Sign in to follow this  
Followers 0
rakshit

Need a PIX password decryptor

13 posts in this topic

Are the PIX passwords encrypted using a reversible algorithm? , if so .. what can i use to decrpyt it.

Please suggest me some good PIX password crackers

0

Share this post


Link to post
Share on other sites

I need a PIX password decryptor for eg a cisco PIX password i found was : 7Y051HhCcoiRTSQZ

Now i want to dicipher it to get the clear text password.

ALso i wanna know what sort of encryption does PIX firewalls ........ intake .. i.e. do they have MD5 encryption or DES encryption etc etc

0

Share this post


Link to post
Share on other sites
I need a PIX password decryptor for eg a cisco PIX password i found was : 7Y051HhCcoiRTSQZ

Now i want to dicipher it to get the clear text password.

ALso i wanna know what sort of encryption does PIX firewalls ........ intake .. i.e. do they have MD5 encryption or DES encryption etc etc

http://www.oxid.it/downloads/pix_passwd.txt .. for part a, as already given above.

For the second part of the question, you are too vague - they support md5, des, aes, etc .. depends on the version and what you are looking to do.

0

Share this post


Link to post
Share on other sites

Lines drawn out from a PIX firewall config file

:

PIX Version 6.0(1) ------ PIXµ±Ç°µÄ²Ù×÷ϵͳ°æ±¾Îª6.0

Nameif ethernet0 outside security0

Nameif ethernet1 inside security100 ------ ÏÔʾĿǰpixÖ»ÓÐ2¸ö½Ó¿Ú

Enable password 7Y051HhCcoiRTSQZ encrypted

Passed 7Y051HhCcoiRTSQZ encrypted ------ pix·À»ðǽÃÜÂëÔÚĬÈÏ״̬ÏÂÒѱ»¼ÓÃÜ£¬ÔÚÅäÖÃÎļþÖв»»áÒÔÃ÷ÎÄÏÔʾ£¬telnet ÃÜÂëȱʡΪcisco

Hostname PIX525 ------ Ö÷»úÃû³ÆΪPIX525

Domain-name 123.com ------ ±¾µØµÄÒ»¸öÓòÃû·þÎñÆ÷123.com£¬Í¨³£ÓÃ×÷

Now tell me .. in which encryption the password is based .. md5 , des or something else

0

Share this post


Link to post
Share on other sites

http://c3rb3r.openwall.net/mdcrack/ or use Cain :roll:

Here, output from setting one of my pix with the passwd and enable pass 'cisco':

# Authorized Users Only! #

Type help or '?' for a list of available commands.

FW0> en

Password:

FW0# conf t

FW0(config)# enable pass cisco

FW0(config)# password cisco

FW0(config)# wr mem

Building configuration...

Cryptochecksum: 3546179b b76ad681 3f591c5b e17016aa

1481 bytes copied in 1.200 secs (1481 bytes/sec)

[OK]

FW0(config)# end

FW0# show conf | incl encrypted

enable password 2KFQnbNIdI.2KYOU encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

and cracking the hash on an old P4:

C:\MDCrack-183\MDCrack-sse.exe 2KFQnbNIdI.2KYOU

System / Starting MDCrack v1.8(3)

System / Running as C:\MDCrack-183\MDCrack-sse.exe 2KFQnbNIdI.2KYOU

System / Charset is: abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ

System / Detected processor(s): 1 x INTEL Pentium IV | MMX | SSE | SSE2

System / Detected hash format: PIX-E

System / Target hash: 2KFQnbNIdI.2KYOU

System / >> Using PIX Enable cores: maximal candidate/user salt size: 16/54 bytes

Info / Press ESC for available runtime shortcuts (Ctrl-c to quit)

Info / Thread #0: >> Using Core 1

Info / Thread #0: Candidate size: 1 ( + user salt: 0 )

Info / Thread #0: Candidate size: 2 ( + user salt: 0 )

Info / Thread #0: Candidate size: 3 ( + user salt: 0 )

Info / Thread #0: Candidate size: 4 ( + user salt: 0 )

Info / Thread #0: Candidate size: 5 ( + user salt: 0 )

----------------------------------------------------------/ Thread #0 (Success)\----

System / Thread #0: Collision found: cisco

Info / Thread #0: Candidate/Hash pairs tested: 222 433 622 ( 2.22e+008 ) in 43s 812ms

Info / Thread #0: Allocated key space: 4.85e+028 candidates, 0.00% done

Info / Thread #0: Average speed: ~ 5 076 944 ( 5.08e+006 ) h/s

System / Detected hash format: PIX-E

System / Thread #0: Collision found: cisco

Edited by jabzor
0

Share this post


Link to post
Share on other sites

im working with MDCrack ... for past two days....... and my stats so far:

System / Starting MDCrack v1.8(3)

System / Running as mdcrack M☺☻

System / Resuming saved session: "C:\Documents and Settings\********\Applicatio

n Data\MDCrack\latest.mds"

{

File creation date 08/19/2008 00:12

File last modified 08/19/2008 03:53

Hash 7Y051HhCcoiRTSQZ

Last candidate yMDY&6a

Candidate max size 16

Candidate/hash max pairs 0

Charset abcdefghijklmnopqrstuvwxyz0123456789ABCDEF

GHIJKLMNOPQRSTUVWXYZ~!@##$%&*()[];',

Salt (prepended) <none>

Salt (appended) <none>

Hash algorithm PIX Enable

All collisions no

User Account <none>

HMAC Message <none>

Salt <none>

}

System / Charset is: abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVW

XYZ~!@#$%&*()[];',

System / Detected processor(s): 2 x INTEL Itanium | MMX | SSE | SSE2

System / Target hash: 7Y051HhCcoiRTSQZ

System / >> Using PIX Enable cores: maximal candidate/user salt size: 16/54 byte

s

Info / Press ESC for available runtime shortcuts (Ctrl-c to quit)

Info / Thread #0: >> Using Core 1

Info / Thread #1: >> Using Core 1

Info / Thread #0: Candidate size: 7 ( + user salt: 0 )

Info / Thread #1: Candidate size: 7 ( + user salt: 0 )

I just wanna know if im using the correct hash to go about with MDCrack................ caz im bruteforcing this hash with 2 days now... and with modified charset as u can see

Does MDCrack crack all passwords for all PIX version or it depends on something else...

0

Share this post


Link to post
Share on other sites

It appears that you haven't yet completed the 16byte char the mdcrack sets aside, if they made the enable password really long you're basically not going to crack it anytime soon.

The pix hashes should be the same for every version, unless they were running cisco 7 or whatever other hashing in some far earlier version in which case they wouldn't be detected as pix-e and you could use cis7.exe that comes with mdcrack, or any number of online crackers.

Edited by jabzor
0

Share this post


Link to post
Share on other sites

C:\Documents and Settings\plzbrasdi>cis7 7Y051HhCcoiRTS

( Error ) Unrecognized ciphertext format.

Probably............ the pix password is kept long, so it is taking time.

By the way am i doing bruteforcing correctly! for PIX cracking ?

i dont mind waiting.... to get the result!

0

Share this post


Link to post
Share on other sites

What did it finally end up as? :P

0

Share this post


Link to post
Share on other sites

I found two PIX firewall configs....... while i was analyzing both of them............. i found some difference in their password ... section

PIX1: Enable password 7Y051HhCcoiRTSQZ encrypted

Passed 7Y051HhCcoiRTSQZ encrypted ------ ->(2)

PIX2: enable password GT7rQihWFevPs4V8 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted ->(2)

what are those italic lines ... are they some sort of a salt ... or something else

cud u explain me the differnce in line (1) and (2) one being the same as in Enable password and some having different encryption. :wacko:

0

Share this post


Link to post
Share on other sites
cud u explain me the differnce in line (1) and (2) one being the same as in Enable password and some having different encryption. :wacko:

I'm not sure how much this varies between each encryption mechanism, but usually the first 2 or so characters in an encrypted hash are the salt. The two hashes are different because the salt is different. The actual results can be exactly the same.

Here is a quick ( and ugly ) example:

#!/usr/bin/perl -w
use strict;
for(my $i = 0; $i < 20; $i++){
my $enc = &crypto;
print "$enc\n";
}
sub crypto
{
my @salt_chars = ('a'..'z','A'..'Z','0'..'9');
my $salt = $salt_chars[rand(63)] . $salt_chars[rand(63)];
$_ = crypt("blah", "$salt");
}

mecca@genome:~$ perl test.pl 
39VlenLEtpbHA
kxaJwc2bjWb9c
1bkn/HJU35K7c
iwEv3.xsfCL9g
6mH93tCPDlhwI
ny.vElCSkhKpc
lSDTQgeJQ3wpk
8fGh/j83Asy9I
PCn1hzKExxRzM
bREDC2tJgwAJM
zWVw/zA1JYtfI
p0WaNonKb9bls
G16/qAPjs7.tU
oDkjjnhmXxelI
Z3OWh01KM5BUk
eWLS3NpO9B3qY
et.0Vw0eHLnr6
P6NMQ3KXbaDSU
69fMlyCVIwmtw
TbmV05JKbG7yQ

I used crypt to make a hash of the word "blah." While each of those hashes are completely different, their encrypted value is exactly the same.

Edited by mecca_
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0