john-users - Re: ssh known

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Wed, 2 Jul 2014 11:05:48 +0200 (CEST)
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: ssh known_hosts support?

On Mon, 23 Jun 2014, Royce Williams wrote:

> The 'HashKnownHosts' ssh config option enables hashing of IPs and
> hostnames in the ~/.known_hosts file. ...
>
> What would be the best path to using john for this purpose?

Hi,

The latest "bleeding-jumbo" version (from the following repository) now
supports cracking such hashes.

https://github.com/magnumripper/JohnTheRipper

$ cat hashes
$known_hosts$|1|pgjIzNM77FYsBHLfKvvG9aWpKAA=|XbHqTCXG1JAV6fb2h2HT8MT7kGU=
$known_hosts$|1|vAQX51f9EfXY33/j3upxFIlI1ds=|q+CzSLaa1EaSsAQzP/XRM/gaFQ4=

$ ../run/john hashes --mask="192.30.252.?d?d?d"
Loaded 2 password hashes with 2 different salts (known_hosts, ...)
....
192.30.252.128   (?)
192.30.252.130   (?)

$ ../run/john --format=known_hosts --test  # i7-4750HQ CPU
Benchmarking: known_hosts, HashKnownHosts HMAC-SHA1 [SHA1 32/64]... DONE
Raw:	1836K c/s real, 1836K c/s virtual

Later on, we might be able to use an existing format (or the dynamic
format) for cracking such hashes.

Dhiru

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.