10-08-2015, 06:45 PM
Hey all, I'm doing a pentest engagement and got access to a Palo Alto firewall. In it, the Palo has credentials for a domain that I'm trying to gain access to in order to do Windows account validation stuff.
The appropriate lines in the config are:
wmi-account domain\username;
wmi-password -XX==XXXXXXXXXXXXXXXXXXXXXXXXXXX=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=
With the Xs being what appears to be Base64. It's got a dash and two alpha characters, double-equals, then 27 alphanumerics, an equals, and 43 more alphanumerics followed by an equal and semicolon to end the line.
That said, I'm no expert at hashcat and I've done pretty thorough Google searching and haven't found anything that clearly states what kind of hash it is or how to convert it into a usable format. Does anyone have suggestions or seen this kind of thing before?
Thanks!
The appropriate lines in the config are:
wmi-account domain\username;
wmi-password -XX==XXXXXXXXXXXXXXXXXXXXXXXXXXX=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=
With the Xs being what appears to be Base64. It's got a dash and two alpha characters, double-equals, then 27 alphanumerics, an equals, and 43 more alphanumerics followed by an equal and semicolon to end the line.
That said, I'm no expert at hashcat and I've done pretty thorough Google searching and haven't found anything that clearly states what kind of hash it is or how to convert it into a usable format. Does anyone have suggestions or seen this kind of thing before?
Thanks!