Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 11 Jul 2010 21:21:51 -0400
From: Charles Weir <cweir@...edu>
To: john-users@...ts.openwall.com
Subject: Re: SHA1 salted

Hey W.A.
   I ran into the same problem myself. I couldn't find a way to do it
in JtR by itself so I coded a quick awk script that prepended the salt
to the password guess and then piped the final result back into JtR
using the raw-SHA1 format. It's not pretty but it works. I wrote about
it in more detail here:
http://reusablesec.blogspot.com/2010/05/carderscc-analysis-of-password-cracking.html,
but below is the part that focuses on how to actually implement it.
Note: the guesses per second is low since I'm cracking several
thousand individually salted passwords. Also, the below examples were
made to work with Linux/Mac. I'm pretty sure Awk does not come
installed by default on Windows.

Matt Weir
-----------------------------

Let's look at the hashing algorithm again:

Sha1(lowercase_username.password_guess)

The simplest way to do this would be to create a rule in JtR that
would insert the username first. Such a rule would look like:

A0"alice"

Which would insert Alice in front of all of your password guesses.
Since we have close to two thousand usernames we are talking about
though, that could get annoying having to create a rule for each one.
This calls for the use of one of my favorite programs, Awk.

Awk, (and its sister Sed), is one of the best programs out there for
quickly parsing and modifying files. It's also very useful for
creating word mangling rules on the fly for use in a password cracking
session in conjunction with JtR's stdin option. In that way, I
sometimes use it much like MiddleChild, and in retrospect, I could
easily have written MiddleChild in awk instead. For example I can
create guesses using John the Ripper, pipe them into an awk script,
and then pipe them back into John the Ripper where the guess will
actually be hashed and compared against the target hashes. The above
JtR rule could then be replaced with:

./john -wordlist=passwords.lst -session=cracking1 -rules -stdout | awk
'{print "alice" $0}' | ./john -stdin -format=raw-sha1

The advantage of this approach is that 'alice' will be automatically
inserted in front of all the guesses/rules that the first instance of
John the Ripper is generating. But wait, don't we still have close to
two thousand usernames we have to do this for? That would be one nasty
command line. Luckily an Awk script can be run from a file with the -f
option. And how do we create that file with all 1737 usernames? Well
with Awk of course! The original format that the hashes were saved to
in the carders.cc writeup was:

username:hash:plaintext:e-mail

Simply cat that file into Awk using the following command will create
your Awk script for you.

cat carders_hashes.txt | awk -F : '{print"{print \"" tolower($1)
"\"$0}"}' > awk_add_usernames.txt

The -F tells it to use the ':' as a seperator and the tolower() option
lowercases the usernames. To run this whole thing just type:

./john -wordlist=passwords.lst -session=cracking1 -rules -stdout | awk
-f awk_add_usernames.txt | ./john -stdin -format=raw-sha1

Using this setup, now I'm getting around 2,300 guesses a second which
is much more respectable. There certainly is room for improvement
though. First of all, John compares each hashed guess against all of
the target hashes, instead of only the hash which the salt belongs
too. Also, you have to clean up the cracked hashes file afterwards to
remove the username from the plaintext password. But did I mention it
works? As Miles said in the Lost finale, "I don't believe in a lot of
things, but I do believe in duct tape!"

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.