Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 16 Sep 2008 07:17:01 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Lotus Domino R5 and R6 patch

On Sat, Sep 13, 2008 at 03:18:51PM -0300, Nahuel Grisol?a wrote:
> Hey there, I was wondering if someone here has a patch for this great
> tool to crack Lotus Domino R5 and R6 password hashes, those we can
> retrieve by applying this Vulnerability:
> 
> http://www.securiteam.com/securitynews/5FP0E15GLQ.html
> 
> I've found a patch inside John's WebPage but it's using other kind of
> algorithm.

Can you please be more specific on this - what patch and how/why it does
not work for you?  Perhaps provide a sample password file (just a few
lines) that you try to feed to JtR.

My understanding is that the jumbo patch currently includes support for
Lotus Domino R5 hashes in lotus5_fmt.c and for some newer hashes (are
those R6?) in DOMINOSEC_fmt.c.  In fact, the sample password hash found
in the advisory on the web page above is also found as a test case in
lotus5_fmt.c - so clearly JtR with the jumbo patch would crack that one.

Alexander

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.