Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 03 Apr 2011 23:47:26 +0200
From: magnum <rawsmooth@...dband.net>
To: john-dev@...ts.openwall.com
Subject: Enhanced NETNTLM_fmt.c

Enclosed is a patch that enhances the NETNTLM format:

* Implemented hash table functions for all sizes.

* Added support for Extended Session Security. Cain can crack them, we 
could not, until now. This is the hashes that has a lot of nulls in the 
LM "response", like this:

longpassword:::c70e4fb229437ef300000000000000000000000000000000:abf7762caf2b1bbfc5cfc1f46665249f049e0af72ae5b5a9:24ca92fdab441aa4

The LM part of it is actually an eight-byte client challenge and MD5 is 
used to hash the concatenated challenges before doing the same "DESL" as 
usual. The MD5 happens in get_salt so these hashes are cracked at 
exactly the same speed as the old ones. This also means we can attack 
both formats simultanously. I made the internal format (eg. the john.pot 
format) backwards compatible. I had to modify loader.c for this, Jim's 
proposed changes are a much better way to handle it in the future.

* Moved key setup (MD4 of plaintext) from crypt_all() to set_key() where 
I believe it belongs. Only DES is left in crypt_all().

* Bumped MAX_KEYS_PER_CRYPT to 192 (from 1) and added OMP support.

* This patch will apply with or without my UTF-8 patch (and is included 
in version 8 of it, see http://openwall.info/wiki/john/patches)

The speedup in many situations (like when the challenge was forced to a 
static salt) should be tremendous. The benchmarks show some 15% speedup.

Most of this should be applied to the other NET*LM* formats too.

enjoy,
magnum


diff -urpN john-1.7.6-jumbo-12/src/loader.c john-1.7.6-jumbo-12-netntlm-enhanced/src/loader.c
--- john-1.7.6-jumbo-12/src/loader.c	2011-02-04 14:52:06.000000000 +0000
+++ john-1.7.6-jumbo-12-netntlm-enhanced/src/loader.c	2011-04-03 20:45:39.000000000 +0000
@@ -330,8 +330,16 @@ static int ldr_split_line(char **login,
 			*ciphertext = tmp;
 		}
 		else {
-			tmp = (char *) mem_alloc_tiny(9 + strlen(challenge) + 1 + strlen(netntlm) + 1, MEM_ALIGN_NONE);
-			sprintf(tmp, "$NETNTLM$%s$%s", challenge, netntlm);
+			tmp = (char *) mem_alloc_tiny(9 + strlen(challenge) * 2 + 1 + strlen(netntlm) + 1, MEM_ALIGN_NONE);
+			int i;
+			for(i=strlen(netlm)-1;i>15;i--)
+				if(netlm[i] != '0') break;
+			if(i==15)
+				netlm[16] = 0;
+			else
+				netlm[0] = 0;
+
+			sprintf(tmp, "$NETNTLM$%s%s$%s", challenge, netlm, netntlm);
 			*ciphertext = tmp;
 		}
 	}
diff -urpN john-1.7.6-jumbo-12/src/NETNTLM_fmt.c john-1.7.6-jumbo-12-netntlm-enhanced/src/NETNTLM_fmt.c
--- john-1.7.6-jumbo-12/src/NETNTLM_fmt.c	2010-06-14 22:06:40.000000000 +0000
+++ john-1.7.6-jumbo-12-netntlm-enhanced/src/NETNTLM_fmt.c	2011-04-03 20:45:39.000000000 +0000
@@ -4,6 +4,10 @@
  * Written by JoMo-Kun <jmk at foofus.net> in 2007
  * and placed in the public domain.
  *
+ * Modified for lots of better performace, support for Extended Session
+ * Security and (optionally) UTF-8 as well as optionally using OMP, by
+ * magnum 2009-2011. No rights reserved.
+ *
  * This algorithm is designed for performing brute-force cracking of the NTLM 
  * (version 1) challenge/response pairs exchanged during network-based 
  * authentication attempts [1]. The captured challenge/response pairs from these
@@ -28,15 +32,22 @@
  * [4] http://www.oxid.it/cain.html
  * [5] http://www.foofus.net/jmk/smbchallenge.html
  *
+ * This version supports Extended Session Security. This is what
+ * is used when the "LM" hash ends in 32 zeros:
+ *
+ * DOMAIN\User:::c70e4fb229437ef300000000000000000000000000000000:
+ * abf7762caf2b1bbfc5cfc1f46665249f049e0af72ae5b5a9:24ca92fdab441aa4
+ *
  */
 
-#include <stdio.h>
 #include <string.h>
 
 #include "misc.h"
 #include "common.h"
 #include "formats.h"
+#include "options.h"
 
+#include "md5.h"
 #include <openssl/des.h>
 
 #ifndef uchar
@@ -44,140 +55,250 @@
 #endif
 
 #define FORMAT_LABEL         "netntlm"
-#define FORMAT_NAME          "NTLMv1 C/R MD4 DES"
+#define FORMAT_NAME          "NTLMv1 C/R MD4 DES [ESS MD5]"
 #define ALGORITHM_NAME       "netntlm"
 #define BENCHMARK_COMMENT    ""
 #define BENCHMARK_LENGTH     0
 #define PLAINTEXT_LENGTH     54 /* ?127? */
+#define UTF8_PLAINTEXT_LEN   108
 #define BINARY_SIZE          24
 #define SALT_SIZE            8
 #define CIPHERTEXT_LENGTH    48
-#define TOTAL_LENGTH         10 + 2 * SALT_SIZE + CIPHERTEXT_LENGTH
+#define TOTAL_LENGTH         (10 + 2 * 2 * SALT_SIZE + CIPHERTEXT_LENGTH)
 #define MIN_KEYS_PER_CRYPT   1
-#define MAX_KEYS_PER_CRYPT   1
+#define MAX_KEYS_PER_CRYPT   192
 
 static struct fmt_tests tests[] = {
   {"$NETNTLM$1122334455667788$BFCCAF26128EC95F9999C9792F49434267A1D9B0EF89BFFB", "g3rg3g3rg3g3rg3"},
   {"$NETNTLM$1122334455667788$E463FAA5D868ECE20CAE622474A2F440A652D642156AF863", "M1xedC4se%^&*@...(blahblah!@...,
+  {"$NETNTLM$c75c20bff9baa71f4765f360625700b0$81f5ecd8a77fe819f7f6689a08a27ac705fc2e1bb00cecb2", "password"},
   {"$NETNTLM$1122334455667788$35B62750E1B9B3205C50D6BA351092C12A1B9B3CDC65D44A", "FooBarGerg"},
   {"$NETNTLM$1122334455667788$A4765EBFE83D345A7CB1660B8899251905164029F8086DDE", "visit www.foofus.net"},
+  {"$NETNTLM$24ca92fdab441aa4c70e4fb229437ef3$abf7762caf2b1bbfc5cfc1f46665249f049e0af72ae5b5a9", "longpassword"},
   {"$NETNTLM$1122334455667788$B2B2220790F40C88BCFF347C652F67A7C4A70D3BEBD70233", "cory21"},
   {NULL}
 };
 
-static char saved_plain[PLAINTEXT_LENGTH + 1];
-static uchar challenge[SALT_SIZE + 1];
-static uchar output[BINARY_SIZE + 1];
-
+static char saved_plain[MAX_KEYS_PER_CRYPT][UTF8_PLAINTEXT_LEN];
+static uchar challenge[SALT_SIZE];
+static uchar output[MAX_KEYS_PER_CRYPT][BINARY_SIZE + 1];
+static uchar ntlm[MAX_KEYS_PER_CRYPT][21]; // NT hash
+
+#ifdef FMT_UTF8
+#include "unicode.h"
+#else
 extern void E_md4hash(uchar *passwd, uchar *p16);
+#endif
+
 extern void setup_des_key(unsigned char key_56[], DES_key_schedule *ks);
 
+extern struct fmt_main fmt_NETNTLM;
+static void init(void)
+{
+#ifdef FMT_UTF8
+	if (options.flags & FLG_UTF8) {
+		// in utf-8, up to four bytes can compose one character
+		fmt_NETNTLM.params.plaintext_length = UTF8_PLAINTEXT_LEN;
+	}
+#endif
+}
+
 static int netntlm_valid(char *ciphertext)
 {
-  char *pos;
+	char *pos;
 
-  if (strncmp(ciphertext, "$NETNTLM$", 9)!=0) return 0;
-  if (ciphertext[25] != '$') return 0;
+	if (strncmp(ciphertext, "$NETNTLM$", 9)!=0) return 0;
+	if ((ciphertext[25] != '$') && (ciphertext[41] != '$')) return 0;
 
-  for (pos = &ciphertext[26]; atoi16[ARCH_INDEX(*pos)] != 0x7F; pos++);
-    if (!*pos && pos - ciphertext - 26 == CIPHERTEXT_LENGTH)
-      return 1;
-    else
-      return 0;
+	for (pos = &ciphertext[9]; atoi16[ARCH_INDEX(*pos)] != 0x7F; pos++);
+	if (*pos != '$') return 0;
+
+	for (pos++;atoi16[ARCH_INDEX(*pos)] != 0x7F; pos++);
+	if (!*pos && ((pos - ciphertext - 26 == CIPHERTEXT_LENGTH) ||
+	              (pos - ciphertext - 42 == CIPHERTEXT_LENGTH)))
+		return 1;
+	else
+		return 0;
 }
 
 static char *netntlm_split(char *ciphertext, int index)
 {
-  static char out[TOTAL_LENGTH + 1];
+	static char out[MAX_KEYS_PER_CRYPT][TOTAL_LENGTH + 1];
 
-  memset(out, 0, TOTAL_LENGTH + 1);
-  memcpy(&out, ciphertext, TOTAL_LENGTH);
-  strlwr(&out[8]); /* Exclude: $NETNTLM$ */
+	memcpy(&out[index], ciphertext, TOTAL_LENGTH);
+	out[index][TOTAL_LENGTH] = 0;
+	strlwr(&out[index][8]); /* Exclude: $NETNTLM$ */
 
-  return out;
+	return out[index];
 }
 
 static void *netntlm_get_binary(char *ciphertext)
 {
-  static uchar binary[BINARY_SIZE];
-  int i;
+	static uchar binary[BINARY_SIZE];
+	int i;
 
-  ciphertext+=26;
-  for (i=0; i<BINARY_SIZE; i++)
-  {
-    binary[i] = (atoi16[ARCH_INDEX(ciphertext[i*2])])<<4;
-    binary[i] |= (atoi16[ARCH_INDEX(ciphertext[i*2+1])]);
-  }
+	ciphertext = strrchr(ciphertext, '$') + 1;
+	for (i=0; i<BINARY_SIZE; i++) {
+		binary[i] = (atoi16[ARCH_INDEX(ciphertext[i*2])])<<4;
+		binary[i] |= (atoi16[ARCH_INDEX(ciphertext[i*2+1])]);
+	}
 
-  return binary;
+	return binary;
 }
 
 static void netntlm_crypt_all(int count)
 {
-  DES_key_schedule ks;
-  unsigned char ntlm[21];
-
-  memset(output, 0, 24);
-  memset(ntlm, 0, 21);
+	DES_key_schedule ks;
+	int i;
 
-  /* Generate 16-byte NTLM hash */
-  E_md4hash((unsigned char *) saved_plain, ntlm);
-  
-  /* Hash is NULL padded to 21-bytes */
-  ntlm[16] = ntlm[17] = ntlm[18] = ntlm[19] = ntlm[20] = 0;
-  
-  /* Split into three 7-byte segments for use as DES keys
-     Use each key to DES encrypt challenge 
-     Concatenate output to for 24-byte NTLM response */
-  setup_des_key(ntlm, &ks);
-  DES_ecb_encrypt((DES_cblock*)challenge, (DES_cblock*)output, &ks, DES_ENCRYPT);
-  setup_des_key(&ntlm[7], &ks);
-  DES_ecb_encrypt((DES_cblock*)challenge, (DES_cblock*)&output[8], &ks, DES_ENCRYPT);
-  setup_des_key(&ntlm[14], &ks);
-  DES_ecb_encrypt((DES_cblock*)challenge, (DES_cblock*)&output[16], &ks, DES_ENCRYPT);
+	/* Split into three 7-byte segments for use as DES keys
+	   Use each key to DES encrypt challenge 
+	   Concatenate output to for 24-byte NTLM response */
+#ifdef _OPENMP
+#pragma omp parallel for default(none) private(i, ks) shared(count, output, ntlm, challenge)
+#endif
+	for(i=0; i<count; i++) {
+		setup_des_key(ntlm[i], &ks);
+		DES_ecb_encrypt((DES_cblock*)challenge, (DES_cblock*)output[i], &ks, DES_ENCRYPT);
+		setup_des_key(&ntlm[i][7], &ks);
+		DES_ecb_encrypt((DES_cblock*)challenge, (DES_cblock*)&output[i][8], &ks, DES_ENCRYPT);
+		setup_des_key(&ntlm[i][14], &ks);
+		DES_ecb_encrypt((DES_cblock*)challenge, (DES_cblock*)&output[i][16], &ks, DES_ENCRYPT);
+	}
 }
 
 static int netntlm_cmp_all(void *binary, int count)
 {
-  return !memcmp(output, binary, BINARY_SIZE);
+	int i;
+	for(i=0; i<count; i++)
+		if (!memcmp(output[i], binary, BINARY_SIZE))
+			return 1;
+	return 0;
 }
 
 static int netntlm_cmp_one(void *binary, int index)
 {
-  return !memcmp(output, binary, BINARY_SIZE);
+	return !memcmp(output[index], binary, BINARY_SIZE);
 }
 
 static int netntlm_cmp_exact(char *source, int index)
 {
-  return !memcmp(output, netntlm_get_binary(source), BINARY_SIZE);
+	return !memcmp(output[index], netntlm_get_binary(source), BINARY_SIZE);
 }
 
 static void *netntlm_get_salt(char *ciphertext)
 {
-  static unsigned char binary_salt[SALT_SIZE];
-  int i;
-
-  ciphertext += 9;
-  for (i = 0; i < SALT_SIZE; ++i)
-    binary_salt[i] = (atoi16[ARCH_INDEX(ciphertext[i*2])] << 4) + atoi16[ARCH_INDEX(ciphertext[i*2+1])];
+	static uchar binary_salt[SALT_SIZE];
+	int i;
 
-  return (void*)binary_salt;
+	if (ciphertext[25] == '$') {
+		// Server challenge
+		ciphertext += 9;
+		for (i = 0; i < SALT_SIZE; ++i)
+			binary_salt[i] = (atoi16[ARCH_INDEX(ciphertext[i*2])] << 4) + atoi16[ARCH_INDEX(ciphertext[i*2+1])];
+	} else {
+		static uchar es_salt[2*SALT_SIZE];
+		ciphertext += 9;
+		// Extended Session Security,
+		// Concatenate Server & Client challenges
+		for (i = 0;i < 2 * SALT_SIZE; ++i)
+			es_salt[i] = (atoi16[ARCH_INDEX(ciphertext[i*2])] << 4) + atoi16[ARCH_INDEX(ciphertext[i*2+1])];
+
+		uchar k1[16];
+		MD5_CTX ctx;
+
+		// MD5 the concatenated challenges, result is our key
+		MD5_Init(&ctx);
+		MD5_Update(&ctx, es_salt, 16);
+		MD5_Final((void*)k1, &ctx);
+		memcpy(binary_salt, k1, SALT_SIZE); // but only 8 bytes of it
+	}
+	return (void*)binary_salt;
 }
 
 static void netntlm_set_salt(void *salt)
 {
-  memcpy(challenge, salt, SALT_SIZE);
+	memcpy(challenge, salt, SALT_SIZE);
 }
 
 static void netntlm_set_key(char *key, int index)
 {
-  strncpy(saved_plain, key, PLAINTEXT_LENGTH);
-  saved_plain[PLAINTEXT_LENGTH] = 0;
+	strncpy(saved_plain[index], key, sizeof(saved_plain[index]));
+	saved_plain[index][sizeof(saved_plain[index])-1] = 0;
+
+	/* Generate 16-byte NTLM hash */
+	E_md4hash((uchar *) saved_plain[index], ntlm[index]);
+
+	/* Hash is NULL padded to 21-bytes */
+	ntlm[index][16] = ntlm[index][17] = ntlm[index][18] = ntlm[index][19] = ntlm[index][20] = 0;
 }
 
 static char *netntlm_get_key(int index)
 {
-  return saved_plain;
+	return saved_plain[index];
+}
+
+static int salt_hash(void *salt)
+{
+	return (((uchar *)salt)[0] | (((uchar *)salt)[1] << 8)) & 0x3FF;
+}
+
+static int binary_hash_0(void *binary)
+{
+	return ((uchar *)binary)[0] & 0xF;
+}
+
+static int binary_hash_1(void *binary)
+{
+	return ((uchar *)binary)[0] & 0xFF;
+}
+
+static int binary_hash_2(void *binary)
+{
+	return (((uchar *)binary)[0] |
+	        ((uchar *)binary)[1] << 8) & 0xFFF;
+}
+
+static int binary_hash_3(void *binary)
+{
+	return (((uchar *)binary)[0] |
+	        ((uchar *)binary)[1] << 8) & 0xFFFF;
+}
+
+static int binary_hash_4(void *binary)
+{
+	return (((uchar *)binary)[0] |
+	        ((uchar *)binary)[1] << 8 |
+	        ((uchar *)binary)[2] << 16) & 0xFFFFF;
+}
+
+static int get_hash_0(int index)
+{
+	return output[index][0] & 0xF;
+}
+
+static int get_hash_1(int index)
+{
+	return output[index][0] & 0xFF;
+}
+
+static int get_hash_2(int index)
+{
+	return (output[index][0] |
+	        output[index][1] << 8) & 0xFFF;
+}
+
+static int get_hash_3(int index)
+{
+	return (output[index][0] |
+	        output[index][1] << 8) & 0xFFFF;
+}
+
+static int get_hash_4(int index)
+{
+	return (output[index][0] |
+	        output[index][1] << 8 |
+	        output[index][2] << 16) & 0xFFFFF;
 }
 
 struct fmt_main fmt_NETNTLM = {
@@ -192,33 +313,37 @@ struct fmt_main fmt_NETNTLM = {
     SALT_SIZE,
     MIN_KEYS_PER_CRYPT,
     MAX_KEYS_PER_CRYPT,
+#ifdef FMT_UTF8
+    FMT_CASE | FMT_8_BIT | FMT_SPLIT_UNIFIES_CASE | FMT_UNICODE | FMT_UTF8,
+#else
     FMT_CASE | FMT_8_BIT | FMT_SPLIT_UNIFIES_CASE,
+#endif
     tests
   }, {
-    fmt_default_init,
+    init,
     netntlm_valid,
     netntlm_split,
     netntlm_get_binary,
     netntlm_get_salt,
     {
-      fmt_default_binary_hash,
-      fmt_default_binary_hash,
-      fmt_default_binary_hash,
-      fmt_default_binary_hash,
-      fmt_default_binary_hash
+	    binary_hash_0,
+	    binary_hash_1,
+	    binary_hash_2,
+	    binary_hash_3,
+	    binary_hash_4
     },
-    fmt_default_salt_hash,
+    salt_hash,
     netntlm_set_salt,
     netntlm_set_key,
     netntlm_get_key,
     fmt_default_clear_keys,
     netntlm_crypt_all,
     {
-      fmt_default_get_hash,
-      fmt_default_get_hash,
-      fmt_default_get_hash,
-      fmt_default_get_hash,
-      fmt_default_get_hash
+	    get_hash_0,
+	    get_hash_1,
+	    get_hash_2,
+	    get_hash_3,
+	    get_hash_4
     },
     netntlm_cmp_all,
     netntlm_cmp_one,

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ