Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 28 Sep 2015 23:14:39 +0200
From: Michael Kramer <>
Subject: Re: Kerberoast for John

Am 28.09.2015 um 23:03 schrieb magnum:
> On 28/09/15 22:59, magnum wrote:
>> On 28/09/15 11:50, Michael Kramer wrote:
>>> I wanted to share my work with the John Community. The work is based
>>> on the Kerberoast Python script from Tim Medin and I've ported it
>>> from there to C and then into John.
>> Cool, thanks!
>>> I've included the fmt_plug file for John, a testfile with 3
>>> testhashes the module is able to crack, and also part of the python
>>> script from Tim Medin to parse kirbi files into the format my John
>>> module uses.
>> You should include all three as test vectors. After doing so, you'll
>> find that the format fails self-tests as written. It may crack that test
>> file but it's flawed and will not always work.
>>> But I've encountered a strange bug and thought maybe one of you could
>>> help me.
>> There are many bugs ;-) I think you need to do the following, for a
>> starter:
>> 1. Change BINARY_SIZE to 0 and replace binary with fmt_default_binary.
>> Have a look at some other format with a binary size of 0.
>> 2. Change salt to a struct holding both the salt and what you are now
>> putting in the binary (so this becomes a "salt-only" format, or a
>> non-hash as we use to call them). Then of course change SALT_SIZE to
>> sizeof that struct.
> On another look, perhaps you could actually just switch salt and 
> binary. That 16 byte thing you currently use as a salt seems to be 
> fine to use as a binary. Then you'd just put most of cmp_all() in 
> crypt_all() like a normal format.
> magnum
As I said this was my first try at a John module :)
Thank you for the suggestions! I'll try them out and keep in touch after 
I updated the files!

- Michael

Diese E-Mail wurde von Avast Antivirus-Software auf Viren gepr├╝ft.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.