![]() |
RIPv2 - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html) +--- Forum: Old hashcat Support (https://hashcat.net/forum/forum-20.html) +--- Thread: RIPv2 (/thread-2707.html) |
RIPv2 - digininja - 10-11-2013 Has anyone used Hashcat against RIPv2? It is keyed MD5 and I've taken a very quick look at the RFC and didn't understand a word of it so before I start learning all about keyed MD5 I thought I'd check if someone has already worked out how to do it. http://tools.ietf.org/html/draft-ietf-ripv2-md5-03 RE: RIPv2 - atom - 10-15-2013 any updates on this? RE: RIPv2 - magnum - 10-18-2013 Looks like it's same as OSPF (and BGP if memory serves me) and they are like this: salt is the whole binary packet (in OSPF case minimum 44 bytes and maximum a lot more) and password is either truncated or null-padded to exactly 16 characters. Then just md5(s.p). It will normally be at least two rounds of MD5 due to salt length. RE: RIPv2 - atom - 10-22-2013 Thanks magnum! In this case you can -not- use use hashcat to crack RIPv2. But it's easy to add. @digininja: can you provide example hash and plain in their "natural" form? That is extracted with the tool which is usually used to extract it so that we can write a parser for that form. RE: RIPv2 - lz62 - 04-11-2014 Hello atom, I'm interested in BGP md5 as described in RFC2385. This is based on TCP md5 option. OSPF and RIP may be a little different because these protocols are not using TCP. The BGP packet is modified and the md5 hash value is calculated: - ip pseudo header - tcp header - tcp data (may be empty) - password I can do the modification of the BGP packet either manually or by a short script. So calculating md5($salt.$pass) may provide the result. salt consists of any hex value; pass probably of printable ASCII. My question is: can I use hashcat as is to crack the BGP password or must hashcat be extended for this? (10-22-2013, 09:48 AM)atom Wrote: Thanks magnum! |