CISCO ASA Enable Fix
#1
Can developers modify the CSICO ASA module (2410) to allow for no username/salt when running a hash.  The ASA enable password is the same format as the username/password hash, but has no username. If a hash is attempted without the salt hashcat throws some length error and won't allow a NULL value for the username portion.

Example:

hashcat64.bin -m2410 -a3 XXXXXXXXXXXXXXXX:

*note after the colon is blank since the enable password has no username and therefore no salt (salt is based on username)

Result:

Hash 'XXXXXXXXXXXXXXXX:': Token length exception

Thanks for any insight/fixes
Reply
#2
-m 2400 = Cisco-PIX MD5
Reply
#3
(07-18-2019, 06:56 AM)philsmd Wrote: -m 2400 = Cisco-PIX MD5

Correct, but has the same error.
Reply
#4
can you run the example hash from https://hashcat.net/wiki/example_hashes correctly?

there is no ending : (colon) after the hash for this hash type (-m 2400)
Reply
#5
(07-19-2019, 02:58 AM)philsmd Wrote: can you run the example hash from https://hashcat.net/wiki/example_hashes correctly?

there is no ending : (colon) after the hash for this hash type (-m 2400)

Thanks for pointing me to that, and for the most part this seems like a decent workaround for the ASA not accepting NULL usernames; however, this method is limited to a 16 character enable password.  For the most part it will be fine, but the ASA option should really allow for a blank username to remedy this.

Thanks again for pointing this out, and it should work for enable passwords up to 16 characters.
Reply
#6
(07-19-2019, 01:08 PM)Gmoney Wrote:
(07-19-2019, 02:58 AM)philsmd Wrote: can you run the example hash from https://hashcat.net/wiki/example_hashes correctly?

there is no ending : (colon) after the hash for this hash type (-m 2400)

Thanks for pointing me to that, and for the most part this seems like a decent workaround for the ASA not accepting NULL usernames; however, this method is limited to a 16 character enable password.  For the most part it will be fine, but the ASA option should really allow for a blank username to remedy this.

Thanks again for pointing this out, and it should work for enable passwords up to 16 characters.

Actually, the more I think about it, this should work for any length password since the character limit is simply a restriction on CISCO PIXs - thanks again for directing me to that hashcat module.
Reply