +0200, Robert Kiessling wrote:
> > Hello,
> >
> > in order to do a comparison between configured MD5 secrets and a
> > database, we need to decode the $9$ scrambeled authentication-keys.
> >
> > What's the algorithm for this?
>
>         If the other side is a cisco, it's stored in cleartext in
>memory.  you just need to find the location of the tcp tcb in
>memory and do "sh mem <address>" and you'll find it not far in
>there..
>
>         - jared
>
>
>--
>Jared Mauch  | pgp key available via finger from jared at puck.nether.net
>clue++;      | http://puck.nether.net/~jared/  My statements are only
>mine.
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/juniper-nsp
>
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list