Date: Tue, 12 Mar 2013 23:14:13 +0100 From: buawig <buawig@...il.com> To: john-users@...ts.openwall.com Subject: Re: john kerberos feature wishlist (current state) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I'd like to summarize the current state of this feature wishlist: > this would be my feature whishlist when it comes to john's support > on kerberos matters (network only): > > - support for kerberos etype 1 (des-cbc-crc) and/or 3 (des-cbc-md5) > (this is the most important feature request in this list, as I > expect this to be *a lot* faster than etype 18 or etype 23) AFAIK these etypes are not supported (yet). I assume this has mainly two reasons: 1) low interest/priority due to the fact that Win 7 / Win Server 2008 does not enable these etypes by default (I think there are more legacy systems around then one might think . If you see alot of installations I'd like to get some "stats") 2) lack of downgrade attack tools that perform downgrade attacks to these kind of etypes (assuming Dhiru Kholia's ettercap downgrades to etype 23) 3) lack of pcap samples due to (2) > - Currently john uses the PA_ENC_TIMESTAMP (from the client's > AS-REQ) as cracking input, what if the client is not vulnerable to > downgrade attacks but the server is? Can we use the server > response to start cracking too? I assume we can't? > - john GPU support for kerberos etype 18 john (git) has GPU (OPENCL) support for kerberos etypes 17 and 18 (format name: krb5pa-sha1-opencl) including a python script to extract the necessary strings from pcap files (supports etypes 17, 18 and 23) tshark -r AD-capture-2.pcapng -T pdml > ~/data.pdml krbpa2john.py data.pdml cracking speed on AMD HD 7970: ~100k c/s  magnum mentioned his intentions  to implement krb5pa-md5-opencl. for the record, non-GPU format names: krb5pa-md5 (etype 23) krb5pa-sha1 (etype 17 and 18) > - a tool to pre-compute PBKDF2 etype 18 AES keys (preferable via > GPU) - input: wordlist, john rules, salt, iteration count - output > file which contains the AES keys for the given wordlist (with > rules applied), salt and iteration count > > - john support to crack etype 18 with precomputed AES keys > (instead of passwords) using the above pre-generated AES key list > as input I assume this is out of scope because john doesn't offer precomputation like pyrit  for wpa-psk either. thanks for your work! looking forward to see krb5pa-md5-opencl and support for des-cbc-* etypes.  http://www.openwall.com/lists/john-users/2012/12/08/5  https://code.google.com/p/pyrit/  http://www.openwall.com/lists/john-users/2012/12/10/1  https://blogs.technet.com/b/askds/archive/2010/10/19/hunting-down-des-in-order-to-securely-deploy-kerberos.aspx?Redirected=true -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJRP6i1AAoJEJeRHQyF0ukMTasQAKIgB+4Yf7XXrUt2vnv6iaph k7i8WKoGEsoh9CPTFU1zsHfKLTHPXgExHZBbBuaBFgpfZZ6pP211GunDb89zWqao AgvJ7sg2CjSYiEzwbe6+6b1yXQihrv7S5RliIXxEYvky09V+3iFhbuIx3YBcGVQG oAaBGZ/xCWjMoWQiC38Td1awWYQNeccnUC14bYgoKt0eeIl8ZMKSmz18gLR/g1yB EG1RVz3FGn5/42TfEglk9NyrbhYbcz4quRnT3VXNic7BVAtdyoGY6Xdz/N0Xy0Ot H/ckzU55bGUkPOPefa+81bMdFPWBFDW82wAF56mxygEPaSyogezgpxArTJ0YoQjd NfPvQNaDOP8cqnVr2Kuq0YtT5Ca4gq2aNdQBkXCZxvaqWghkExWJ1jJs1OJsTIMf B1FBjpMEsSpKi0WSN+izTT0Kr2xXKajwNgFB+apCnKXKCyiZk6D3QgXi/3horjvE NH01W2wcH9EVWwKA1ems9pOV5cigtetpk+SmLNRr/82lAupQ3CcJm3zzwdvEcoBn fZxfrpdMkpMWgiAgzLPahQ6gK5BBsibyOZdkYw4MEx+zp9usueNOBNvQETpyLbzm HPtp9K6wPl07W3niKglfGVHEnkOSdk58RF7U2j281D29GD2MjNgutYfEH76Gun5q YibbZPfvOmmix3687AVm =i7rk -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.