Cisco ASA hash type
#1
Hi all,

I am playing at cracking Cisco ASA passwords for fun. I have a test ASA I am using. I have successfully cracked the enable passwords and the passwords encrypted by using the ordinary password encryption:

Code:
username test password password privilege 15

Gives the output in show run as:

Code:
username test password 4VnN2pEtX1eZQP5L encrypted privilege 15

I know this hash type is the Cisco ASA ( -m 1410 in the hashcat command).

There is another type of password hashing used on an ASA, done by entering the following command:

Code:
username test password password mschap privilege 15

Which outputs in the show run as:

Code:
username test password iEb36u6PsRetBr3YMLdYbA== nt-encrypted privilege 15

I have checked the Cisco site and managed to find out that the ASA will convert the text to unicode and then hash with MD4 which made me think to use NTLM but I am getting the line length exception error. The hash is also in base64 which doesn't match the example hash type given on the Hashcat wiki.

What mode do I use in Hashcat to attempt to crack this password type?

Thanks in advance for any advice given.
#2
Un-base64 it, then crack it as an NTLM hash.
Code:
$ echo -n 'iEb36u6PsRetBr3YMLdYbA==' | base64 -d | xxd -p
8846f7eaee8fb117ad06bdd830b7586c
~
#3
Royce, thank you so much. I will give that a try tomorrow at work and post back the results. Thanks again.
#4
Hi Royce (or anyone else)

I am attempting to convert my base64 hash into a hashcat readable format and I get the following error:


Code:
c:\hashcat-4.0.1>hashcat32 echo iEb36u6PsRetBr3YMLdYbA== | base64 -d |xxd -p
'base64' is not recognized as an internal or external command,
operable program or batch file.


I am using hashcat32 on a Windows 7 PC. Does anyone have the manual page i should be looking at? Seems I need a supporting application.

Thanks again for the help so far.
#5
Anyone had any luck with certutil? I am attempting to use it to decode the base64 hash with the following command:

Code:
c:\hashcat-4.0.1>certutil -decode -f -v c:\temp\test.txt c:\temp\test-decoded.txt
Input Length = 24
Output Length = 16
CertUtil: -decode command completed successfully.

And the output file returns some strange looking characters:

Code:
ˆF÷ê­½Ø0·Xl

I haven't actually run that through hashcat, I'm just assuming it won't work as it looks so wrong Smile
#6
that's now binary. you need base64 -> binary -> hex
#7
Thanks undeath. no idea how to do that in Windows but I've nearly finished downloading Ubuntu. I'm going to attempt to dual boot my work laptop.

A lot of effort for 3 passwords that I already know Smile