Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Cisco-ASA MD5 increase max Password #1488
I have to open a new case, because my previous one #1478 was closed.
if I use -m 2410 I get the following warning:
./OpenCL/m02410_a3-optimized.cl: Pure OpenCL kernel not found, falling back to optimized OpenCL kernel
I Used the example Hash: hashcat64.exe -m 2410 -a 3 02dMBMYkTdC5Ziyp:36 hashca?l?d?d?d?d?d?d
Is it possible to get a information on what is the max password length?
In my older Post the reason was, that it makes no sense to increase it because it does not support passwords longer 12.
From the help of an ASA Device I have this Information: Enter a password between 3 and 127 characters.
You can also find this online:
Looks like OS versions below 9.7 support 32 characters or less?
Trying to find a volunteer to help me verify on a live system.
It's possible that the length 16 was extended some time even earlier than the predecessors of 9.7. According to this page (but references a dead link), in OS version 7.0, the maximum was increased from 16 to 32:
Wayback Machine copy of "Cisco ASA 5500 Series Release Notes, Version 7.0(5)" at https://web.archive.org/web/20140215184559/https://www.cisco.com/c/en/us/td/docs/security/asa/asa70/release/notes/asarn705.html says:
"Username and enable password length limits increased from 16 to 32 in the LOCAL database"
Yeah it was 16 at the time we got the first version of our format. I guess we need to bump it in JtR too.
So, we'll need some samples with known plain, to determine how to terminate the longer passwords. Perhaps it's set at minimum pos 16 (with nulls or spaces as padding? Can't remember but easy to check source) but then follows normal termination? That would be backwards compatible. But there's no point in guessing - we need samples!
Some kind colleagues generated examples for us.
Here's OS version 9.4(1), with plaintext lengths 8, 16, and 20:
And here's OS version 7.0(8):
I can paste some examples too:
username admin1 password 12345678901234
username a password 12345678
username adm password 12345678
username admin1 password jPvB8dZSJc584qfl encrypted
username adm password yBEOBp9AO4K.3mYs encrypted
I was lucky to find the change to the algorithm in order to crack passwords > 16. One simply needs to pad with zero bytes to a next segment of 16 bytes.
@SilRo991 Thanks for the example hashes, that helped. If you want to play with it, clone latest hashcat version from github and build from source or use the binary beta from https://hashcat.net/beta/ to crack them.
@magnumripper The change required is explained best way here: e877c30#diff-7687bc127baaaa448c5fc5e56f0c2133L5571