Date: Wed, 28 Jul 2010 11:18:52 -0400 From: "Robert Harris" <rs904c@...scape.net> To: <john-users@...ts.openwall.com> Subject: RE: HMAC-MD5, SMTP AUTH CRAM-MD5 John-Users, I just compiled and uploaded JtR 1.7.6 with both the jumbo 6 and the MSCHAPv2 patches for windows and linux. See http://openwall.info/wiki/john/custom-builds for further details. Enjoy -Robert Harris -----Original Message----- From: Solar Designer [mailto:solar@...nwall.com] Sent: Tuesday, July 27, 2010 4:33 PM To: john-users@...ts.openwall.com Subject: [john-users] HMAC-MD5, SMTP AUTH CRAM-MD5 Simon, all - Today I happened to use the HMAC-MD5 "format" - hmacMD5_fmt.c (in the jumbo patch) contributed by Simon - to see if a spammer had found and used a weak password (and this proved to be the case, although indeed I can't rule out the possibility that the password leaked from the user's computer rather than was cracked remotely). While doing this, I ran into and fixed a bug in hmacMD5_fmt.c. The fix is included in john-1.7.6-jumbo-6, which I've just released, and I've also attached just the fix (against 1.7.6-jumbo-5) to this message. http://www.openwall.com/john/#contrib Here's how to crack/check/audit SMTP's AUTH CRAM-MD5 exchanges with this: Capture an SMTP session with a sniffer. You need traffic in both directions. The client will send the "AUTH CRAM-MD5" command, the server will respond with a base64-encoded challenge, and the client will similarly provide a base64-encoded response. You need the challenge and the response. base64-decode the challenge and the response, e.g. using "base64 -d" (from GNU coreutils) or "openssl base64 -d". The decoded challenge will typically look like: <12345.1234567890@...ver.example.org> (where the numbers are typically a Unix process ID and a Unix timestamp). The decoded response will look like: username 01234567890123456789012345678901 The second field of it is a hex-encoded MD5 digest value (yes, it was encoded twice). Then construct a line usable by JtR: username:<12345.1234567890@...ver.example.org>#01234567890123456789012345678 901 and simply run "john" on the file (no options are needed, the "format" should be autodetected). The above line is loaded just fine by john-1.7.6-jumbo-6 for me, but indeed the password is not expected to be cracked because I did not post a real C/R pair - sorry, the one I was dealing with in practice is still valid and is otherwise security-sensitive. Maybe someone else will post a real-world example. As usual, it is possible to have multiple lines like this in the same file. This only makes sense for different target accounts (there's usually no point in attacking different C/R pairs for the same account). I hope someone will find this helpful. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.