Date: Wed, 13 Jul 2011 19:22:24 +0200 From: Frank Dittrich <frank_dittrich@...mail.com> To: john-users@...ts.openwall.com Subject: Re: Charset options Am 13.07.2011 17:10, schrieb Maximilian Melcher: > Hi list, > is it possible to crack SAP RFC password hashes (its from rfcdes like > written here http://marc.info/?l=john-users&m=113450841312517 )? > > The format is: > > User Hash > RFC_TEST C4520A225A6A69429C6C7689B85AB01F > > and thats longer than a sapB or sapG hash. The password is abcdefgh > My first guess was that its md5 but when I start john > with RFC_TEST:C4520A225A6A69429C6C7689B85AB01F it says LM and cant crack it > with given wordlist. If I force it to md5 => no passwords loaded. > This is not a hash, but an encrypted/obfuscated password for a SAP basis release 6.x. If you repeatedly change the password for the RFC connection ("RFC" is a SAP specific abbreviation for "remote function call"), you should get different resulting hex strings for the same password. Years ago I found out how to get the clear text password for such a hex string using a Linux TestDrivre installation on my own PC. Currently, I don't have a private SAP installation. So, if an attacker gets access to the encrypted password that is stored in table RFCDES, you have to assume he knows the password. That's why, system administrators configuring RFC destinations should't reuse those passwords for other accounts. But if the user specified in the RFC connecion is a communication user and not a regular dialog user, you cannot use the known password and user name to login. Frank
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.