Tuesday, December 15, 2009

Cisco Password Encryption Published

Hey Programmer's, need to know something. Dont take this in a destructive
way, it is just provided for recovery purposes. 
Cisco PIX passwords are limited to a length of 16 Bytes, so in theory
 there are 255^16 possible passwords, but in real life there are about
 80^16 useful password combinations, take a look at your keyboard to
 verify, even if strong passwords are used.

 Cisco's password encryption is based on base64 encoded MD5 hashes.
 Routers IOS uses 1000 MD5 Update rounds to make password brute forcing
 attacks harder, but the PIX firewall uses only one MD5 update and then 
 the digest is base64 encoded.

 For base64 encoding Cisco uses the _crypt_to64() Function of the 
 FreeBSD libcrypt library.

 Here's the code to compute PIX password hashes:

         MD5Context ctx1;
         unsigned char final[MD5_SIZE+1];
         unsigned char cleartext [16+1];
         unsigned char cisco_encoded [16+1];

         memset(cisco_encoded,0,sizeof(cisco_encoded));
         memset(cleartext,0,sizeof(cleartext));
         strcpy((char*) cleartext,"test");

         MD5Init2(&ctx1);
         MD5Update2(&ctx1,(unsigned char*) cleartext,16);
         MD5Final2(final,&ctx1);

         char* p = (char*) cisco_encoded;
         _crypt_to64(p,*(unsigned long*) (final+0),4); p += 4;
         _crypt_to64(p,*(unsigned long*) (final+4),4); p += 4;
         _crypt_to64(p,*(unsigned long*) (final+8),4); p += 4;
         _crypt_to64(p,*(unsigned long*) (final+12),4); p += 4;
Regards,
Ashish Saretia.
+919893876066

No comments:

Post a Comment