Juniper Encrypted Password Crack 1

Service password-encryption Syntax no service password-encryption. Release Information. Command introduced before JunosE Release 7.1.0. Directs the router to encrypt passwords that are saved in the configuration file. The command should be used as a simple cipher to prevent unauthorized users from viewing passwords. These passwords are generated after the setupassist.sh script successfully executes during installation. See Generating and Encrypting Passwords for Infrastructure Components. This article explains how to retrieve these dynamic passwords at a later point in time.

KB ID 0000940

Problem

Juniper Password Decryptor is a free desktop tool to instantly decode and recover Juniper $9$ Passwords. Juniper Router allows you to configure 2 types of passwords, Juniper $1$ Password: Here MD5 hash of the password is stored. It starts with $1$ and requires brute-force technique to recover the password.
We have Juniper ex4200 series which was in factory default configuration. I configured the juniper router with our specifc vlan, IPs etc. And of course before configuring anything I set the root password (and committed) as below command: 1. Set system root-authentication encrypted-password nokia123. Set system login user admin uid 2000.

Decrypt Type 7 Cisco Passwords

The Internet is full of sites that have something like the tool below, tap your ‘encrypted’ password in and it will reveal the Cisco password.

As you can see I’ve specifically written ‘obfuscated’ above, because the password isn’t actually encrypted at all. All that happens is the Vigenere algorithm is used to obfuscate the password. While tools like the one above are all well and good, your Cisco router will do exactly the same for you, to demonstrate, paste the following into the tool above.

107D1C09560521580F16693F14082026351C1512

Hopefully you will get the password Sup3rS3cr#tP@ssword.

Your router can also convert that to clear text for you;

So whats the point of these type 7 passwords? Well the only real benefit of them is if someone is looking over your shoulder while you are looking at the config, they can’t see actual passwords in the config.

The passwords in my config are in clear text? That’s because there are three levels of password storage 0 (not encrypted), 7 (weakly encrypted), and (5 strongly encrypted). If you want to convert your config to display them as 7 you need to enter the service password-encryption command;

If Type 7 passwords are so weak, how do I use Type 5 passwords? When creating accounts use the secret command like so;

Displays in the config as;

username petelong secret 5 $1$VkQd$Vma3sR7B1LL.v5lgy1NYc/

Decrypting Type 5 Cisco Passwords

Decrypting a Type 5 Cisco password is an entirely different ball game, they are considered ‘secure’ because they are ‘salted’ (have some random text added to the password to create an MD5 hash) however that random salt is shown in the config.

Well armed with the salt and the hash, we can use exactly the same method that Cisco use to create the encrypted password, by brute force attacking the password, this might sound like a difficult piece of hacking ninja skill, but we simply use openssl on a Linux box (here I’m using CentOS 6.5), all you need is a wordlist.txt file (search the Internet).

How To View Encrypted Password

Feed openssl the salt, and a piece of the hash (see the example above), and it will run through, (grep) the wordlist until it finds a match, where it spits out the decrypted password an the original hash like so;

The decrypted password is SECRETPASSWORD

Note: The limitation here is the password has to be in the wordlist.txt file,but if you are adept at searching the Internet there are some impressive wordlist files out there, just make sure you use one that has full line breaks. Also remember, the longer the wordlist, the longer it takes.

Loadingwiki693