Watchguard Firewall appliances offer the ability to manage policies per user. Several mechanisms can be used to authenticate users (Active Directory, LDAP, Radius, ..) including a local database called “Firebox database” (Firebox-DB). Based on the XML configuration file of the appliance (which includes the Firebox-DB accounts), I recently needed to evaluate the passwords strength defined by a customer. Unfortunately, the firebox passwords appeared to be encrypted or hashed and I couldn’t find any information about the algorithm used.
Hereunder is an excerpt of the XML configuration file, showing the definition of the user “john“. The password was set to “readwrite“, a deliberately simple choice for testing purposes.
<account> <id>john</id> <password>628427e87df42adc7e75d2dd5c14b170</password> <description/> <idle-timeout>1800</idle-timeout> <session-timeout>28800</session-timeout> [...SNIP...] </account>
If you heard about the following vulnerabilities in McAfee ePolicy Orchestrator version 4.6.5 and earlier:
- CVE-2013-0140 – Pre-authenticated SQL injection
- CVE-2013-0141 – Pre-authenticated directory path traversal
and your environments haven’t been updated yet, then you should consider watching this video…
- Remote command execution on the ePo server.
- Remote command execution on the Managed stations (one ring to rule them all).
- File upload on the ePo server.
- Active Directory credentials stealing.
UPDATE: Thinks are moving well on Hashcat.net ! https://hashcat.net/trac/ticket/5
If you are familiar with ike-scan and you hold NVidia card(s), you could be interested by cracking Pre-Shared Keys with your GPU(s).
As it is my first CUDA/GPU implementation and that I have limited knowledge of cryptography, this code must not be considered as optimized. Technically, I only reused basic source codes of MD5 and SHA-1 inside a CUDA code. Don’t blame me. I was working on a pentest and I thought : “Cracking this PSK could be nice for my report, let’s do ‘man cuda’ .. ”
To give you an idea of the improvement, brute-forcing the PSK “hello1“requires about:
- 2 hours and 50 minutes with CPU (HP EliteBook 8440p – 2.5GHz Intel Core 5)
- 2 minutes and 40 seconds with GPUs (GTX480 + GTX570)
It’s not that bad for a first try, even if the occupancy rate of the cards is low.