|
Message-ID: <BANLkTin092yzPyv2=wYNdN8y3P8Qip0mwA@mail.gmail.com>
Date: Thu, 21 Apr 2011 15:25:23 -0700
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: "SSH private keys cracker" patch for JtR [first cut
for GSoC]
On Fri, Apr 15, 2011 at 3:06 PM, magnum <rawsmooth@...dband.net> wrote:
> I believe that first 3503C93C037175EEE450311F2B6F57F3 hash can be used in
> john.pot instead, as an identifier of the corresponding cracked file. I just
> created a couple of test key files with the same passphrase and that hash
> was unique. If implementing this you should really add a tag (like $ssh$) so
> we don't add to the current mess. So, my john.pot should have read:
>
> $ssh$7175EEE450311F2B6F57F33503C93C03:bingo
> using (of course) whatever DEK hash was in that file.
Thanks for the review, magnum. A new version of the patch, which
stores the entire "ssh key file" in john.pot is attached.
Usage:
1. Create a text file (called keys.txt) containing filename(s) of the
SSH private key(s) to be cracked.
2. Run unssh as "unssh keys.txt sshdump".
3. Run JtR as "john -format=ssh sshdump".
Bugs:
1. "john -format=ssh --show sshdump" doesn't work currently.
2. gecos handling looks hacky :-).
--
Cheers,
Dhiru
Download attachment "john-1.7.6-jumbo-12-ssh-06.diff.gz" of type "application/x-gzip" (11467 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.