Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Sun, 30 Sep 2012 19:35:14 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-users@...ts.openwall.com, NeonFlash <psykosonik_frequenz@...oo.com>
Subject: Re: WebEdition CMS

On Sun, Sep 30, 2012 at 7:26 PM, NeonFlash
<psykosonik_frequenz@...oo.com> wrote:
> I updated the dynamic.conf file with the configuration provided however, what's the command line to run?
>
> I am using:  1.7.9-jumbo-5
>
> The test hash given is:
> $dynamic_1011$e82bf09e8a1899d4c3d00a3f380d5cdb$SXB:openwall

The correct has is
"$dynamic_1011$e82bf09e8a1899d4c3d00a3f380d5cdb$SXB". Remove
":openwall" from the hash.

> I used:
>
> john --subformat=dynamic_1011 -w:wordlist.txt webedition.txt

✗ cat ~/webedition.txt
$dynamic_1011$e82bf09e8a1899d4c3d00a3f380d5cdb$SXB

✗ ../run/john w:wordlist.txt ~/webedition.txt
Loaded 1 password hash (dynamic_1011 md5($p.md5($s)) (WebEdition CMS)
[128/128 SSE2 intrinsics 10x4x3])
openwall         (?)
guesses: 1  time: 0:00:00:00 DONE (Sun Sep 30 19:31:50 2012)  c/s: 9.5

> It does not load the hash.

Try the changes mentioned above.

> Also, in the test hash, what is 'SXB'?

It is the salt (username).

> openwall is the username which is used as the salt. Is SXB supposed to be the precomputed salt (md5(username))?
>
> I am using the configuration file provided by Jim, the one with only 1 call to md5.

For now I am using the following configuration,

####################################################################
# DYNAMIC type for WebEdition CMS md5($p.md5($s))
# > select username,passwd,UseSalt from tblUser
# username is salt
####################################################################
[List.Generic:dynamic_1011]
Expression=md5($p.md5($s)) (WebEdition CMS)
Flag=MGF_SALTED
Func=DynamicFunc__clean_input
Func=DynamicFunc__append_salt
Func=DynamicFunc__crypt_md5
Func=DynamicFunc__clean_input2
Func=DynamicFunc__append_keys2
Func=DynamicFunc__append_from_last_output_to_input2_as_base16
Func=DynamicFunc__crypt_md5_in2_to_out1
Test=$dynamic_1011$e82bf09e8a1899d4c3d00a3f380d5cdb$SXB:openwall
Test=$dynamic_1011$c0e024d9200b5705bc4804722636378a$admin:admin
Test=$dynamic_1011$14f8b3781f19a3b7ea520311482ce207$openwall:openwall

I couldn't get Jim's configuration working. Trying to debug it currently.

-- 
Cheers,
Dhiru

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ