Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 30 Sep 2012 19:35:14 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-users@...ts.openwall.com, NeonFlash <psykosonik_frequenz@...oo.com>
Subject: Re: WebEdition CMS

On Sun, Sep 30, 2012 at 7:26 PM, NeonFlash
<psykosonik_frequenz@...oo.com> wrote:
> I updated the dynamic.conf file with the configuration provided however, what's the command line to run?
>
> I am using:  1.7.9-jumbo-5
>
> The test hash given is:
> $dynamic_1011$e82bf09e8a1899d4c3d00a3f380d5cdb$SXB:openwall

The correct has is
"$dynamic_1011$e82bf09e8a1899d4c3d00a3f380d5cdb$SXB". Remove
":openwall" from the hash.

> I used:
>
> john --subformat=dynamic_1011 -w:wordlist.txt webedition.txt

✗ cat ~/webedition.txt
$dynamic_1011$e82bf09e8a1899d4c3d00a3f380d5cdb$SXB

✗ ../run/john w:wordlist.txt ~/webedition.txt
Loaded 1 password hash (dynamic_1011 md5($p.md5($s)) (WebEdition CMS)
[128/128 SSE2 intrinsics 10x4x3])
openwall         (?)
guesses: 1  time: 0:00:00:00 DONE (Sun Sep 30 19:31:50 2012)  c/s: 9.5

> It does not load the hash.

Try the changes mentioned above.

> Also, in the test hash, what is 'SXB'?

It is the salt (username).

> openwall is the username which is used as the salt. Is SXB supposed to be the precomputed salt (md5(username))?
>
> I am using the configuration file provided by Jim, the one with only 1 call to md5.

For now I am using the following configuration,

####################################################################
# DYNAMIC type for WebEdition CMS md5($p.md5($s))
# > select username,passwd,UseSalt from tblUser
# username is salt
####################################################################
[List.Generic:dynamic_1011]
Expression=md5($p.md5($s)) (WebEdition CMS)
Flag=MGF_SALTED
Func=DynamicFunc__clean_input
Func=DynamicFunc__append_salt
Func=DynamicFunc__crypt_md5
Func=DynamicFunc__clean_input2
Func=DynamicFunc__append_keys2
Func=DynamicFunc__append_from_last_output_to_input2_as_base16
Func=DynamicFunc__crypt_md5_in2_to_out1
Test=$dynamic_1011$e82bf09e8a1899d4c3d00a3f380d5cdb$SXB:openwall
Test=$dynamic_1011$c0e024d9200b5705bc4804722636378a$admin:admin
Test=$dynamic_1011$14f8b3781f19a3b7ea520311482ce207$openwall:openwall

I couldn't get Jim's configuration working. Trying to debug it currently.

-- 
Cheers,
Dhiru

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.