Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4DA4ECA0.7080308@bredband.net>
Date: Wed, 13 Apr 2011 02:21:52 +0200
From: magnum <rawsmooth@...dband.net>
To: john-dev@...ts.openwall.com
Subject: Re: [GSoC] Johnny - GUI frontend for JtR

On 2011-04-13 00:04, Aleksey Cherepanov wrote:
>> interesting/crazy usages of JtR you might have are very welcomed.
>
> I think case correction (lm-ntlm pair cracking) is interesting:

Good idea. Other similar "operations":
* Invoke (or rather re-implement) the netntlm.pl script for attacking 
NetLM hashes (NetHalfLM -> NetLM -> NetNTLM).
* Use the current john.pot as a wordlist, with or without rules.
* Use -show from one (or several) file(s) as wordlist for another (or 
several), w/ or w/o rules.

Maybe even automation of the procedure outlined here:
http://openwall.info/wiki/john/markov#Real-world-usage-example
 From the user perspective, this would ideally just involve picking the 
target file, stating how long you want the attack to run and on how many 
cores. The GUI could benchmark, pick a level, split it in chunks and 
launch the processes.

Have anyone suggested job queueing? You could pause the running job 
(moving it down the queue) for a quick other job. When that finishes, 
the job that was paused is restored automatically. This gets even better 
(and trickier) on a multi core machine.

Combining multi core job queueing with the other procedures (on a 
multicore machine):
* Start a job attacking LM hashes using, say, 6 cores of 8 (running one 
omp-des-7 instance of John). Cracked uppercase passwords automatically 
(and on the fly) result in new jobs queued (and started, if a core is 
free for use) for case correction against the corresponding NT hashes.

* The NetHalfLM -> NetLM -> NetNTLM scenario could use a similar approach.

* You could also schedule incrementing levels of Markov (assuming we 
have Simon's later version that can take a minlevel) as that mode does 
not (otherwise) find the easy passwords early.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.