Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 3 Sep 2014 05:42:54 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Cracking HSRP MD5 authentication "hashes"

Hi Dhiru,

On Tue, Sep 02, 2014 at 09:47:43AM +0200, Dhiru Kholia wrote:
> I have added support for cracking HSRP MD5 authentication "hashes" to
> JtR-jumbo (in the bleeding-jumbo branch), which you can get from the
> following URL,
> 
> https://github.com/magnumripper/JohnTheRipper
> 
> $ python ../run/hsrp2john.py HSRP-auth-md5-openwall.pcap > hsrp-hashes
> 
> $ ../run/john hsrp-hashes -w=wordlist
> Loaded 5 password hashes with 5 different salts (hsrp, HSRP MD5 ...)
> openwall         (?)
> ...

Cool.  Thanks!

Can't you make this a "dynamic" mode, though?  This would both avoid the
need for a new C source file, and run faster (can use SIMD right away).

I just took a look at hsrp_fmt_plug.c and I think this could probably be
expressed in terms of Jim's existing dynamic formats interface.

As you have noticed, I almost always suggest this when you add a new
format that uses only MD5 or SHA-1.  Perhaps this is the approach you
should always start with, and only fall back to writing C code when the
dynamic approach fails?

Also, hsrp2john.py is missing a public domain statement and/or a license.
Actually, the same applies to some other *.py files you contributed.
Can you please apply the license terms from lotus2john.py for the rest
of the Python scripts where you're the sole author as well?

> Sample .pcap files are available on the https://github.com/kholia/my-pcaps
> page. This repository also documents the reversing process for fun.

Nice.  Can you please also add these samples to:

http://openwall.info/wiki/john/sample-non-hashes

Twitter:

<@WEareTROOPERS> @DhiruKholia @solardiz @digininja Once you have those hashes, you may put them to proper use with #Loki http://www.insinuator.net/tag/loki/
<@solardiz> @WEareTROOPERS @DhiruKholia @digininja Also relevant: http://packetlife.net/blog/2008/oct/27/hijacking-hsrp/ http://www.gotohack.org/2011/01/scapy-hsrp-md5-auth-dissecter-to.html http://bb.secdev.org/scapy/pull-request/27/add-support-for-md5-authentication-in-hsrp/diff

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.