Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 25 Jun 2014 08:18:57 +0200
From: Albert Veli <albert.veli@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Re: Skype MD5(username,"\nskyper\n",password) Format

Hi Rob. If I want to try this on my own Linux box, would it be easy to
write a shell script or similar to extract the hash from my own skype
installation? What steps would be required?

On 06/25/2014 06:11 AM, Rob Fuller wrote:
> Using Magnum's repo:
>
> root@...d:~/JohnTheRipper/run# ./john /tmp/skype.txt
> Loaded 1 password hash (dynamic_1401 [md5($u.\nskyper\n.$p) (Skype MD5)
> 128/128 AVX 480x4x3])
> Press 'q' or Ctrl-C to abort, almost any other key for status
> test             (user_8675309)
> 1g 0:00:00:00 DONE 2/3 (2014-06-25 00:09) 10.00g/s 142190p/s 142190c/s
> 142190C/s 123456..Open
> Use the "--show" option to display all of the cracked passwords reliably
> Session completed
>
> With the following as the file content:
>
> user_8675309:$dynamic_1401$bd20f262770d8f30fb76f609a149cceb00000000$user_8675309
>
> w00tw00t, thanks @solardiz, and @jmichel_p
>
>
> --
> Rob Fuller | Mubix
> Certified Checkbox Unchecker
> Room362.com | Hak5.org
>
>
> On Tue, Jun 24, 2014 at 11:25 PM, Rob Fuller <jd.mubix@...il.com> wrote:
>
>> Esteemed knowers of John, I recently finished a Metasploit module [1] that
>> would extract the MD5 hash for Skype from a target system, it comes in the
>> format listed in the subject line of this post. I have found only one
>> mention of anything that was worked on to brute force that particular usage
>> of MD5 from back in 2012 [2]. After posting about the Metasploit module SD
>> said I should post something here asking about getting it working in John.
>> And while I was writing this SD also tweeted about it [3] & [4].
>>
>>
>> [1] - https://github.com/rapid7/metasploit-framework/pull/3473
>> [2] -
>> http://comments.gmane.org/gmane.comp.security.openwall.john.user/4687
>> [3] - http://twitter.com/solardiz/status/481632105177571328
>> [4] - http://twitter.com/solardiz/status/481637571353935872
>>
>> --
>> Rob Fuller | Mubix
>> Certified Checkbox Unchecker
>> Room362.com | Hak5.org
>>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.