Date: Wed, 3 Sep 2014 05:42:54 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Cracking HSRP MD5 authentication "hashes" Hi Dhiru, On Tue, Sep 02, 2014 at 09:47:43AM +0200, Dhiru Kholia wrote: > I have added support for cracking HSRP MD5 authentication "hashes" to > JtR-jumbo (in the bleeding-jumbo branch), which you can get from the > following URL, > > https://github.com/magnumripper/JohnTheRipper > > $ python ../run/hsrp2john.py HSRP-auth-md5-openwall.pcap > hsrp-hashes > > $ ../run/john hsrp-hashes -w=wordlist > Loaded 5 password hashes with 5 different salts (hsrp, HSRP MD5 ...) > openwall (?) > ... Cool. Thanks! Can't you make this a "dynamic" mode, though? This would both avoid the need for a new C source file, and run faster (can use SIMD right away). I just took a look at hsrp_fmt_plug.c and I think this could probably be expressed in terms of Jim's existing dynamic formats interface. As you have noticed, I almost always suggest this when you add a new format that uses only MD5 or SHA-1. Perhaps this is the approach you should always start with, and only fall back to writing C code when the dynamic approach fails? Also, hsrp2john.py is missing a public domain statement and/or a license. Actually, the same applies to some other *.py files you contributed. Can you please apply the license terms from lotus2john.py for the rest of the Python scripts where you're the sole author as well? > Sample .pcap files are available on the https://github.com/kholia/my-pcaps > page. This repository also documents the reversing process for fun. Nice. Can you please also add these samples to: http://openwall.info/wiki/john/sample-non-hashes Twitter: <@WEareTROOPERS> @DhiruKholia @solardiz @digininja Once you have those hashes, you may put them to proper use with #Loki http://www.insinuator.net/tag/loki/ <@solardiz> @WEareTROOPERS @DhiruKholia @digininja Also relevant: http://packetlife.net/blog/2008/oct/27/hijacking-hsrp/ http://www.gotohack.org/2011/01/scapy-hsrp-md5-auth-dissecter-to.html http://bb.secdev.org/scapy/pull-request/27/add-support-for-md5-authentication-in-hsrp/diff Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.