• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4035
  • Last Modified:

Viewing Pre-Shared Keys on a Netscreen Firewall

Anybody know if this is possible?  As far as I know, it's not, but I thought I'd ask, just to be sure.  (I work for an organization that does not have the pre-shared keys  - got lost somehow)
  • 2
1 Solution
Lieven EmbrechtsCommented:
what is stored in the config is an md5-hash, basically the result of a calculation.
the password routine wil do the same calculation and compare the resulting hashes.
so the actual password is not even stored.

it is possible to use a brute-force md5 hash cracking-tool (like MDcrack) but such a tool has to try every combination until it finds the same resulting hash. depending on the length of the password this will take a very long time.

so i think it is easier to overwrite the config file.  if you have physical access to the netscreen with a serial cable you an always login with username netscreen and password equal to the serial written on the box.

Just for fun: the netscreen md5-hash is not a standard md5 hash, it hash extra letters woven in it: if you read it from right to left you will read the letters from 'netscreen'.
so even if you decide to use a cracking tool you will have to change and recompile it to extract those extra 'netscreen' letters.

Agree with above. Sadly no way to get the passowrd from the config

networkengineer2004Author Commented:
To Lieven:

Note:  this is not about the password, it's about the pre-shared keys on VPN connections.  I can login to the box, but I don't know the pre-shared keys for most of the VPNs and Mgmt strongly wants to avoid the embarassment of going to the remote companies and asking for the VPN pre-shared keys.  So, that's the last and only desparate option.  Off the table for now.

So, I use a cracking tool.  Are you saying that after a while I get, say, for example, 123456netscreen as a pre-shared key once the tool is done?
Lieven EmbrechtsCommented:
more like 1n2e3t4s5c6r7e8e9n90, the effort will be huge, not only do you need to create a modified tool, in worst case it will have to calculate for weeks/months/years trying all combinations until it finds the correct hash.

if you use remote vpn software, you may have an .spd-file that you use to load the vpn settings on the vpn client.  you can open this .spd-file with a texteditor like notepad and search for the parameter UFQDN.

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now