Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 11 Jan 2016 11:57:06 -0600
From: jfoug <jfoug@...nwall.net>
To: john-users@...ts.openwall.com
Subject: Re: Adjusting Dynamic for Mcafee

The salt is not a salt, it is a const (McCrap dum-arses).

So use CONST1=\x01\x00\x0f\x00\x0d\x00\x33\x00

[List.Generic:dynamic_1501]
Expression=sha1(utf16($const.$p)) (muckafee master pass)
CONST1=\x01\x0f\x0d\x33
Flag=MGF_FLAT_BUFFERS
Flag=MGF_INPUT_20_BYTE
MaxInputLen=110
MaxInputLenX86=110
Func=DynamicFunc__clean_input
Func=DynamicFunc__setmode_unicode
Func=DynamicFunc__append_input1_from_CONST1
Func=DynamicFunc__append_keys
Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
Test=$dynamic_1501$d4eaf666d09316f9d61b14753353a73d5fbcf048:test
Test=$dynamic_1501$9dbe0d0ea16ae0a14c0c81a7c962b5a16e777259:test1

This format is simply raw-sha1 with a const added, and utf-16 encoding.

On 1/9/2016 11:17 AM, Rich Rumble wrote:
> I stumbled across this yesterday:
> https://www.pentestpartners.com/blog/grab-the-ui-lock-password-from-mcafee-av-kill-the-service-send-in-the-malware/
> I've been trying to if there was a dynamic mode for this already but I
> don't think so, and I wanted to create one.
> This is the supposed algo
> hash = sha1(unicode($salt . $password))
> Dynamic_1033 looks pretty close already
> So I've tried making some changes, but I can't seem to crack the
> example in that blog post:
>
> d4eaf666d09316f9d61b14753353a73d5fbcf048:01000f000d003300
> I'll keep trying, but I've probably been at it too long already.
> -rich

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.