Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 24 Jun 2010 22:43:18 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: john the ripper for Kerberos Ticket

Kristian -

On Thu, Jun 24, 2010 at 10:12:40PM +0400, Solar Designer wrote:
> ... I was
> not able to quickly crack "your" password, perhaps because it is not a
> weak one and/or because I did not guess the realm name correctly and/or
> because you did not provide the correct username.

It turns out there was another (sufficient) reason why I would not be
able to crack the password in this way.  The code expects the TGT to be
of exactly 228 bytes - or 456 hex chars.  The string you posted is 552
hex chars - or 276 bytes.  So we have 48 bytes or 96 hex chars extra.
It is not clear to me why this is so (I am not familiar with Kerberos).
Maybe you have something different/unsupported, or maybe the string
simply contains extra data that you need to remove.   I've tried
removing 96 chars from the beginning or from the end:

atom228-1:$krb5$atom$ITTELKOM.AC.ID$3a8bc3235c41909c28c5ef0de95c07753472ef094e6f33c113d14ee75eb60259e589fc800e695e0bae874e2471958545ee663ba1e74ea397c8b15c127df1d33972e29c7d88e2d9e253dd2a982c67c732a78603945be96061aa80e5c4d8f3fb01aa3bacf35664c94f4441b7f95108ff47592203619aa9bfb8a765f5db52d99e7ccbd3f9b98c1274858be1b67774f1cdb2e5a10322741f4dc23626d3dca408bf19acfc2e8e300b391ff9a19d852e6915163c7150c6e0b3bb2909f571561216bbe97b6160e9575e798ba7c5c4cad8d94f0d217f959446c08327881e36aa5b5ecdf86dc8627d
atom228-2:$krb5$atom$ITTELKOM.AC.ID$e3649a0c63274f2f20aff89ddc2a1e8f6cac133ef8ebc6a1e28c2ee20336ea4720b437f4e676963192b8231a109656503a8bc3235c41909c28c5ef0de95c07753472ef094e6f33c113d14ee75eb60259e589fc800e695e0bae874e2471958545ee663ba1e74ea397c8b15c127df1d33972e29c7d88e2d9e253dd2a982c67c732a78603945be96061aa80e5c4d8f3fb01aa3bacf35664c94f4441b7f95108ff47592203619aa9bfb8a765f5db52d99e7ccbd3f9b98c1274858be1b67774f1cdb2e5a10322741f4dc23626d3dca408bf19acfc2e8e300b391ff9a19d852e6915163c7150c6

Maybe one of these is right, but most likely not.  (I was still not able
to crack the password.)  You're in a better position to experiment with
this since you hopefully know the username and the realm name for sure.

I assume you're authorized to be doing this, and I assume that the TGT
you posted was for an obviously-unimportant account or/and the password
has since been changed.

I've attached a revised patch, with the encoding length check added (it
will correctly refuse to load the "atom" line from my previous message).

Alexander

View attachment "john-1.7.6-jumbo-3-krb5-2.diff" of type "text/plain" (3915 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.