Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 28 Sep 2015 22:59:23 +0200
From: magnum <>
Subject: Re: Kerberoast for John

On 28/09/15 11:50, Michael Kramer wrote:
> I wanted to share my work with the John Community. The work is based
> on the Kerberoast Python script from Tim Medin and I've ported it
> from there to C and then into John.

Cool, thanks!

> I've included the fmt_plug file for John, a testfile with 3
> testhashes the module is able to crack, and also part of the python
> script from Tim Medin to parse kirbi files into the format my John
> module uses.

You should include all three as test vectors. After doing so, you'll 
find that the format fails self-tests as written. It may crack that test 
file but it's flawed and will not always work.

> But I've encountered a strange bug and thought maybe one of you could
> help me.

There are many bugs ;-) I think you need to do the following, for a starter:

1. Change BINARY_SIZE to 0 and replace binary with fmt_default_binary. 
Have a look at some other format with a binary size of 0.
2. Change salt to a struct holding both the salt and what you are now 
putting in the binary (so this becomes a "salt-only" format, or a 
non-hash as we use to call them). Then of course change SALT_SIZE to 
sizeof that struct.
3. Adjust everything accordingly. Drop the binary_hash/get_hash 
functions (use fmt_default_* in the format struct).
4. Replace <openssl/rc4.h> with "rc4.h" (a local file in the tree)

BTW, I don't quite get what are you doing with saved_key in init()?

Also, you should rename src/ to run/ per our 

Finally, please base your contributions upon latest tree in 
bleeding-jumbo branch of 
You are using an older version of the formats interface (last release I 
presume). If you just fix the rest, I can take care of this.

Solar, the "Apache License" is fine, yes?


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.