Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 12 Mar 2013 23:14:13 +0100
From: buawig <buawig@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: john kerberos feature wishlist (current state)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I'd like to summarize the current state of this feature wishlist:


> this would be my feature whishlist when it comes to john's support 
> on kerberos matters (network only):
> 
> - support for kerberos etype 1 (des-cbc-crc) and/or 3 (des-cbc-md5)
> (this is the most important feature request in this list, as I
> expect this to be *a lot* faster than etype 18 or etype 23)

AFAIK these etypes are not supported (yet). I assume this has mainly two
reasons:
1) low interest/priority due to the fact that Win 7 / Win Server 2008
does not enable these etypes by default
	(I think there are more legacy systems around then one might think
[4]. If you see alot of installations I'd like to get some "stats")
2) lack of downgrade attack tools that perform downgrade attacks to
these kind of etypes (assuming Dhiru Kholia's ettercap downgrades to
etype 23)
3) lack of pcap samples due to (2)


> - Currently john uses the PA_ENC_TIMESTAMP (from the client's 
> AS-REQ) as cracking input, what if the client is not vulnerable to 
> downgrade attacks but the server is? Can we use the server
> response to start cracking too?

I assume we can't?

> - john GPU support for kerberos etype 18

john (git) has GPU (OPENCL) support for kerberos etypes 17 and 18
(format name: krb5pa-sha1-opencl) including a python script to extract
the necessary strings from pcap files (supports etypes 17, 18 and 23)

tshark -r AD-capture-2.pcapng -T pdml  > ~/data.pdml
krbpa2john.py data.pdml
cracking speed on AMD HD 7970: ~100k c/s [1]

magnum mentioned his intentions [3] to implement krb5pa-md5-opencl.


for the record, non-GPU format names:
krb5pa-md5 (etype 23)
krb5pa-sha1 (etype 17 and 18)

> - a tool to pre-compute PBKDF2 etype 18 AES keys (preferable via 
> GPU) - input: wordlist, john rules, salt, iteration count - output 
> file which contains the AES keys for the given wordlist (with
> rules applied), salt and iteration count
> 
> - john support to crack etype 18 with precomputed AES keys
> (instead of passwords) using the above pre-generated AES key list
> as input

I assume this is out of scope because john doesn't offer precomputation
like pyrit [2] for wpa-psk either.


thanks for your work!
looking forward to see krb5pa-md5-opencl and support for des-cbc-* etypes.


[1] http://www.openwall.com/lists/john-users/2012/12/08/5
[2] https://code.google.com/p/pyrit/
[3] http://www.openwall.com/lists/john-users/2012/12/10/1
[4]
https://blogs.technet.com/b/askds/archive/2010/10/19/hunting-down-des-in-order-to-securely-deploy-kerberos.aspx?Redirected=true


-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJRP6i1AAoJEJeRHQyF0ukMTasQAKIgB+4Yf7XXrUt2vnv6iaph
k7i8WKoGEsoh9CPTFU1zsHfKLTHPXgExHZBbBuaBFgpfZZ6pP211GunDb89zWqao
AgvJ7sg2CjSYiEzwbe6+6b1yXQihrv7S5RliIXxEYvky09V+3iFhbuIx3YBcGVQG
oAaBGZ/xCWjMoWQiC38Td1awWYQNeccnUC14bYgoKt0eeIl8ZMKSmz18gLR/g1yB
EG1RVz3FGn5/42TfEglk9NyrbhYbcz4quRnT3VXNic7BVAtdyoGY6Xdz/N0Xy0Ot
H/ckzU55bGUkPOPefa+81bMdFPWBFDW82wAF56mxygEPaSyogezgpxArTJ0YoQjd
NfPvQNaDOP8cqnVr2Kuq0YtT5Ca4gq2aNdQBkXCZxvaqWghkExWJ1jJs1OJsTIMf
B1FBjpMEsSpKi0WSN+izTT0Kr2xXKajwNgFB+apCnKXKCyiZk6D3QgXi/3horjvE
NH01W2wcH9EVWwKA1ems9pOV5cigtetpk+SmLNRr/82lAupQ3CcJm3zzwdvEcoBn
fZxfrpdMkpMWgiAgzLPahQ6gK5BBsibyOZdkYw4MEx+zp9usueNOBNvQETpyLbzm
HPtp9K6wPl07W3niKglfGVHEnkOSdk58RF7U2j281D29GD2MjNgutYfEH76Gun5q
YibbZPfvOmmix3687AVm
=i7rk
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.