[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 5 Oct 2010 06:15:42 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: SHA1 salted syntax ???
On Sat, Oct 02, 2010 at 09:46:17PM +0200, websiteaccess@...il.com wrote:
> How crack sha1 salted ???? I have latest JTR + jumbo patch
>
> IS JTR able at least to crack SHA1 salted ?
You kept asking this question over and over, so let's just say that your
approach has worked and the answer is yes. Please find the patch
attached, to be applied on top of 1.7.6-jumbo-7. I've also uploaded it
to the wiki:
http://openwall.info/wiki/john/patches
As currently implemented, this is not as generic as JimF's "generic MD5"
code (only the simplest two kinds of salted SHA-1 hashes are supported)
and it is not very fast (uses OpenSSL's SHA-1 code). Yet it would do
the trick for most requests for salted SHA-1 hash cracking that we've
seen posted in here so far.
For example, using the hash from:
http://www.openwall.com/lists/john-users/2010/07/12/2
we can create the following password file:
michael:$SHA1p$michael$fd413c2fff221bf1f93edb25604397d31c1de182
and the password gets cracked:
$ ./john pw
Loaded 1 password hash (Generic salted SHA-1 [32/32])
house (michael)
guesses: 1 time: 0:00:00:00 100.00% (2) (ETA: Tue Oct 5 05:53:48 2010) c/s: 60550 trying: house
$ ./john --show pw
michael:house
1 password hash cracked, 0 left
> username 1350407a4d1b5c097e6493b771958f5c74b80b55
>
> The salt is NOT username
> I know the plaintext -> 160904
Well, you're missing both the salt and the algorithm. "Salted SHA-1" is
not specific enough. In this patch, I've implemented two kinds of it -
maybe one of them is what you have with that hash, or maybe not.
> May be the salt is missing, I generated a file with username + hash +
> 3 charaters salt, from :
...
> What is the syntax for JTR ????
You can generate hash encodings (including salt) that will work with the
attached patch using the following tiny Perl script:
#!/usr/bin/perl
$hash = '1350407a4d1b5c097e6493b771958f5c74b80b55';
while (<>) {
chomp;
print "\$SHA1p\$$_\$$hash\n";
print "\$SHA1s\$$_\$$hash\n";
}
You may use it like:
./john -i --stdout | head -100000 | ./guessalt.pl > pw
echo 160904 | ./john --stdin pw
I've already tried the above - it works, but has no luck cracking your
specific password. You can try going beyond 100000 different salt
strings, or you can try a different approach at generating them (not
just "-i"). Of course, it is entirely possible that your hash type is
simply not one of those supported with this patch.
...Oh, here's a better idea: these two algorithms treat the salt and the
password almost the same (the salt and the password are concatenated),
so it "does not matter" which string you treat as the salt. You can put
the following two lines into a password file for JtR:
$SHA1p$160904$1350407a4d1b5c097e6493b771958f5c74b80b55
$SHA1s$160904$1350407a4d1b5c097e6493b771958f5c74b80b55
where your known plaintext is specified as if it were the salt. Then
you simply run "john" against this file, and it will try cracking the
salt for you. :-) I've just tried this - no luck so far. Either your
algorithm is different (not one of these two) or your salt string is
more complicated than what John has tried so far, or some other info
you've provided is wrong (e.g., your known password)...
Good luck!
Alexander
diff -urpN john-1.7.6-jumbo-7/src/Makefile john-1.7.6/src/Makefile
--- john-1.7.6-jumbo-7/src/Makefile 2010-08-22 16:47:16 +0000
+++ john-1.7.6/src/Makefile 2010-10-05 01:01:51 +0000
@@ -57,6 +57,7 @@ JOHN_OBJS = \
hmacMD5_fmt.o \
IPB2_fmt.o \
rawSHA1_fmt.o \
+ sha1_gen_fmt.o \
NSLDAP_fmt.o NSLDAPS_fmt.o OPENLDAPS_fmt.o base64.o \
md4.o smbencrypt.o \
mscash_fmt.o \
diff -urpN john-1.7.6-jumbo-7/src/john.c john-1.7.6/src/john.c
--- john-1.7.6-jumbo-7/src/john.c 2010-08-22 16:04:56 +0000
+++ john-1.7.6/src/john.c 2010-10-05 01:01:35 +0000
@@ -69,6 +69,7 @@ extern struct fmt_main fmt_OPENLDAPS;
extern struct fmt_main fmt_mscash;
extern struct fmt_main fmt_rawSHA1;
extern struct fmt_main fmt_XSHA;
+extern struct fmt_main fmt_sha1_gen;
extern struct fmt_main fmt_lotus5;
extern struct fmt_main fmt_DOMINOSEC;
extern struct fmt_main fmt_NETLM;
@@ -133,6 +134,7 @@ static void john_register_all(void)
john_register_one(&fmt_DMD5);
john_register_one(&fmt_IPB2);
john_register_one(&fmt_rawSHA1);
+ john_register_one(&fmt_sha1_gen);
john_register_one(&fmt_KRB4);
john_register_one(&fmt_KRB5);
john_register_one(&fmt_NSLDAP);
diff -urpN john-1.7.6-jumbo-7/src/params.h john-1.7.6/src/params.h
--- john-1.7.6-jumbo-7/src/params.h 2010-08-22 16:05:49 +0000
+++ john-1.7.6/src/params.h 2010-10-05 01:02:13 +0000
@@ -17,7 +17,7 @@
/*
* John's version number.
*/
-#define JOHN_VERSION "1.7.6-jumbo-7"
+#define JOHN_VERSION "1.7.6-jumbo-7-sg1"
/*
* Notes to packagers of John for *BSD "ports", Linux distributions, etc.:
diff -urpN john-1.7.6-jumbo-7/src/sha1_gen_fmt.c john-1.7.6/src/sha1_gen_fmt.c
--- john-1.7.6-jumbo-7/src/sha1_gen_fmt.c 1970-01-01 00:00:00 +0000
+++ john-1.7.6/src/sha1_gen_fmt.c 2010-10-05 01:16:22 +0000
@@ -0,0 +1,252 @@
+/*
+ * This file is part of John the Ripper password cracker,
+ * Copyright (c) 2010 by Solar Designer
+ */
+
+#include <string.h>
+#include <openssl/sha.h>
+
+#include "arch.h"
+#include "params.h"
+#include "common.h"
+#include "formats.h"
+
+#define FORMAT_LABEL "sha1-gen"
+#define FORMAT_NAME "Generic salted SHA-1"
+#define ALGORITHM_NAME "32/" ARCH_BITS_STR
+
+#define BENCHMARK_COMMENT ""
+#define BENCHMARK_LENGTH 0
+
+#define PLAINTEXT_LENGTH 125
+#define CIPHERTEXT_LENGTH 40
+
+#define BINARY_SIZE 20
+#define SALT_SIZE 64 /* length + type + 62 chars */
+
+#define MIN_KEYS_PER_CRYPT 1
+#define MAX_KEYS_PER_CRYPT 1
+
+static struct fmt_tests tests[] = {
+ {"$SHA1p$salt$59b3e8d637cf97edbe2384cf59cb7453dfe30789", "password"},
+ {"$SHA1s$salt$c88e9c67041a74e0357befdff93f87dde0904214", "password"},
+ {NULL}
+};
+
+static char saved_salt[SALT_SIZE];
+static int saved_key_length;
+static char saved_key[PLAINTEXT_LENGTH + 1];
+static SHA_CTX ctx;
+static ARCH_WORD_32 crypt_out[5];
+
+static int valid(char *ciphertext)
+{
+ char *p, *q;
+
+ if (strncmp(ciphertext, "$SHA1", 5) ||
+ (ciphertext[5] != 'p' && ciphertext[5] != 's') ||
+ ciphertext[6] != '$')
+ return 0;
+
+ p = strrchr(ciphertext, '$');
+ if (!p || /* can't happen */
+ p - ciphertext < 7 || /* must not be the 1st or 2nd '$' */
+ p - ciphertext > 7 + SALT_SIZE - 2)
+ return 0;
+
+ q = ++p;
+ while (atoi16[ARCH_INDEX(*q)] != 0x7F)
+ q++;
+ return !*q && q - p == CIPHERTEXT_LENGTH;
+}
+
+static void *get_binary(char *ciphertext)
+{
+ static unsigned char out[BINARY_SIZE];
+ char *p;
+ int i;
+
+ p = strrchr(ciphertext, '$') + 1;
+ for (i = 0; i < sizeof(out); i++) {
+ out[i] =
+ (atoi16[ARCH_INDEX(*p)] << 4) |
+ atoi16[ARCH_INDEX(p[1])];
+ p += 2;
+ }
+
+ return out;
+}
+
+static void *salt(char *ciphertext)
+{
+ static unsigned char out[SALT_SIZE];
+ char *p;
+ int length;
+
+ memset(out, 0, sizeof(out));
+ p = ciphertext + 7;
+ length = strrchr(ciphertext, '$') - p;
+ out[0] = length;
+ out[1] = ciphertext[5];
+ memcpy(out + 2, p, length);
+
+ return out;
+}
+
+static int binary_hash_0(void *binary)
+{
+ return *(ARCH_WORD_32 *)binary & 0xF;
+}
+
+static int binary_hash_1(void *binary)
+{
+ return *(ARCH_WORD_32 *)binary & 0xFF;
+}
+
+static int binary_hash_2(void *binary)
+{
+ return *(ARCH_WORD_32 *)binary & 0xFFF;
+}
+
+static int binary_hash_3(void *binary)
+{
+ return *(ARCH_WORD_32 *)binary & 0xFFFF;
+}
+
+static int binary_hash_4(void *binary)
+{
+ return *(ARCH_WORD_32 *)binary & 0xFFFFF;
+}
+
+static int get_hash_0(int index)
+{
+ return crypt_out[0] & 0xF;
+}
+
+static int get_hash_1(int index)
+{
+ return crypt_out[0] & 0xFF;
+}
+
+static int get_hash_2(int index)
+{
+ return crypt_out[0] & 0xFFF;
+}
+
+static int get_hash_3(int index)
+{
+ return crypt_out[0] & 0xFFFF;
+}
+
+static int get_hash_4(int index)
+{
+ return crypt_out[0] & 0xFFFFF;
+}
+
+static int salt_hash(void *salt)
+{
+ unsigned int hash = 0;
+ char *p = (char *)salt;
+
+ while (*p) {
+ hash <<= 1;
+ hash += (unsigned char)*p++;
+ if (hash >> 10) {
+ hash ^= hash >> 10;
+ hash &= 0x3FF;
+ }
+ }
+
+ hash ^= hash >> 10;
+ hash &= 0x3FF;
+
+ return hash;
+}
+
+static void set_salt(void *salt)
+{
+ memcpy(saved_salt, salt, *(unsigned char *)salt + 2);
+}
+
+static void set_key(char *key, int index)
+{
+ saved_key_length = strlen(key);
+ if (saved_key_length > PLAINTEXT_LENGTH)
+ saved_key_length = PLAINTEXT_LENGTH;
+ memcpy(saved_key, key, saved_key_length);
+}
+
+static char *get_key(int index)
+{
+ saved_key[saved_key_length] = 0;
+ return saved_key;
+}
+
+static void crypt_all(int count)
+{
+ SHA1_Init(&ctx);
+ if (saved_salt[1] == 'p') {
+ SHA1_Update(&ctx, &saved_salt[2], (unsigned char)saved_salt[0]);
+ SHA1_Update(&ctx, saved_key, saved_key_length);
+ } else {
+ SHA1_Update(&ctx, saved_key, saved_key_length);
+ SHA1_Update(&ctx, &saved_salt[2], (unsigned char)saved_salt[0]);
+ }
+ SHA1_Final((unsigned char *)crypt_out, &ctx);
+}
+
+static int cmp_all(void *binary, int count)
+{
+ return !memcmp(binary, crypt_out, BINARY_SIZE);
+}
+
+static int cmp_exact(char *source, int index)
+{
+ return 1;
+}
+
+struct fmt_main fmt_sha1_gen = {
+ {
+ FORMAT_LABEL,
+ FORMAT_NAME,
+ ALGORITHM_NAME,
+ BENCHMARK_COMMENT,
+ BENCHMARK_LENGTH,
+ PLAINTEXT_LENGTH,
+ BINARY_SIZE,
+ SALT_SIZE,
+ MIN_KEYS_PER_CRYPT,
+ MAX_KEYS_PER_CRYPT,
+ FMT_CASE | FMT_8_BIT,
+ tests
+ }, {
+ fmt_default_init,
+ valid,
+ fmt_default_split,
+ get_binary,
+ salt,
+ {
+ binary_hash_0,
+ binary_hash_1,
+ binary_hash_2,
+ binary_hash_3,
+ binary_hash_4
+ },
+ salt_hash,
+ set_salt,
+ set_key,
+ get_key,
+ fmt_default_clear_keys,
+ crypt_all,
+ {
+ get_hash_0,
+ get_hash_1,
+ get_hash_2,
+ get_hash_3,
+ get_hash_4
+ },
+ cmp_all,
+ cmp_all,
+ cmp_exact
+ }
+};
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ
