Cisco Type 4: | |
Hex Sha256: |
Password:
LcV6aBcc/53FoCJjXQMd7rBUDEpeevrK8V5jQVoJEhU
"Cisco 4" is called by Cisco "SHA256". It is obviously in base 64 and 43 characters long. It is easy to tell (with access to the Cisco device) that it is not salted. Well it turns out that it is just base 64 encoded SHA256 with character set "./0-9A-Za-z". The hardest part was getting a valid hash. I had all this code written to test padding, iterated, duplication, truncation, and different base64 character set, but I was testing a bad hash. The nice thing about "password:LcV6aBcc/53FoCJjXQMd7rBUDEpeevrK8V5jQVoJEhU" is it has 14 duplicate characters which gives you a 1 in 2 ^ 84 collision probability. At least it wasn't the hash of "755961" which only has 1 duplicate character but it could have been the hash of "910698" which has 23. Anyway I got a hit on that which was just base 64 encoded SHA256. Then I translated what I could from the hash then face palmed because the character set wasn't random it was simply the other common character set with dot and slash "./0-9A-Za-z". Which is the first/second thing I tried with the bad hash. Generate a base 64 encoded SHA256 with a character set of "./A-Za-z0-9" (which is a common character set for base 64 with dot and slash). Notice they are not exactly the same then look at both of them for duplicate characters that match/mismatch between them.
Please contact me (steve at this domain name), if you know how Cisco handles character values higher than 255. Or if you have a hash generated from a Cisco device with characters with values higher than 255. Currently the generator above just truncates the Unicode value to the lower 8 bits.