Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 16 Apr 2016 11:21:58 +0200
From: Davy Douhine <ddouhine@...il.com>
To: john-users@...ts.openwall.com
Subject: Add JBoss hash format

Hi there,

I'm writing here on the advice of Solar Designer to propose to add JBoss
hash format to JtR.

Hash format is:
username=HEX( MD5( username ':' realm ':' password))

Example (user/test):
root@...i:~/ts/jboss-as-7.1.1.Final/bin# ./add-user.sh
(...)
Realm (ManagementRealm) :
Username : user
(...)
root@...i:~/ts/jboss-as-7.1.1.Final/bin# last
../standalone/configuration/mgmt-users.properties
user=1c3470194afdc84b90a0781c5e4462fc

>>> import hashlib; md5sum =
hashlib.md5("user:ManagementRealm:test").hexdigest(); print md5sum
1c3470194afdc84b90a0781c5e4462fc

This format definition seems to work for JBoss AS7 and JBoss EAP6.4 (not
tested with EAP7):
[List.Generic:dynamic_1591]
Expression=md5($u:ManagementRealm:$p)
CONST1=:ManagementRealm:
Flag=MGF_USERNAME
Flag=MGF_NOTSSE2Safe
Func=DynamicFunc__clean_input
Func=DynamicFunc__append_userid
Func=DynamicFunc__append_input1_from_CONST1
Func=DynamicFunc__append_keys
Func=DynamicFunc__crypt_md5
Test=$dynamic_1591$1c3470194afdc84b90a0781c5e4462fc:test:user

root@...i:/opt/bleeding-jumbo/JohnTheRipper/run# ./john
--format=dynamic_1591 bibi
Using default input encoding: UTF-8
Loaded 1 password hash (dynamic_1591 [md5($u:ManagementRealm:$p) 32/64 x2
(MD5_body)])
Warning: no OpenMP support for this hash type, consider --fork=8
Press 'q' or Ctrl-C to abort, almost any other key for status
password         (davy)

MGF_NOTSSE2Safe has been added by Francois Pesce (@JokFP) but Solar
Designer doesn't think it is necessary.
I don't have my cracking computer at the moment so I can't test again but I
remember that it wasn't working without this option.

For those who have one, have a nice weekend !

Davy

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.