Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 4 Mar 2012 23:02:30 -0800
From: Main Framed <mainframed767@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Cracking RACF passwords

I hate to reply to a 3 year old email but there's very little resources
about cracking RACF passwords and I wanted to supply an answer and
hopefully get some help.

The email below is really helpful for beginners, it points them where to go
and gives a basic overview. Basically, from what I understand, RACF takes
the UserID (aka username) and, using the password you supplied as the key,
encrypts it with DES, basically creating a 64bit DES hash. Interestingly
enough you can read more about this process here:
http://www.cbttape.org/xephon/xephonr/rac0311.pdf on page 55, where it
describes, what I think, is how they handle the encryption. It appears they
drop the first bit of every letter in the password, add the parity bit and
use that as the key. I say appears because I haven't been able to recreate
the algorithm myself.

The email below is also missing one of the better tools (which is
challenging to find in the first place): CRACF
http://www.nigelpentland.co.uk/cracf.htm

CRACF is a Windows program (in MASM), but only supports up to Windows XP,
that does a few good things:

1) It extracts the UserID, Full Name, Group, DES hash
2) Extracts easily guessable passwords (userID, reverse userID and group).


The tool is great for extracting the usernames and their hashes, and only
so-so on cracking them as it doesn't allow you to do anything beyond UserID
(and reverse) or the group name. There is another tool called WEAKWORD
which does allow you to supply a dictionary file. Unfortunately this tool
won't actually tell you the password, it will tell you which user accounts
have a weak password but not what that weak password is. Since it also does
the same testing as CRACF if it identifies a password it can be one of
either: 1) the UserID (or its reverse), 2) the default group or 3) one of
the words in your dictionary. The limitation here being you don't know
exactly why it's weak.

> Also, it'd be helpful if you post info from a few sample user
records (including encrypted or hashed passwords).
> Of course, make sure that you're authorized to do so and that you're not
placing any accounts at risk by doing it (e.g., change the passwords after
dumping the records
> but before posting).  If you're able to provide the
corresponding plaintext passwords, that will be very helpful.

I was able to use CRACF on a test system for some test account and here's
the output I got:

User ID   Password  Full Name             Group     DES Hash
A         A         A                     SYS1      0F7DE80335E8ED68
TESTTEST  TESTTEST  TEST                  SYS1      0FF48804F759193F
AAAAAAAA  AAAAAAAA  AAAAAAA               SYS1      062314297C496E0E

I checked the raw RACF file and those are the correct hashes for those
users. Now on to a follow-up question, I'm trying to recreate the DES hash
algorithm they use but I'm having a hell of a time. Using python (and
online calculators) I'm unable to get to the same hash as seen above. For
example:

UserID: AAAAAAAA
Password: AAAAAAAA
In Hex: C1C1C1C1C1C1C1C1 (everything on the mainframe is EBCDIC where A =
C1)

Using pythons' implementation of DES I wrote a quick script to test the
various scenarios (code at http://pastebin.com/ZqKrRja0 )

1) ASCII Test (just AAAAAAAA in ascii): 19df84ac95551003
2) EBCDIC Test: 169f7629c970c1e5
3) Removing first byte: ODD Parity: 03785db0febfb6e1
4) Removing first byte: EVEN Parity: 03785db0febfb6e1

So either RACF has a funky implementation of DES or I misunderstood how
they're creating the key. Any help would be appreciated. My ultimate goal
is to make auditing RACF passwords as easy as other passwords and not
having to rely on having a test mainframe system around to run costly tools
like PWCHECK.

Date: Thu, 23 Apr 2009 07:56:51 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Cracking RACF passwords

On Tue, Apr 21, 2009 at 12:12:29PM -0400, John Hoyt wrote:
> I?m new to this list, and I?m interested in anyone has used john to crack
> RACF passwords.

I doubt it.  I'm not aware of an existing patch to do that.

> So far I?ve found that they are DES encrypted, but I?m not sure about the
> scheme used.

As far as I could find, the passwords may be either "DES-encrypted" or
"hashed" - this can differ between installs and maybe even between user
records.  Apparently, the DES encryption key is the password itself, so
this is actually DES-based hashing, and the use of the word "encryption"
is inappropriate.  Also, apparently, the "hashing" (when DES is not
being used) is ridiculously weak, so some people refer to it as
"masking" instead.  I derived this info mostly from the following web
page (and it is consistent with information I found elsewhere):

http://www.os390-mvs.freesurf.fr/ichdex01.htm

Also, according to the above web page, the "userid" (is that the
username?) is used as a salt, apparently by making it the cleartext data
to DES-encrypt with the password as the key.  We can give this a try and
see if it matches your sample records.

> Does anyone have any experience or suggestions?

Here's the closest match I could find for a ready to use program:

http://www.goldisconsulting.com/OnePageG2.htm
http://www.goldisconsulting.com/OnePageL2.htm

http://www.goldisconsulting.com/pwcheck.pdf
http://www.goldisconsulting.com/PWCHECK-PRO.pdf

This company sells a Windows-based program (two variations of it) that
will audit RACF passwords (both DES and HASH ones).  According to their
FAQ, the program depends on being able to access the target system, yet
it doesn't test candidate passwords on the target system (rather, it
does so on its own).

This PWCHECK program is documented to actually try various candidate
passwords, much like what JtR does - which is consistent with the
understanding that we actually have DES-based hashing rather than DES
encryption.

Maybe the following mailing list is a good place to ask about auditing
RACF passwords:

http://www.listserv.uga.edu/archives/racf-l.html

Please share you findings on this topic, if any, with us on john-users.
Also, it'd be helpful if you post info from a few sample user records
(including encrypted or hashed passwords).  Of course, make sure that
you're authorized to do so and that you're not placing any accounts at
risk by doing it (e.g., change the passwords after dumping the records
but before posting).  If you're able to provide the corresponding
plaintext passwords, that will be very helpful.  Please do not mangle
the encrypted or hashed passwords (in an attempt to protect them) as
that decreases their usefulness to the rest of us, or if you do have to
mangle them then at least state so explicitly.

Thanks,

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.