Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 27 Nov 2012 13:01:30 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Cracking MongoDB hashes with JtR

Hi Dhiru,

On Mon, Nov 26, 2012 at 10:26:15AM +0530, Dhiru Kholia wrote:
> Based on https://github.com/cyberpunkych/attacking_mongodb, I have
> written a JtR format to crack both MongoDB system as well as sniffed
> network hashes.

Cool!  I attended Mikhail's talk on attacking MongoDB at ZeroNights, and
indeed I immediately thought that we ought to support cracking those
challenge/responses.

http://blog.ptsecurity.com/2012/11/attacking-mongodb.html

> ??? ../run/john -fo:mongodb -t # Atom N270 CPU
> Benchmarking: MongoDB system / network MD5 [32/32]... DONE
> Raw:	813341 c/s real, 821556 c/s virtual
> 
> I have written Ettercap plug-in to output sniffed MongoDB hashes in
> JtR compatible format (the original parser sucks, hope mine works).
> Link: https://github.com/kholia/ettercap/tree/MongoDB

Does this have to be a custom JtR format?  Can't we have the Ettercap
plugin output lines usable with a dynamic format, perhaps it'd be one of
the pre-defined dynamic formats even?  It'd work a lot faster too (due
to SSE2+ intrinsics, which I guess your code is not using).

> In addition, the following Ettercap plug-in allows fixed salt MiTM
> attacks to be carried out against MongoDB authentication protocol.
> 
> https://github.com/kholia/ettercap/tree/MongoDB-MiTM

Cool!

Thanks,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ