Date: Thu, 24 Jun 2010 22:43:18 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: john the ripper for Kerberos Ticket Kristian - On Thu, Jun 24, 2010 at 10:12:40PM +0400, Solar Designer wrote: > ... I was > not able to quickly crack "your" password, perhaps because it is not a > weak one and/or because I did not guess the realm name correctly and/or > because you did not provide the correct username. It turns out there was another (sufficient) reason why I would not be able to crack the password in this way. The code expects the TGT to be of exactly 228 bytes - or 456 hex chars. The string you posted is 552 hex chars - or 276 bytes. So we have 48 bytes or 96 hex chars extra. It is not clear to me why this is so (I am not familiar with Kerberos). Maybe you have something different/unsupported, or maybe the string simply contains extra data that you need to remove. I've tried removing 96 chars from the beginning or from the end: atom228-1:$krb5$atom$ITTELKOM.AC.ID$3a8bc3235c41909c28c5ef0de95c07753472ef094e6f33c113d14ee75eb60259e589fc800e695e0bae874e2471958545ee663ba1e74ea397c8b15c127df1d33972e29c7d88e2d9e253dd2a982c67c732a78603945be96061aa80e5c4d8f3fb01aa3bacf35664c94f4441b7f95108ff47592203619aa9bfb8a765f5db52d99e7ccbd3f9b98c1274858be1b67774f1cdb2e5a10322741f4dc23626d3dca408bf19acfc2e8e300b391ff9a19d852e6915163c7150c6e0b3bb2909f571561216bbe97b6160e9575e798ba7c5c4cad8d94f0d217f959446c08327881e36aa5b5ecdf86dc8627d atom228-2:$krb5$atom$ITTELKOM.AC.ID$e3649a0c63274f2f20aff89ddc2a1e8f6cac133ef8ebc6a1e28c2ee20336ea4720b437f4e676963192b8231a109656503a8bc3235c41909c28c5ef0de95c07753472ef094e6f33c113d14ee75eb60259e589fc800e695e0bae874e2471958545ee663ba1e74ea397c8b15c127df1d33972e29c7d88e2d9e253dd2a982c67c732a78603945be96061aa80e5c4d8f3fb01aa3bacf35664c94f4441b7f95108ff47592203619aa9bfb8a765f5db52d99e7ccbd3f9b98c1274858be1b67774f1cdb2e5a10322741f4dc23626d3dca408bf19acfc2e8e300b391ff9a19d852e6915163c7150c6 Maybe one of these is right, but most likely not. (I was still not able to crack the password.) You're in a better position to experiment with this since you hopefully know the username and the realm name for sure. I assume you're authorized to be doing this, and I assume that the TGT you posted was for an obviously-unimportant account or/and the password has since been changed. I've attached a revised patch, with the encoding length check added (it will correctly refuse to load the "atom" line from my previous message). Alexander View attachment "john-1.7.6-jumbo-3-krb5-2.diff" of type "text/plain" (3915 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.