Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 04 May 2012 01:00:20 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Cracking Thunderbirds password database. [was: john-users]

On 04/04/2012 06:59 AM, Dhiru Kholia wrote:
> JtR is now able to crack "master" passwords (it requires only key3.db
> file to do so).
> 
> 1. Use latest code from https://github.com/magnumripper/magnum-jumbo.
> Install NSS library, un-comment HAVE_NSS line in src/Makefile and
> build JtR.
> 2. Run mozilla2john on Thunderbird's key3.db file.
> (../run/mozilla2john ~/.thunderbird/$profile$.default/key3.db)
> 3. Run john on output of mozilla2john.

Dhiru,

I think the above instructions (maybe also with specific references of
eg. RPM and deb package names (the latter is "libnss3" and I think
"pkg-config" is needed too)) shold be added to some file in doc/

I recall some earlier format of yours also needed "special" libraries,
this too should be documented somewhere if it's not already.

And finally, the pkg-config stuff in CFLAGS et al still outputs a wad of
warnings when building without having nss. Maybe you forgot to fix it
because you don't see them :)  ...and worse, what happens if a user do
not even have pkg-config? This must be fixed before next Jumbo.

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ