Simon Marechal | 12 Sep 14:23 2008
Picon

Re: HMAC-MD5 SSE2 fails under Cygwin

Solar Designer a écrit :
> On Sat, Aug 30, 2008 at 01:46:04PM +0400, SmarTeam Support wrote:
>> as to Solar's request about adding line into hmacmd5_init - the output
>> is following:
>> Benchmarking: HMAC MD5 SSE2 [hmac-md5 SSE2]... opad  <at>  0x49dce0
> 
> Well, "opad" and other nearby variables were properly aligned - however,
> my testing revealed that the problem was in fact alignment-related.
> Specifically, it appears that Cygwin does not guarantee the alignment
> for variables declared "static", such as "crypt_key" in hmacMD5_fmt.c.
> I sent a patch that works around this, as well as fixes some related
> bugs that got triggered by the workaround, to SmarTeam Support and
> Random Intentions for testing.  The patch is somewhat large, so I am not
> posting it in here.  It will be obsoleted by the next jumbo patch update
> anyway.

Just a quick question : who uses HMAC-MD5? I remember adding it because 
i started writing a PSK cracker, and I wanted to test the HMAC 
functions. But devine just wrote his own in aircrack, and I never 
bothered with this again. (BTW, the implementation in aircrack-ng is not 
so good, especially on AMD64)

Is there a single application that uses just a call to HMAC-MD5? I never 
seen any question about its usage here. It might be a good idea to just 
dump it ...

--

-- 
To unsubscribe, e-mail
john-users-unsubscribe@... and reply
to the automated confirmation request that will be sent to you.
(Continue reading)

Solar Designer | 13 Sep 04:46 2008

Re: HMAC-MD5 SSE2 fails under Cygwin

On Fri, Sep 12, 2008 at 02:23:25PM +0200, Simon Marechal wrote:
> Just a quick question : who uses HMAC-MD5? I remember adding it because 
> i started writing a PSK cracker, and I wanted to test the HMAC 
> functions. But devine just wrote his own in aircrack, and I never 
> bothered with this again. (BTW, the implementation in aircrack-ng is not 
> so good, especially on AMD64)
> 
> Is there a single application that uses just a call to HMAC-MD5?

Good question.  Let's see if anyone in here has anything to say on it.

> I never seen any question about its usage here.

Actually, there was one, sort of:

	http://www.openwall.com/lists/john-users/2008/01/28/6

> It might be a good idea to just dump it ...

Well, I won't hurry to do that.  The jumbo patch, at this time, is meant
to be a collection of almost all contributed patches that are of any use
at all.

As to the specific issue with non-guaranteed 16-byte alignment for
"statics" under Cygwin, it affected more than just the HMAC-MD5 "format"
anyway.  It's just that this one was the first to fail (and crash the
program).  When fixed, the test would similarly crash a few seconds
later, and so on.  I ended up patching 8 *_fmt.c files in the patch that
I gave to SmarTeam Support and Random Intentions, both of whom confirmed
that the patch did make things work for them.  So I am going to include
(Continue reading)

Nahuel Grisolía | 13 Sep 20:18 2008
Picon

Lotus Domino R5 and R6 patch

Hey there, I was wondering if someone here has a patch for this great
tool to crack Lotus Domino R5 and R6 password hashes, those we can
retrieve by applying this Vulnerability:

http://www.securiteam.com/securitynews/5FP0E15GLQ.html

I've found a patch inside John's WebPage but it's using other kind of
algorithm.

Any help will be appreciated!

Thanx! Nahuel.

--

-- 
To unsubscribe, e-mail
john-users-unsubscribe@... and reply
to the automated confirmation request that will be sent to you.

Solar Designer | 16 Sep 04:56 2008

Re: jumbo patch for 1.7.3.1

Hi,

I've released revision 3 and revision 4 of the jumbo patch for 1.7.3.1
yesterday.  Revision 3 went under historical/ right away - the reason
why I released it at all was for "revision control" purposes, as well as
to have some better-tested / fallback code to recommend to those who
might report serious problems introduced with revision 4, if any.

Compared to revision 2, released back in August, revision 3 corrects two
problems reported via this mailing list:

The "duplicate guesses" bug introduced with john-1.7.3.1-all-2 and
reported by Adam Turk (the fix is exactly the same as
john-1.7.3.1-all-2-lpsfix1.diff, which I posted before).

The issue with non-guaranteed alignment for "static" variables under
Cygwin, reported/confirmed by Random Intentions and SmarTeam Support.

Revision 4 adds:

Support for HTTP Digest Access Authentication by Romain Raboin:

	http://www.openwall.com/lists/john-users/2008/08/27/2

Support for OpenLDAP SSHA password hashes, extracted out of myjohn.tgz
by bartavelle.

"Markov" cracking mode, also extracted out of myjohn.tgz by bartavelle,
which he nicely documented at:

(Continue reading)

Solar Designer | 16 Sep 05:17 2008

Re: Lotus Domino R5 and R6 patch

On Sat, Sep 13, 2008 at 03:18:51PM -0300, Nahuel Grisol?a wrote:
> Hey there, I was wondering if someone here has a patch for this great
> tool to crack Lotus Domino R5 and R6 password hashes, those we can
> retrieve by applying this Vulnerability:
> 
> http://www.securiteam.com/securitynews/5FP0E15GLQ.html
> 
> I've found a patch inside John's WebPage but it's using other kind of
> algorithm.

Can you please be more specific on this - what patch and how/why it does
not work for you?  Perhaps provide a sample password file (just a few
lines) that you try to feed to JtR.

My understanding is that the jumbo patch currently includes support for
Lotus Domino R5 hashes in lotus5_fmt.c and for some newer hashes (are
those R6?) in DOMINOSEC_fmt.c.  In fact, the sample password hash found
in the advisory on the web page above is also found as a test case in
lotus5_fmt.c - so clearly JtR with the jumbo patch would crack that one.

Alexander

--

-- 
To unsubscribe, e-mail
john-users-unsubscribe@... and reply
to the automated confirmation request that will be sent to you.

Solar Designer | 16 Sep 05:55 2008

Re: A patch for http digest and various tools

On Wed, Aug 27, 2008 at 05:06:39PM +0200, Romain Raboin wrote:
> I developped several tools related to password security, which you can
> find on this page: http://syscall.eu/romain/
> 
> While all of them are probably of interest for John users, these three
> are directly related to John :
> - HTTP Digest Access Authentication patch. A patch for john-1.7.3 that
> allow you to brute force HTTP Digest Access Authentication when you
> got a network capture of an authentication.

I've merged this one into the latest jumbo patch - thank you!  I did not
place the john-1.7.3.1-HDAA.diff.gz patch for download separately
because of a few issues I found and fixed while merging this into the
jumbo patch.  You might want to import those fixes and release an updated
patch (call it john-1.7.3.1-HDAA-2.diff.gz), which I will likely place
into the contrib/ directory on the FTP.

> - passwd_cracker: Distributed (in Ruby) password cracker using myjohn.

I've added this one to the collection:

	ftp://ftp.openwall.com/pub/projects/john/contrib/parallel/passwd_cracker/

You might want to update the documentation to reflect the fact that the
Markov generator is now merged into the jumbo patch, as well as to
provide a short summary and a link to your website (where updated
versions could be found) at the start of the README file.  I will then
update "my" copy.

> - myjohn: Corrections on Simon Marechal's patch for John The Ripper.
(Continue reading)

SmarTeam Support | 16 Sep 08:38 2008
Picon

Re[2]: jumbo patch for 1.7.3.1

Hello Solar,

some errors i get under cygwin

> Hi,

> I've released revision 3 and revision 4 of the jumbo patch for 1.7.3.1
> yesterday.

$ patch -i john-1.7.3.1-all-4.diff
patching file EPi.patch.README
patching file HDAA_README
patching file MARKOV
patching file genincstats.rb
can't find file to patch at input line 291
Perhaps you should have used the -p or --strip option?
The text leading up to this was:
--------------------------
|diff -urpN john-1.7.3.1.orig/run/john.conf john-1.7.3.1/run/john.conf
|--- john-1.7.3.1.orig/run/john.conf    2008-03-31 05:22:29 +0000
|+++ john-1.7.3.1/run/john.conf 2008-09-15 01:03:12 +0000
--------------------------
File to patch:

>> * markov-chains based password generator, and associated utilities

> Right.  This is now imported into 1.7.3.1-all-4.  I dislike the way the
> Makefile is hacked to build the extra utilities, though.

gcc -O2 -s -lm -DEXTERNAL genmkvpwd.c mkvlib.c memory.c -o ../run/genmkvpwd.exe
(Continue reading)

Simon Marechal | 16 Sep 10:10 2008
Picon

Re: jumbo patch for 1.7.3.1

Solar Designer a écrit :
> domino4_fmt.c, domino5_fmt.c, domino_md.*, and the corresponding code in
> x86.S - I'm not sure how this compares to lotus5_fmt.c and DOMINOSEC_fmt.c,
> which are in the jumbo patch.  Do these implement support for the exact
> same two things or not?  How does said support differ - in terms of both
> functionality and performance?

They implement the exact same thing. The only difference is that I have 
a x86 version of the ''scramble'' function. The domino version numbers 
are wrong for my implementation.

> tightvnc_fmt.c - unused, and it looks unfinished - is that the case?  Is
> this something to consider for inclusion (after it is made to work)?

It does not work, I can't remember when I started working in this :/ I'm 
currently not planning to add support to it as I never had to crack such 
passwords during pentests.

>> * usage of the SSE functions when they are available
> 
> Can you possibly identify those cases where you have optimized assembly
> code and the latest jumbo patch does not - and post a list in here, or
> maybe submit a patch (to be applied on top of the jumbo patch) right away?

The SSE md5 code is almost never used here. When I have some more free 
time I'll write a properly optimized version of this function, and try 
to release patches for it.

>> * a shortcut for the netlm cipher (part of the original LM hash could be 
>> bruteforced. It could be possible to crack it almost as fast as the 
(Continue reading)

Nahuel Grisolía | 17 Sep 01:25 2008
Picon

Re: Lotus Domino R5 and R6 patch

Solar Designer wrote:
> On Sat, Sep 13, 2008 at 03:18:51PM -0300, Nahuel Grisol?a wrote:
>> Hey there, I was wondering if someone here has a patch for this great
>> tool to crack Lotus Domino R5 and R6 password hashes, those we can
>> retrieve by applying this Vulnerability:
>>
>> http://www.securiteam.com/securitynews/5FP0E15GLQ.html
>>
>> I've found a patch inside John's WebPage but it's using other kind of
>> algorithm.
> 
> Can you please be more specific on this - what patch and how/why it does
> not work for you?  Perhaps provide a sample password file (just a few
> lines) that you try to feed to JtR.
> 
> My understanding is that the jumbo patch currently includes support for
> Lotus Domino R5 hashes in lotus5_fmt.c and for some newer hashes (are
> those R6?) in DOMINOSEC_fmt.c.  In fact, the sample password hash found
> in the advisory on the web page above is also found as a test case in
> lotus5_fmt.c - so clearly JtR with the jumbo patch would crack that one.
> 
> Alexander
> 

Thanx Alexander! I've already patched it and it's working greatfully!
JtR is realy fantastic. Greetings form Argentina!
Nahuel.

--

-- 
To unsubscribe, e-mail
(Continue reading)

William | 17 Sep 05:31 2008
Picon

No password hashes loaded? hashes in .lst form

Hello, I'm a complete noob with an old account on my mac I'm trying to get the PW for.  I've got the pro version of
John (1.7.2) and not quite sure what's up...

I've extracted the password hashes into a .lst file (extracted104pass.lst) and have tried the following permutations:

Macintosh:run (myaccountname)$ ./john /Users/(myaccountname)/Desktop/extracted104Pass.lst
No password hashes loaded
Macintosh:run (myaccountname)$ ./john --wordlist=/Applications/John-Pro/run/password.lst
--rules /Users/(myaccountname)/Desktop/extracted104Pass.lst
No password hashes loaded
Macintosh:run (myaccountname)$ ./john /Users/(myaccountname)/Desktop/extracted104Pass.lst
No password hashes loaded
Macintosh:run (myaccountname)$ ./john --wordlist=/Applications/John-Pro/run/password.lst
--rules /Users/(myaccountname)/Desktop/extracted104Pass.lst
No password hashes loaded
Macintosh:run (myaccountname)$ ./john --wordlist=password.lst --rules passwd
stat: passwd: No such file or directory
Macintosh:run (myaccountname)$ ./john
--wordlist=/Users/(myaccountname)/Desktop/extracted104Pass2.lst --rules /Applications/John-Pro/run/password.lst
No password hashes loaded
Macintosh:run (myaccountname)$

Question: the hash I've extracted for the account is: 
user:70801FD2FA3729F0222624B2D75E08B581476E72AC48B89V  (I've changed a couple numbers/letters,
but the count and order is the same).  Is this the correct hash/format?

Whats the correct form to enter into the bash shell to get John to crack the hash?

Thanks for any help, and I apologize if the answer is so easy that I'll be kicking myself.

(Continue reading)


Gmane