Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 14 Apr 2010 12:41:33 -0500
From: jmk <jmk@...fus.net>
To: john-users@...ts.openwall.com
Subject: Re: NTLMv2 Challenge/Response Cracking

On Tue, 2010-02-16 at 13:53 +0300, Solar Designer wrote:
> Maybe we should include more of your stuff into the jumbo patch -
> perhaps create a subdirectory under doc/ and place your patches to other
> tools in there, with a text file explaining their use along with JtR.
> What do you think?  If you agree, then can you please prepare a "patch"
> like this (to be applied on top of 1.7.4.2-jumbo-3)?
> 
> My concern is that right now your "formats" integrated into the jumbo
> patch are of little use on their own (or am I wrong?)  One has to obtain
> other stuff from your website and figure out how to use it along with
> jumbo-patched JtR.

I apologize for taking so long to respond to this.

I believe that the included formats (i.e. NetLM, NetNTLM, NetLMv2,
NetNTLMv2) are useful without any of my other scripts/patches. These
challenge/response pairs can be extracted from a variety of places
(Ettercap, CAIN, MetaSploit, Wireshark, etc.). They also relate to a
number of different protocols (SMB authentication, MSCHAP in
LEAP/EAP-PEAP/PPTP, etc.). That said, their use will probably be limited
to a small number of very focused penetration testers.

I've uploaded a patch and added a link on the Wiki to hopefully improve
what's currently there of mine. The patch adds some documentation
related to the challenge/response formats, attempts to address your
concerns with the netntlm.pl script and includes a "--config" option for
John.

I've also uploaded a minor tweak for the Oracle format. I found that
"john -format:oracle -show" wasn't returning the cracked passwords. This
should correct that issue.

Please let me know if this is what you had in mind.

Thanks,
Joe  


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ