Fortgate Hash Trouble
#1
Hello, 

I am working on a Fortigate (Specifically FortiGate-300D v5.6.2) and testing out hash validation from the hashes pulled out of the config file. Here is the format (masked of course)

set password ENC XX2b82XXN5Keax/i0zq9Psn12v8X015siW+roACDLb3OiCMOtQ6ttPLNutxP4=

When I feed that "XX2b82XXN5Keax/i0zq9Psn12v8X015siW+roACDLb3OiCMOtQ6ttPLNutxP4=" into hashcat with -m 7000 I get a line-length exception.  Generally this means that the parsing of the hash isn't aligned with the mode (in this case 7000). I wanted to see if there was something I was missing here. Per the wiki this seems like the right format. 

Any ideas or thoughts?  I'm thinking that maybe fortigate changed the format of the encoded password or something.
Reply
#2
Your hash is quite a bit longer than the -m 7000 example hash from this page: https://hashcat.net/wiki/doku.php?id=example_hashes

I would double check that you have selected the correct algorithm and have retrieved the hash properly. It's likely that your hash is a different version/algorithm than -m 7000.
Reply