OSPF - Authentification

Challenge link : https://www.root-me.org/fr/Challenges/Reseau/OPSF-Authentification

1. Download the file

2. Extract MD5 with Ettercap

   ettercap -Tqr ospf_authentication_hash.pcapng > raw_hashes
   

3. Copy past the hashes in file

   cat raw_hashes
   
   OSPF-224.0.0.5-0:$netmd5$0201003002020202000000000000000200000a103c7ec8a4fffffffc000a1201000000280c0000020c00000103030303$debe4e93b093ade8a8bc34302c192ced
   OSPF-224.0.0.5-0:$netmd5$0201003003030303000000000000000200000a103c7ec8a7fffffffc000a1201000000280c0000020c00000102020202$5445df30fe3d20bf23ecf26c2e531387
   OSPF-224.0.0.5-0:$netmd5$0201003002020202000000000000000200000a103c7ec8aefffffffc000a1201000000280c0000020c00000103030303$ed964b2ac353eb6b5431d3251a1d2074
   OSPF-224.0.0.5-0:$netmd5$0201003003030303000000000000000200000a103c7ec8b0fffffffc000a1201000000280c0000020c00000102020202$91276c153696d2929edaefc7c2131859
   OSPF-224.0.0.5-0:$netmd5$0201003002020202000000000000000200000a103c7ec8b7fffffffc000a1201000000280c0000020c00000103030303$c0575e191ba012bd9cd7de3c6bda49c6
   OSPF-224.0.0.5-0:$netmd5$0201003003030303000000000000000200000a103c7ec8b9fffffffc000a1201000000280c0000020c00000102020202$0844d60b1f97b377afdf26901c0eee8e
   OSPF-224.0.0.5-0:$netmd5$0201003002020202000000000000000200000a103c7ec8c1fffffffc000a1201000000280c0000020c00000103030303$e3ff7611705e1e39017d19084efbca1f
   OSPF-224.0.0.5-0:$netmd5$0201003003030303000000000000000200000a103c7ec8c2fffffffc000a1201000000280c0000020c00000102020202$f1c9059ed03e82547bf45b9755223ac1
   OSPF-224.0.0.5-0:$netmd5$0201003002020202000000000000000200000a103c7ec8cafffffffc000a1201000000280c0000020c00000103030303$bde76e1f3eddfe8c7d4f8a32c12300da
   OSPF-224.0.0.5-0:$netmd5$0201003003030303000000000000000200000a103c7ec8ccfffffffc000a1201000000280c0000020c00000102020202$2c5764c41f15333ad5e6509a0623aeef
   OSPF-224.0.0.5-0:$netmd5$0201003002020202000000000000000200000a103c7ec8d4fffffffc000a1201000000280c0000020c00000103030303$c0a4b500effed0bd3d537db6c3295a2f
   OSPF-224.0.0.5-0:$netmd5$0201003003030303000000000000000200000a103c7ec8d5fffffffc000a1201000000280c0000020c00000102020202$59e5abdc9e68404d9cf6bab427d420a4
   OSPF-224.0.0.5-0:$netmd5$0201003002020202000000000000000200000a103c7ec8ddfffffffc000a1201000000280c0000020c00000103030303$08cbaa952e00d202a796f8fa76a2982b
   OSPF-224.0.0.5-0:$netmd5$0201003003030303000000000000000200000a103c7ec8defffffffc000a1201000000280c0000020c00000102020202$ca39bac632801c8857650e8a28a35515 
   

4. Process the file for only have the Net-MD5

   cat raw-hashes.txt | cut -d ":" -f 2 >> net-md5-hashes.txt
   
   $netmd5$0201003002020202000000000000000200000a103c7ec8a4fffffffc000a1201000000280c0000020c00000103030303$debe4e93b093ade8a8bc34302c192ced
   $netmd5$0201003003030303000000000000000200000a103c7ec8a7fffffffc000a1201000000280c0000020c00000102020202$5445df30fe3d20bf23ecf26c2e531387
   $netmd5$0201003002020202000000000000000200000a103c7ec8aefffffffc000a1201000000280c0000020c00000103030303$ed964b2ac353eb6b5431d3251a1d2074
   $netmd5$0201003003030303000000000000000200000a103c7ec8b0fffffffc000a1201000000280c0000020c00000102020202$91276c153696d2929edaefc7c2131859
   $netmd5$0201003002020202000000000000000200000a103c7ec8b7fffffffc000a1201000000280c0000020c00000103030303$c0575e191ba012bd9cd7de3c6bda49c6
   $netmd5$0201003003030303000000000000000200000a103c7ec8b9fffffffc000a1201000000280c0000020c00000102020202$0844d60b1f97b377afdf26901c0eee8e
   $netmd5$0201003002020202000000000000000200000a103c7ec8c1fffffffc000a1201000000280c0000020c00000103030303$e3ff7611705e1e39017d19084efbca1f
   $netmd5$0201003003030303000000000000000200000a103c7ec8c2fffffffc000a1201000000280c0000020c00000102020202$f1c9059ed03e82547bf45b9755223ac1
   $netmd5$0201003002020202000000000000000200000a103c7ec8cafffffffc000a1201000000280c0000020c00000103030303$bde76e1f3eddfe8c7d4f8a32c12300da
   $netmd5$0201003003030303000000000000000200000a103c7ec8ccfffffffc000a1201000000280c0000020c00000102020202$2c5764c41f15333ad5e6509a0623aeef
   $netmd5$0201003002020202000000000000000200000a103c7ec8d4fffffffc000a1201000000280c0000020c00000103030303$c0a4b500effed0bd3d537db6c3295a2f
   $netmd5$0201003003030303000000000000000200000a103c7ec8d5fffffffc000a1201000000280c0000020c00000102020202$59e5abdc9e68404d9cf6bab427d420a4
   $netmd5$0201003002020202000000000000000200000a103c7ec8ddfffffffc000a1201000000280c0000020c00000103030303$08cbaa952e00d202a796f8fa76a2982b
   $netmd5$0201003003030303000000000000000200000a103c7ec8defffffffc000a1201000000280c0000020c00000102020202$ca39bac632801c8857650e8a28a35515
   

5. Crack the OSPF key with john

   john net-md5-hashes.txt --wordlist=/usr/share/wordlists/rockyou.txt
   
   Using default input encoding: UTF-8
   Loaded 14 password hashes with 14 different salts (net-md5, "Keyed MD5" RIPv2, OSPF, BGP, SNMPv2 [MD5 32/64 or dynamic_39])
   Will run 4 OpenMP threads
   Press 'q' or Ctrl-C to abort, almost any other key for status
   #10pokemonmaster (?)     
   #10pokemonmaster (?)     
   #10pokemonmaster (?)     
   #10pokemonmaster (?)     
   #10pokemonmaster (?)     
   #10pokemonmaster (?)     
   #10pokemonmaster (?)     
   #10pokemonmaster (?)     
   #10pokemonmaster (?)     
   #10pokemonmaster (?)     
   #10pokemonmaster (?)     
   #10pokemonmaster (?)     
   #10pokemonmaster (?)     
   #10pokemonmaster (?)     
   14g 0:00:00:13 DONE (2023-08-21 09:37) 1.040g/s 1056Kp/s 14793Kc/s 14793KC/s #18#16torito..!lstpa88!
   Use the "--show --format=net-md5" options to display all of the cracked passwords reliably
   Session completed. 
   

6. Get the flag ! #10pokemonmaster

Source : https://github.com/wearecaster/OSPFMD5Crack