Date: Sat, 17 Nov 2012 20:44:27 +0100 From: buawig <buawig@...il.com> To: john-users@...ts.openwall.com Subject: Re: cracking passwords with a kerberos traffic dump / aes256-cts-hmac-sha1-96 (18) > Modifying Makefile is not necessary. Make sure you checkout > "unstable-jumbo" branch (git checkout unstable-jumbo). > > The compilation errors are strange. Can you try the attached file > (after deleting the old one)? This one compiles thanks! Unfortunately I was not able to crack a known password with it. (although your test entry with password=openwall can be cracked) I'm creating the john krb5ng input file like this: tshark -r dumpfile -T fields -e kerberos.PA_ENC_TIMESTAMP.encrypted|sed -e 's,:,,g'|grep . which gives my the 112 hex characters string. I split it into two parts (88 chars $ 24 chars) and add krb5ng + username + realm at the beginning of the line. In my setup the username entered on the UI differs from the 'real' username this can be seen in the kerberos.etype_info2.salt value which shows the actual username + realm = salt (KRB5KDC_ERR_PREAUTH_REQUIRED packet) - anyway I tried it with both versions. Could you publish a sample pcap file including the john input file based on that pcap file?
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.