Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 8 Feb 2012 06:31:39 -0500
From: Rich Rumble <>
Subject: Re: DES - not "traditional DES-based" - (VNC hash) with JtR

On Wed, Feb 8, 2012 at 3:15 AM, A BC <> wrote:
> Hey, thanks. But : what is the password you used ? And to be useable with
> JtR, we have to extract by hand the interesting information.
The passwords are part of the file names, case sensitive, in these cases
"openwall", "Password" and "pass1234"

> I have seen your project. It is intersting because it can read pcaps, but
> it uses JtR piped into stdin, which we discussed with Alexander, and is not
> very good.
It also uses wordlists, again not working for me in either fashion I
just thought
I'd pass it on if you hadn't seen it.

> My FakeServer is very very simple : 30 lines of Python script. And it
> prints the challenge/response.
> Ok, the protocol I use is for 3.7, but it should work with 3.3 because it
> uses the weakest authentification protocol.
Cain&Abel is able to sniff, extract and crack protocol 3.3 only, 3.7 and
3.8 do seem to be different to that program for some reason.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.