Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 28 Sep 2015 23:14:39 +0200
From: Michael Kramer <michael.kramer@...-konstanz.de>
To: john-dev@...ts.openwall.com
Subject: Re: Kerberoast for John

Am 28.09.2015 um 23:03 schrieb magnum:
> On 28/09/15 22:59, magnum wrote:
>> On 28/09/15 11:50, Michael Kramer wrote:
>>> I wanted to share my work with the John Community. The work is based
>>> on the Kerberoast Python script from Tim Medin and I've ported it
>>> from there to C and then into John.
>>
>> Cool, thanks!
>>
>>> I've included the fmt_plug file for John, a testfile with 3
>>> testhashes the module is able to crack, and also part of the python
>>> script from Tim Medin to parse kirbi files into the format my John
>>> module uses.
>>
>> You should include all three as test vectors. After doing so, you'll
>> find that the format fails self-tests as written. It may crack that test
>> file but it's flawed and will not always work.
>>
>>> But I've encountered a strange bug and thought maybe one of you could
>>> help me.
>>
>> There are many bugs ;-) I think you need to do the following, for a
>> starter:
>>
>> 1. Change BINARY_SIZE to 0 and replace binary with fmt_default_binary.
>> Have a look at some other format with a binary size of 0.
>> 2. Change salt to a struct holding both the salt and what you are now
>> putting in the binary (so this becomes a "salt-only" format, or a
>> non-hash as we use to call them). Then of course change SALT_SIZE to
>> sizeof that struct.
>
> On another look, perhaps you could actually just switch salt and 
> binary. That 16 byte thing you currently use as a salt seems to be 
> fine to use as a binary. Then you'd just put most of cmp_all() in 
> crypt_all() like a normal format.
>
> magnum
>
As I said this was my first try at a John module :)
Thank you for the suggestions! I'll try them out and keep in touch after 
I updated the files!

- Michael


---
Diese E-Mail wurde von Avast Antivirus-Software auf Viren gepr├╝ft.
https://www.avast.com/antivirus

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ