Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 27 May 2019 19:01:18 +1000
From: Jason Thomas <jason.e.thomas@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: SSHA256 (32bit hash, 32bit salt)

Hi Alexander,

Theses hashes came from atmail, or more specifically atmailcloud. Through
the admin web API.

https://www.atmail.com/


Thanks.

On Sun, 26 May 2019, 23:45 Solar Designer, <solar@...nwall.com> wrote:

> Hi Jason,
>
> On Wed, May 22, 2019 at 09:34:30AM +1000, Jason Thomas wrote:
> > Can someone help me work out how to handle this format in JTR.
> >
> > I tried dynamic_62 and it did not find any hashes.
>
> You can in fact use dynamic_62 for this, but you need to re-encode the
> hashes for it, see below:
>
> > Example hash below:
> > userid:password_hash
> >
> 9430645:{SSHA256}qtLYMs6YUpOlgtjBFTlDpLZ/V0Or6nHhfEgx5h9W6JfnBP0YqBMlMN2dmp7ARN3GNDmhe2l7nNOxnSvlQN3R8w==
> >
> > Password is Abcd1234!
>
> $ cat decode_ssha256.pl
> #!/usr/bin/perl
>
> use MIME::Base64;
>
> while (<>) {
>         chomp;
>         ($user, $delim, $pass) = /^([^:]*)(:)([^:]*)$/;
>         $pass = $_ if (!defined($pass));
>         ($bin_hash, $bin_salt) = unpack('a32 a*', decode_base64($pass));
>         $new = '$dynamic_62$' . unpack('H*', $bin_hash) . '$HEX$' .
> unpack('H*', $bin_salt);
>         if (defined($user)) {
>                 print "$user:$new\n";
>         } else {
>                 print "$new\n";
>         }
> }
> $ cat pw
>
> 9430645:qtLYMs6YUpOlgtjBFTlDpLZ/V0Or6nHhfEgx5h9W6JfnBP0YqBMlMN2dmp7ARN3GNDmhe2l7nNOxnSvlQN3R8w==
> $ ./decode_ssha256.pl < pw > pwd
> $ cat pwd
>
> 9430645:$dynamic_62$aad2d832ce985293a582d8c1153943a4b67f5743abea71e17c4831e61f56e897$HEX$e704fd18a8132530dd9d9a9ec044ddc63439a17b697b9cd3b19d2be540ddd1f3
> $ cat w
> Abcd1234!
> $ ./john -w=w -form=dynamic_62 pwd
> Using default input encoding: UTF-8
> Loaded 1 password hash (dynamic_62 [sha256($p.$s) 128/128 AVX 4x])
> Warning: no OpenMP support for this hash type, consider --fork=32
> Press 'q' or Ctrl-C to abort, almost any other key for status
> Warning: Only 1 candidate left, minimum 24 needed for performance.
> Abcd1234!        (9430645)
> 1g 0:00:00:00 DONE (2019-05-26 15:37) 5.263g/s 5.263p/s 5.263c/s 5.263C/s
> Abcd1234!
> Use the "--show --format=dynamic_62" options to display all of the cracked
> passwords reliably
> Session completed
> $ ./john --show --format=dynamic_62 pwd
> 9430645:Abcd1234!
>
> 1 password hash cracked, 0 left
>
> > I think the issue is the salt is 32bit.
>
> It's actually 32 bytes, or 256-bit.
>
> What kind of system did this hash come from?  Should we add better
> support for it to JtR, so that the re-encoding would be unnecessary?
>
> I notice we have support for hashes tagged {SSHA} and {SSHA512}, but
> currently not for {SSHA256}.
>
> Alexander
>

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.