Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 5 Sep 2007 11:57:08 -0300 (ART)
From: Danett song <danett18@...oo.com.br>
To: john-users@...ts.openwall.com
Subject: Lotus Domino 6 and 7 multiple hash formats... Can JtR crack?

Hi all JtR users,

How are you doing?

I was looking at
(http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf)
and seen that is very strange in FireFox you can't
check this values, however in IE you can. Lollll!!!

In my server we have this values in the source code,
avaible with the name of "dspHTTPPassword", it's the
same  (The domino hash)?

Also my password format is different, it's not the 32
characters hex code, it's a 22 character not hex
encoded, check it please:

<input name="$dspHTTPPassword" type="hidden"
value="(GFmjA4YmP9C05vHn09gI)">

Is this format a new format? Not anymore based in RC4?
Can JtR Break this format (with which module and any
link or example?)? I tried Lcrack and Lotus Hash
Breaker WITHOUT sucess. :(

Any tool for this hard job? Do you know in what
algorithm it's based?

Also, do you know for what is used the PasswordDigest
field? It's a hash to authenticate against what?

<input name="$dspPasswordDigest" type="hidden"
value="F05389C37C850260F278FED23334C172">

It use a password format like the old lotus domino
hash (RC4), however I also can't breal it with lcrack
and Domino Hash Breaker. Can JtR Break this format
(with which module and any link or example?)?

And also there is other hash (insane the amount of
hashs...hehe), called "$dspNetUserName", for what it
username is used? Username in the LAN? Maybe it's
integrated with the DC? Or only to login into Lotus
Notes (note the Domino)?

<input name="$dspNetUserName" type="hidden"
value="abf7a82595cb304e92940de392aac8df">

Thank you a lot and sorry for idiot questions.

Cheers,


      Flickr agora em português. Você clica, todo mundo vê.
http://www.flickr.com.br/

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.