Viewing Pre-Shared Keys on a Netscreen Firewall

Posted on 2009-12-22
Last Modified: 2012-06-27
Anybody know if this is possible?  As far as I know, it's not, but I thought I'd ask, just to be sure.  (I work for an organization that does not have the pre-shared keys  - got lost somehow)
Question by:networkengineer2004
    LVL 9

    Expert Comment

    by:Lieven Embrechts
    what is stored in the config is an md5-hash, basically the result of a calculation.
    the password routine wil do the same calculation and compare the resulting hashes.
    so the actual password is not even stored.

    it is possible to use a brute-force md5 hash cracking-tool (like MDcrack) but such a tool has to try every combination until it finds the same resulting hash. depending on the length of the password this will take a very long time.

    so i think it is easier to overwrite the config file.  if you have physical access to the netscreen with a serial cable you an always login with username netscreen and password equal to the serial written on the box.

    Just for fun: the netscreen md5-hash is not a standard md5 hash, it hash extra letters woven in it: if you read it from right to left you will read the letters from 'netscreen'.
    so even if you decide to use a cracking tool you will have to change and recompile it to extract those extra 'netscreen' letters.

    LVL 18

    Expert Comment

    Agree with above. Sadly no way to get the passowrd from the config


    Author Comment

    To Lieven:

    Note:  this is not about the password, it's about the pre-shared keys on VPN connections.  I can login to the box, but I don't know the pre-shared keys for most of the VPNs and Mgmt strongly wants to avoid the embarassment of going to the remote companies and asking for the VPN pre-shared keys.  So, that's the last and only desparate option.  Off the table for now.

    So, I use a cracking tool.  Are you saying that after a while I get, say, for example, 123456netscreen as a pre-shared key once the tool is done?
    LVL 9

    Accepted Solution

    more like 1n2e3t4s5c6r7e8e9n90, the effort will be huge, not only do you need to create a modified tool, in worst case it will have to calculate for weeks/months/years trying all combinations until it finds the correct hash.

    if you use remote vpn software, you may have an .spd-file that you use to load the vpn settings on the vpn client.  you can open this .spd-file with a texteditor like notepad and search for the parameter UFQDN.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
    Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now