Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 28 Sep 2015 23:03:18 +0200
From: magnum <>
Subject: Re: Kerberoast for John

On 28/09/15 22:59, magnum wrote:
> On 28/09/15 11:50, Michael Kramer wrote:
>> I wanted to share my work with the John Community. The work is based
>> on the Kerberoast Python script from Tim Medin and I've ported it
>> from there to C and then into John.
> Cool, thanks!
>> I've included the fmt_plug file for John, a testfile with 3
>> testhashes the module is able to crack, and also part of the python
>> script from Tim Medin to parse kirbi files into the format my John
>> module uses.
> You should include all three as test vectors. After doing so, you'll
> find that the format fails self-tests as written. It may crack that test
> file but it's flawed and will not always work.
>> But I've encountered a strange bug and thought maybe one of you could
>> help me.
> There are many bugs ;-) I think you need to do the following, for a
> starter:
> 1. Change BINARY_SIZE to 0 and replace binary with fmt_default_binary.
> Have a look at some other format with a binary size of 0.
> 2. Change salt to a struct holding both the salt and what you are now
> putting in the binary (so this becomes a "salt-only" format, or a
> non-hash as we use to call them). Then of course change SALT_SIZE to
> sizeof that struct.

On another look, perhaps you could actually just switch salt and binary. 
That 16 byte thing you currently use as a salt seems to be fine to use 
as a binary. Then you'd just put most of cmp_all() in crypt_all() like a 
normal format.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.