Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 8 Feb 2012 15:34:15 +0100
From: A BC <>
Subject: Re: DES - not "traditional DES-based" - (VNC hash) with JtR


On Wed, Feb 8, 2012 at 12:31 PM, Rich Rumble <> wrote:

> The passwords are part of the file names, case sensitive, in these cases
> "openwall", "Password" and "pass1234"

My bad. I opened the  archive but it didn't strike me...

> Cain&Abel is able to sniff, extract and crack protocol 3.3 only, 3.7 and
> 3.8 do seem to be different to that program for some reason.
> (

My project is to crack the easiest hashes. The main difference between auth
protocol 3.3 and 3.7+ is that 3.7+ supports lots of auth method, unlike
3.3, which supports either no auth, or DES challenge/response auth. You can
force the client to use this method, even if the server runs 3.7 or 3.8.

Here is a bunch of tests :
The format in the file is : on each new line is a single test.
hexdump of the challenge, ":", password, " ", hexdump of the response,
"\t", base64 dump of the challenge, ":", password, " ", base64 dump of the


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.