Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 28 Jul 2010 11:18:52 -0400
From: "Robert Harris" <>
To: <>


I just compiled and uploaded JtR 1.7.6 with both the jumbo 6 and the
MSCHAPv2 patches for windows and linux.

See for further details.


-Robert Harris

-----Original Message-----
From: Solar Designer [] 
Sent: Tuesday, July 27, 2010 4:33 PM
Subject: [john-users] HMAC-MD5, SMTP AUTH CRAM-MD5

Simon, all -

Today I happened to use the HMAC-MD5 "format" - hmacMD5_fmt.c (in the jumbo
patch) contributed by Simon - to see if a spammer had found and used a weak
password (and this proved to be the case, although indeed I can't rule out
the possibility that the password leaked from the user's computer rather
than was cracked remotely).  While doing this, I ran into and fixed a bug in
hmacMD5_fmt.c.  The fix is included in john-1.7.6-jumbo-6, which I've just
released, and I've also attached just the fix (against 1.7.6-jumbo-5) to
this message.

Here's how to crack/check/audit SMTP's AUTH CRAM-MD5 exchanges with this:

Capture an SMTP session with a sniffer.  You need traffic in both
directions.  The client will send the "AUTH CRAM-MD5" command, the server
will respond with a base64-encoded challenge, and the client will similarly
provide a base64-encoded response.  You need the challenge and the response.

base64-decode the challenge and the response, e.g. using "base64 -d"
(from GNU coreutils) or "openssl base64 -d".  The decoded challenge will
typically look like:


(where the numbers are typically a Unix process ID and a Unix timestamp).

The decoded response will look like:

username 01234567890123456789012345678901

The second field of it is a hex-encoded MD5 digest value (yes, it was
encoded twice).

Then construct a line usable by JtR:


and simply run "john" on the file (no options are needed, the "format"
should be autodetected).

The above line is loaded just fine by john-1.7.6-jumbo-6 for me, but indeed
the password is not expected to be cracked because I did not post a real C/R
pair - sorry, the one I was dealing with in practice is still valid and is
otherwise security-sensitive.  Maybe someone else will post a real-world

As usual, it is possible to have multiple lines like this in the same file.
This only makes sense for different target accounts (there's usually no
point in attacking different C/R pairs for the same account).

I hope someone will find this helpful.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.