john-users - Cracking EIGRP MD5 authentication "hashes"

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Date: Tue, 9 Sep 2014 17:26:42 +0200 (CEST)
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-users@...ts.openwall.com
Subject: Cracking EIGRP MD5 authentication "hashes"

Hej!

I have added support for cracking EIGRP MD5 authentication "hashes" to
JtR-jumbo (in the bleeding-jumbo branch), which you can get from the
following URL,

https://github.com/magnumripper/JohnTheRipper

$ python ../run/eigrp2john.py 20-0.0-1409947824.pcap > eigrp-hashes

$ ../run/john eigrp-hashes -w=wordlist
Loaded 14 password hashes with 13 different salts (eigrp, EIGRP MD5...
Will run 8 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
1234567812345    (40)
password12345    (1)
password12345    (80)
password12345    (77)
password12345    (76)
password12345    (73)
password12345    (72)
password12345    (70)
...

$ OMP_NUM_THREADS=2 ../run/john --format=eigrp --test  # i7-4750HQ
Will run 2 OpenMP threads
Benchmarking: eigrp, EIGRP MD5 authentication *BROKEN* [MD5 32/64]...
Many salts:	7450K c/s real, 3725K c/s virtual
Only one salt:	6725K c/s real, 3362K c/s virtual

The "BROKEN" tag reflects the fact that this code is quite speculative,
currently.

Sample packets captures and documentation (of the reversing process) are
available on the following URL,.

http://openwall.info/wiki/john/sample-non-hashes#EIGRP-MD5-auth-packets

Dhiru

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.