Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <5609ADBF.7000608@uni-konstanz.de>
Date: Mon, 28 Sep 2015 23:14:39 +0200
From: Michael Kramer <michael.kramer@...-konstanz.de>
To: john-dev@...ts.openwall.com
Subject: Re: Kerberoast for John

Am 28.09.2015 um 23:03 schrieb magnum:
> On 28/09/15 22:59, magnum wrote:
>> On 28/09/15 11:50, Michael Kramer wrote:
>>> I wanted to share my work with the John Community. The work is based
>>> on the Kerberoast Python script from Tim Medin and I've ported it
>>> from there to C and then into John.
>>
>> Cool, thanks!
>>
>>> I've included the fmt_plug file for John, a testfile with 3
>>> testhashes the module is able to crack, and also part of the python
>>> script from Tim Medin to parse kirbi files into the format my John
>>> module uses.
>>
>> You should include all three as test vectors. After doing so, you'll
>> find that the format fails self-tests as written. It may crack that test
>> file but it's flawed and will not always work.
>>
>>> But I've encountered a strange bug and thought maybe one of you could
>>> help me.
>>
>> There are many bugs ;-) I think you need to do the following, for a
>> starter:
>>
>> 1. Change BINARY_SIZE to 0 and replace binary with fmt_default_binary.
>> Have a look at some other format with a binary size of 0.
>> 2. Change salt to a struct holding both the salt and what you are now
>> putting in the binary (so this becomes a "salt-only" format, or a
>> non-hash as we use to call them). Then of course change SALT_SIZE to
>> sizeof that struct.
>
> On another look, perhaps you could actually just switch salt and 
> binary. That 16 byte thing you currently use as a salt seems to be 
> fine to use as a binary. Then you'd just put most of cmp_all() in 
> crypt_all() like a normal format.
>
> magnum
>
As I said this was my first try at a John module :)
Thank you for the suggestions! I'll try them out and keep in touch after 
I updated the files!

- Michael


---
Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft.
https://www.avast.com/antivirus

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.