Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 25 Jun 2010 04:55:33 +0800 (SGT)
From: kristian <>
Subject: Re: john the ripper for Kerberos Ticket

Thanks for your reply
I think the cipher text string I put in the file is different with the example in the KRB5_fmt.c file, I got it in the AS_REP packet from wireshark. They're different in length, I see
I use freeBSD operating system which installs (almost all) software by ports, so when I patched john with your patch, and installed it manually with command :
# make clean generic
It's looks like succesfully installed, but when I run "./john" I got this error message :
fopen: /usr/local/share/john/john.ini: No such file or directory

Then I installed it again via ports (after patched ofcourse),but I got this messages when I run john :
Segmentation fault: 11 (core dumped)
Just like before I posted my question to this mailing list
This error looks like a memory problem in freebsd

Kristian W Adi Nugroho
Informatics Engineering of Institut Teknologi Telkom

--- Pada Jum, 25/6/10, Solar Designer <> menulis:

Dari: Solar Designer <>
Judul: Re: [john-users] john the ripper for Kerberos Ticket
Tanggal: Jumat, 25 Juni, 2010, 1:12 AM

On Mon, Jun 21, 2010 at 10:20:36AM +0800, kristian wrote:
> atom:$krb5$e3649a0c63274f2f20aff89ddc2a1e8f6cac133ef8ebc6a1e28c2ee20336ea4720b437f4e676963192b8231a109656503a8bc3235c41909c28c5ef0de95c07753472ef094e6f33c113d14ee75eb60259e589fc800e695e0bae874e2471958545ee663ba1e74ea397c8b15c127df1d33972e29c7d88e2d9e253dd2a982c67c732a78603945be96061aa80e5c4d8f3fb01aa3bacf35664c94f4441b7f95108ff47592203619aa9bfb8a765f5db52d99e7ccbd3f9b98c1274858be1b67774f1cdb2e5a10322741f4dc23626d3dca408bf19acfc2e8e300b391ff9a19d852e6915163c7150c6e0b3bb2909f571561216bbe97b6160e9575e798ba7c5c4cad8d94f0d217f959446c08327881e36aa5b5ecdf86dc8627d:

The above is not entirely correct, but the code in KRB5_fmt.c was not
robust enough to detect that.  I've just fixed the code (for the next
revision of the jumbo patch).  Anyway, the correct syntax is:


This includes the username and the realm (just my guess for it, probably
wrong) in the ciphertext string.  Here are two other examples from the
KRB5_fmt.c file:


With these three lines placed in the same file, I get two of three
passwords cracked as follows:

$ ./john -w=w pw-krb5
Loaded 3 password hashes with 3 different salts (Kerberos v5 TGT [krb5 3DES (des3-cbc-sha1)])
p4ssW0rd         (test1)
Nask0Oskov       (test2)
guesses: 2  time: 0:00:00:00 100.00% (ETA: Thu Jun 24 21:53:59 2010)  c/s: 500  trying: Nask0Oskov

$ ./john --show pw-krb5

2 password hashes cracked, 1 left

Yes, I had these known test passwords in the "w" wordlist file.  I was
not able to quickly crack "your" password, perhaps because it is not a
weak one and/or because I did not guess the realm name correctly and/or
because you did not provide the correct username.

While testing this, I identified a memory leak in KRB5_std.c.  I'll have
it fixed in the next jumbo patch update.

I've attached a patch with my code fixes so far.

Please let the list know whether you manage to get things working for
you or not - and provide some detail either way.



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.