Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 29 Mar 2014 22:36:43 +0100
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Loopback and encoding enhancements

Invasive changes to bleeding-jumbo has been committed. Some new features:
- The loopback mode can now assemble LM password halves. It's a 
nefarious hack, but it works like a champ.
- You can now specify a "hashed encoding" so you can use UTF-8 wordlists 
for cracking eg. LM hashes.
- You can even specify an "intermediate encoding" for the rules engine 
to use when both wordlists and output hashes are UTF-8. This has some 
performance penalty but might come very handy. If you use it when 
attacking a Unicode format (eg. NT) it will automatically pick the 
faster way of doing it (no extra conversion).
- You can set defaults for most everything in john.conf so you'll end up 
normally not needing to specify any encodings.


Details in doc/ENCODING. Examples (using recommended settings in 
john.conf - *not* the backward-compatible defaults as shipped):

$ file test
test: UTF-8 Unicode text

$ cat test
Müller:101:fb0c033ca6248c12aad3b435b51404ee:062de529e54e31079861ec97d666a44f:::
Kübelwagen:102:507cf8a61eb3998e0e3012ff9bfbece4:8afdd1e6003511ee39c3b10254255ef5:::

$ ../run/john test -format:lm --single
Using default input encoding: UTF-8
Target encoding: CP850
Loaded 3 password hashes with no different salts (LM [DES 128/128 AVX-16])
Press 'q' or Ctrl-C to abort, almost any other key for status
GEN              (Kübelwagen:2)
KÜBELWA          (Kübelwagen:1)
MÜLLER           (Müller)
3g 0:00:00:00 DONE (2014-03-29 01:01) 300.0g/s 12800p/s 12800c/s 
38400C/s KÜBELWA..KÜBE1WA
Warning: passwords printed above might be partial
Use the "--show" option to display all of the cracked passwords reliably
Session completed

John picked defaults of UTF-8 for input files and CP850 for LM hashes. 
This also meant that the rules engine and/or the format's internal 
upper-casing of candidates worked for the non-ASCII character. On top of 
that the output was correct for my UTF-8 terminal, despite the actual 
encoding being CP850. The results were also encoded in UTF-8 in the pot 
file, which is arguable - but it's a prerequisite for the next example:


$ ../run/john test -format:nt --loopback
Rules engine using CP850 for Unicode
Loaded 2 password hashes with no different salts (NT [MD4 128/128 X2 
SSE2-16])
Assembling cracked LM halves for loopback
Loop-back mode: Reading candidates from pot file $JOHN/john.pot
Press 'q' or Ctrl-C to abort, almost any other key for status
Kübelwagen       (Kübelwagen)
müller           (Müller)
2g 0:00:00:00 DONE (2014-03-29 01:01) 200.0g/s 3200p/s 3200c/s 6400C/s 
mÜller..müllermüller
Use the "--show" option to display all of the cracked passwords reliably
Session completed

In the second example, John picked defaults of UTF-8 for input files and 
CP850 for "intermediate" encoding (although without any extra speed 
penalty because NT can take any encoding without a second conversion). 
The loopback mode assembled the LM halves and the default loopback rule 
case-toggled the candidates to success.

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ