lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu Sep 29 18:40:09 2005
From: Jerome.Poggi at hsc-labs.com (Jerome Poggi)
Subject: Update of ciscocrack.c

Recently I try to use ciscocrack to reveal some password protected with
CISCO xor algorithm, and I see that some long long password can not be
uncipher correctly.
So I update the xlat xor table from the original C file, and now it's Ok
to uncipher good PSK in CISCO WIFI router  :-)

Remind tha it only work on :
  password 7,
  password-enable 7, 
  ascii 7,
  key 7

The original table was :
char xlat[] = {
        0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f,
        0x41, 0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72,
        0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44
};

can be found at PacketStorm
http://packetstorm.linuxsecurity.com/Exploit_Code_Archive/ciscocrack.c

Now the new was :
char xlat[] = {
        0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f,
        0x41, 0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72,
        0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44, 0x48, 0x53,
        0x55, 0x42, 0x73, 0x67, 0x76, 0x63, 0x61, 0x36,
        0x39, 0x38, 0x33, 0x34, 0x6e, 0x63, 0x78, 0x76,
        0x39, 0x38, 0x37, 0x33, 0x32, 0x35, 0x34, 0x6b,
        0x3b, 0x66, 0x67, 0x38, 0x37,
        0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f,
        0x41, 0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72,
        0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44, 0x48, 0x53,
        0x55, 0x42, 0x73, 0x67, 0x76, 0x63, 0x61, 0x36,
        0x39, 0x38, 0x33, 0x34, 0x6e, 0x63, 0x78, 0x76,
        0x39, 0x38, 0x37, 0x33, 0x32, 0x35, 0x34, 0x6b,
        0x3b, 0x66, 0x67, 0x38, 0x37
};

It was extract from an uncompressed binary image of IOS 12.2(8)

0df4a70:                     6473 6664 3b6b 666f          dsfd;kfo
0df4a80: 412c 2e69 7965 7772 6b6c 644a 4b44 4853  A,.iyewrkldJKDHS
0df4a90: 5542 7367 7663 6136 3938 3334 6e63 7876  UBsgvca69834ncxv
0df4aa0: 3938 3733 3235 346b 3b66 6738 3700 0000  9873254k;fg87...

You can find the modified ciscocrack.c file in attached piece.

I extend also some buffer ... ;-)

--
Jerome POGGI                               Jerome.Poggi@...-labs.com
Herve Schauer Consultants   -=-   Network security consultant, CISSP
http://www.hsc.fr/                             Tel : +33 141 409 700
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ciscocrack.c
Type: text/x-csrc
Size: 5197 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050929/53c256cb/ciscocrack.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ