Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 16 Aug 2011 08:58:49 -0500
From: "JimF" <jfoug@....net>
To: <john-users@...ts.openwall.com>
Subject: Re: Vbulletin hashes with more than 3 chars salt

Those will not work in a SSE2 build of john.  You can not build a string 
longer than 55 bytes in a single MD5 limb, and the above go quite a bit past 
that level.

If you want to crack these in a SSE2 build of john, add this to your 
john.conf.  This will add the flag MGF_NOTSSE32Safe.  It will force non-sse2 
processing, which should not have the length limitations (but will run 
slower).

####################################################################
# VB with long salt
####################################################################
[List.Generic:md5_gen(1100)]
Expression=md5_gen(1100) md5(md5($p).$s) [VB big salt]
# Flag needed here, is Salt.  There is no 'fixed' saltlen.
Flag=MGF_SALTED
Flag=MGF_KEYS_BASE16_IN1
Flag=MGF_NOTSSE2Safe
Flag=MGF_ColonNOTValid
# here is the optimized 'script' to perform the md5 8 times on itself.
Func=MD5GenBaseFunc__set_input_len_32
Func=MD5GenBaseFunc__append_salt
Func=MD5GenBaseFunc__crypt
Test=md5_gen(1100)3a9ae23758f05da1fe539e55a096b03b$S111XB test1

Then using -fie=" "   (john -fie=" " vb.in)

make this file.

1 
md5_gen(1100)671347ef2477b0de65b7d3090b74271f$m;O`bs]j+tl~U4+$j+Gto=YK=*g-:d
2 
md5_gen(1100)d726d8405f5e38a6452aff9e7378b4d6$>b&y/g6WDVdb:vqD[NKY7v.+&o<6#
3 
md5_gen(1100)83d1994655d58be430bfa96b1e816284$enp)t1yev,ly=R"7\>X<;0*.5+#p$j
4 
md5_gen(1100)a75604023723df61b7288380eeb9e9c4$#1:RWakb|;8!eWMqhh@...m4[UtE_E
5 
md5_gen(1100)4967093e7eb764f8652512624cf40935$@n6)`#;AVg/!^s?w_[}*Lf?")Yl?^_
6 
md5_gen(1100)ad05d8e1ae087239b366e76834f93dd9$|:yoL3L%CM@%"bb.K(7rE~>0d(4Xy%
7 
md5_gen(1100)6e36748b726aa206c3d28b8213a45f39$Fp{~P3;3d4.\u(x0jiI)cl#Gr7uo,Z
8 
md5_gen(1100)e89d6004a9633802b1a55117aee866cc$*XK4@...vuP-x29y)1emOa:QpO*"bv

I believe this should crack your data.  However, this was put together on an 
old laptop, that is not current, and that I can not debug from, so I am not 
100% sure things are correct.  I simply took the existing md5_gen(6) and put 
it into the john.conf scripting format, and added the non-sse flag, and the 
colon-not-valid.  I 'think' it works (well it passes the self test at 
least).

NOTE, the md5_gen(6) has 2 different scripts.  The one here is NOT safe to 
use in a big endian system.

Jim.

----- Original Message ----- 
From: "firstname lastname" <psykosonik_frequenz@...oo.com>
To: <john-users@...ts.openwall.com>
Sent: Tuesday, August 16, 2011 7:01 AM
Subject: [john-users] Vbulletin hashes with more than 3 chars salt


> Hi All,
>
> I want to know if there's a possibility to crack VBulletin hashes with 
> more than 3 char salt.
>
> I can use JTR to successfully crack VB hashes with a 3 char salt.
>
> From what I know, md5_gen(6) doesn't check for the salt length while 
> cracking. However, it doesn't work with salt lengths greater than 3 
> either.
>
> Some example hashes:
>
> 671347ef2477b0de65b7d3090b74271f:m;O`bs]j+tl~U4+$j+Gto=YK=*g-:d
> d726d8405f5e38a6452aff9e7378b4d6:>b&y/g6WDVdb:vqD[NKY7v.+&o<6#
> 83d1994655d58be430bfa96b1e816284:enp)t1yev,ly=R"7\>X<;0*.5+#p$j
> a75604023723df61b7288380eeb9e9c4:#1:RWakb|;8!eWMqhh@...m4[UtE_E
> 4967093e7eb764f8652512624cf40935:@n6)`#;AVg/!^s?w_[}*Lf?")Yl?^_
> ad05d8e1ae087239b366e76834f93dd9:|:yoL3L%CM@%"bb.K(7rE~>0d(4Xy%
> 6e36748b726aa206c3d28b8213a45f39:Fp{~P3;3d4.\u(x0jiI)cl#Gr7uo,Z
> e89d6004a9633802b1a55117aee866cc:*XK4@...vuP-x29y)1emOa:QpO*"bv
>
> I have the cracked hashes' passwords. So, I put those plain texts in a 
> file and used it as a wordlist to see if JTR can crack them using 
> md5_gen(6).
>
> It didn't work!
>
> Is there a patch which has been developed for these kind of VB hashes or 
> is it being developed?
>
> Thanks.
>
> Regards,
> NeonFlash 

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.