Date: Mon, 11 Jan 2016 11:57:06 -0600 From: jfoug <jfoug@...nwall.net> To: john-users@...ts.openwall.com Subject: Re: Adjusting Dynamic for Mcafee The salt is not a salt, it is a const (McCrap dum-arses). So use CONST1=\x01\x00\x0f\x00\x0d\x00\x33\x00 [List.Generic:dynamic_1501] Expression=sha1(utf16($const.$p)) (muckafee master pass) CONST1=\x01\x0f\x0d\x33 Flag=MGF_FLAT_BUFFERS Flag=MGF_INPUT_20_BYTE MaxInputLen=110 MaxInputLenX86=110 Func=DynamicFunc__clean_input Func=DynamicFunc__setmode_unicode Func=DynamicFunc__append_input1_from_CONST1 Func=DynamicFunc__append_keys Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL Test=$dynamic_1501$d4eaf666d09316f9d61b14753353a73d5fbcf048:test Test=$dynamic_1501$9dbe0d0ea16ae0a14c0c81a7c962b5a16e777259:test1 This format is simply raw-sha1 with a const added, and utf-16 encoding. On 1/9/2016 11:17 AM, Rich Rumble wrote: > I stumbled across this yesterday: > https://www.pentestpartners.com/blog/grab-the-ui-lock-password-from-mcafee-av-kill-the-service-send-in-the-malware/ > I've been trying to if there was a dynamic mode for this already but I > don't think so, and I wanted to create one. > This is the supposed algo > hash = sha1(unicode($salt . $password)) > Dynamic_1033 looks pretty close already > So I've tried making some changes, but I can't seem to crack the > example in that blog post: > > d4eaf666d09316f9d61b14753353a73d5fbcf048:01000f000d003300 > I'll keep trying, but I've probably been at it too long already. > -rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.