diff -urpN john-1.7.6-jumbo-12/src/loader.c john-1.7.6-jumbo-12-netntlm-enhanced/src/loader.c --- john-1.7.6-jumbo-12/src/loader.c 2011-02-04 14:52:06.000000000 +0000 +++ john-1.7.6-jumbo-12-netntlm-enhanced/src/loader.c 2011-04-03 20:45:39.000000000 +0000 @@ -330,8 +330,16 @@ static int ldr_split_line(char **login, *ciphertext = tmp; } else { - tmp = (char *) mem_alloc_tiny(9 + strlen(challenge) + 1 + strlen(netntlm) + 1, MEM_ALIGN_NONE); - sprintf(tmp, "$NETNTLM$%s$%s", challenge, netntlm); + tmp = (char *) mem_alloc_tiny(9 + strlen(challenge) * 2 + 1 + strlen(netntlm) + 1, MEM_ALIGN_NONE); + int i; + for(i=strlen(netlm)-1;i>15;i--) + if(netlm[i] != '0') break; + if(i==15) + netlm[16] = 0; + else + netlm[0] = 0; + + sprintf(tmp, "$NETNTLM$%s%s$%s", challenge, netlm, netntlm); *ciphertext = tmp; } } diff -urpN john-1.7.6-jumbo-12/src/NETNTLM_fmt.c john-1.7.6-jumbo-12-netntlm-enhanced/src/NETNTLM_fmt.c --- john-1.7.6-jumbo-12/src/NETNTLM_fmt.c 2010-06-14 22:06:40.000000000 +0000 +++ john-1.7.6-jumbo-12-netntlm-enhanced/src/NETNTLM_fmt.c 2011-04-03 20:45:39.000000000 +0000 @@ -4,6 +4,10 @@ * Written by JoMo-Kun in 2007 * and placed in the public domain. * + * Modified for lots of better performace, support for Extended Session + * Security and (optionally) UTF-8 as well as optionally using OMP, by + * magnum 2009-2011. No rights reserved. + * * This algorithm is designed for performing brute-force cracking of the NTLM * (version 1) challenge/response pairs exchanged during network-based * authentication attempts [1]. The captured challenge/response pairs from these @@ -28,15 +32,22 @@ * [4] http://www.oxid.it/cain.html * [5] http://www.foofus.net/jmk/smbchallenge.html * + * This version supports Extended Session Security. This is what + * is used when the "LM" hash ends in 32 zeros: + * + * DOMAIN\User:::c70e4fb229437ef300000000000000000000000000000000: + * abf7762caf2b1bbfc5cfc1f46665249f049e0af72ae5b5a9:24ca92fdab441aa4 + * */ -#include #include #include "misc.h" #include "common.h" #include "formats.h" +#include "options.h" +#include "md5.h" #include #ifndef uchar @@ -44,140 +55,250 @@ #endif #define FORMAT_LABEL "netntlm" -#define FORMAT_NAME "NTLMv1 C/R MD4 DES" +#define FORMAT_NAME "NTLMv1 C/R MD4 DES [ESS MD5]" #define ALGORITHM_NAME "netntlm" #define BENCHMARK_COMMENT "" #define BENCHMARK_LENGTH 0 #define PLAINTEXT_LENGTH 54 /* ?127? */ +#define UTF8_PLAINTEXT_LEN 108 #define BINARY_SIZE 24 #define SALT_SIZE 8 #define CIPHERTEXT_LENGTH 48 -#define TOTAL_LENGTH 10 + 2 * SALT_SIZE + CIPHERTEXT_LENGTH +#define TOTAL_LENGTH (10 + 2 * 2 * SALT_SIZE + CIPHERTEXT_LENGTH) #define MIN_KEYS_PER_CRYPT 1 -#define MAX_KEYS_PER_CRYPT 1 +#define MAX_KEYS_PER_CRYPT 192 static struct fmt_tests tests[] = { {"$NETNTLM$1122334455667788$BFCCAF26128EC95F9999C9792F49434267A1D9B0EF89BFFB", "g3rg3g3rg3g3rg3"}, {"$NETNTLM$1122334455667788$E463FAA5D868ECE20CAE622474A2F440A652D642156AF863", "M1xedC4se%^&*@)##(blahblah!@#"}, + {"$NETNTLM$c75c20bff9baa71f4765f360625700b0$81f5ecd8a77fe819f7f6689a08a27ac705fc2e1bb00cecb2", "password"}, {"$NETNTLM$1122334455667788$35B62750E1B9B3205C50D6BA351092C12A1B9B3CDC65D44A", "FooBarGerg"}, {"$NETNTLM$1122334455667788$A4765EBFE83D345A7CB1660B8899251905164029F8086DDE", "visit www.foofus.net"}, + {"$NETNTLM$24ca92fdab441aa4c70e4fb229437ef3$abf7762caf2b1bbfc5cfc1f46665249f049e0af72ae5b5a9", "longpassword"}, {"$NETNTLM$1122334455667788$B2B2220790F40C88BCFF347C652F67A7C4A70D3BEBD70233", "cory21"}, {NULL} }; -static char saved_plain[PLAINTEXT_LENGTH + 1]; -static uchar challenge[SALT_SIZE + 1]; -static uchar output[BINARY_SIZE + 1]; - +static char saved_plain[MAX_KEYS_PER_CRYPT][UTF8_PLAINTEXT_LEN]; +static uchar challenge[SALT_SIZE]; +static uchar output[MAX_KEYS_PER_CRYPT][BINARY_SIZE + 1]; +static uchar ntlm[MAX_KEYS_PER_CRYPT][21]; // NT hash + +#ifdef FMT_UTF8 +#include "unicode.h" +#else extern void E_md4hash(uchar *passwd, uchar *p16); +#endif + extern void setup_des_key(unsigned char key_56[], DES_key_schedule *ks); +extern struct fmt_main fmt_NETNTLM; +static void init(void) +{ +#ifdef FMT_UTF8 + if (options.flags & FLG_UTF8) { + // in utf-8, up to four bytes can compose one character + fmt_NETNTLM.params.plaintext_length = UTF8_PLAINTEXT_LEN; + } +#endif +} + static int netntlm_valid(char *ciphertext) { - char *pos; + char *pos; - if (strncmp(ciphertext, "$NETNTLM$", 9)!=0) return 0; - if (ciphertext[25] != '$') return 0; + if (strncmp(ciphertext, "$NETNTLM$", 9)!=0) return 0; + if ((ciphertext[25] != '$') && (ciphertext[41] != '$')) return 0; - for (pos = &ciphertext[26]; atoi16[ARCH_INDEX(*pos)] != 0x7F; pos++); - if (!*pos && pos - ciphertext - 26 == CIPHERTEXT_LENGTH) - return 1; - else - return 0; + for (pos = &ciphertext[9]; atoi16[ARCH_INDEX(*pos)] != 0x7F; pos++); + if (*pos != '$') return 0; + + for (pos++;atoi16[ARCH_INDEX(*pos)] != 0x7F; pos++); + if (!*pos && ((pos - ciphertext - 26 == CIPHERTEXT_LENGTH) || + (pos - ciphertext - 42 == CIPHERTEXT_LENGTH))) + return 1; + else + return 0; } static char *netntlm_split(char *ciphertext, int index) { - static char out[TOTAL_LENGTH + 1]; + static char out[MAX_KEYS_PER_CRYPT][TOTAL_LENGTH + 1]; - memset(out, 0, TOTAL_LENGTH + 1); - memcpy(&out, ciphertext, TOTAL_LENGTH); - strlwr(&out[8]); /* Exclude: $NETNTLM$ */ + memcpy(&out[index], ciphertext, TOTAL_LENGTH); + out[index][TOTAL_LENGTH] = 0; + strlwr(&out[index][8]); /* Exclude: $NETNTLM$ */ - return out; + return out[index]; } static void *netntlm_get_binary(char *ciphertext) { - static uchar binary[BINARY_SIZE]; - int i; + static uchar binary[BINARY_SIZE]; + int i; - ciphertext+=26; - for (i=0; i