Information Security

sqlscan – Backtrack 5 – Information Gathering – Web Application Analysis – Web Crawlers – sqlscan

Need to query Google for vulnerable SQL servers and extract MD5 hashes? The sqlscan.py Python script is your tool then. If you are using Backtrack release 5 you will first need install Python 2.4.4 and then fix sqlscan.py by following the instructions here and here. Once you have sqlscan.py functioning without errors proceed to the example below.

Information Security

Crack Juniper Router Passwords, Juniper Password Hash Details

Recently I needed to find out information about a Juniper router password which is stored as a hash in the router configuration. The tricky part is while the password hash is technically a MD5 hash it is modified to make it unique and make it harder to crack. Luckily there is a way to crack the hash using JTR (John The Ripper) though it will require that you also have the username associated to the password as the username is used as part of the salt for the hash. Below there is first information on how to crack Juniper hashes which are the same as Netscreen hashes followed by more information about the hash itself.

Information Security

Crack Cisco IOS Password Hashes, Crack Cisco Type 5 & Type 7 Password Hashes

Cisco devices running the Cisco IOS have three types of ways to display passwords in the device configuration which include Type 0, Type 5, and Type 7. Below we describe all three methods of storing passwords in the Cisco IOS device configuration and how to obtain the password from each method either by simply reading the password, by quickly converting the password from the Cisco defined encryption algorithm, or by cracking MD5 UNIX password hashes.

Code Snippets

Perl Script To Decode Cisco Type 7 Password Hash

I spent a lot of time the other night trying to find a perl script that would decode Cisco type 7 password hashes and many of them did not work properly. At first I thought I was doing something wrong however I am pretty sure that most of the scripts were just broken. Anyhow I finally located the below script on some site and I can’t remember where I found it so I wanted to post it here mostly for reference however if someone else finds it useful then that would be great. Below is the actual script itself followed by an example of using the script.