[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <3a1aa1c90802032236u57963601ha8acd10daf1b1c0e@mail.gmail.com>
Date: Mon, 4 Feb 2008 12:06:47 +0530
From: "Dhirendra Singh Kholia" <dhiru.kholia@...il.com>
To: john-users@...ts.openwall.com
Subject: NETHALFM patch
Hi,
This patch adds support for cracking first 7 characters of LM response.
Please apply against john-1.7.2-all9.
ToDo:
- Speed fixes by using bitsliced DES?
- part-wise cracking.
diff -ruNB john-1.7.2-all9/src/inc.c john-1.7.2-all9+/src/inc.c
--- john-1.7.2-all9/src/inc.c 2008-02-04 10:48:54.000000000 +0530
+++ john-1.7.2-all9+/src/inc.c 2008-02-04 10:50:51.000000000 +0530
@@ -24,6 +24,7 @@
extern struct fmt_main fmt_LM;
extern struct fmt_main fmt_NETLM;
+extern struct fmt_main fmt_NETHALFLM;
typedef char (*char2_table)
[CHARSET_SIZE + 1][CHARSET_SIZE + 1];
@@ -380,6 +381,8 @@
mode = "LanMan";
else if (db->format == &fmt_NETLM)
mode = "LanMan";
+ else if (db->format == &fmt_NETHALFLM)
+ mode = "LanMan";
else
mode = "All";
}
diff -ruNB john-1.7.2-all9/src/john.c john-1.7.2-all9+/src/john.c
--- john-1.7.2-all9/src/john.c 2008-02-04 10:48:54.000000000 +0530
+++ john-1.7.2-all9+/src/john.c 2008-02-04 10:50:51.000000000 +0530
@@ -54,6 +54,7 @@
extern struct fmt_main fmt_DOMINOSEC;
extern struct fmt_main fmt_NETLM;
extern struct fmt_main fmt_NETNTLM;
+extern struct fmt_main fmt_NETHALFLM;
extern struct fmt_main fmt_mssql;
extern struct fmt_main fmt_mssql05;
@@ -102,6 +103,7 @@
john_register_one(&fmt_DOMINOSEC);
john_register_one(&fmt_NETLM);
john_register_one(&fmt_NETNTLM);
+ john_register_one(&fmt_NETHALFLM);
john_register_one(&fmt_mssql);
john_register_one(&fmt_mssql05);
diff -ruNB john-1.7.2-all9/src/loader.c john-1.7.2-all9+/src/loader.c
--- john-1.7.2-all9/src/loader.c 2008-02-04 10:48:54.000000000 +0530
+++ john-1.7.2-all9+/src/loader.c 2008-02-04 10:50:51.000000000 +0530
@@ -249,6 +249,19 @@
*ciphertext = tmp;
}
}
+ else if (options.format && ((strncmp(options.format, "nethalflm", 9)==0))) {
+ char *nethalflm = ldr_get_field(&line);
+ char *netntlm = ldr_get_field(&line);
+ char *challenge = ldr_get_field(&line);
+
+ if (strncmp(options.format, "nethalflm", 9)==0) {
+ tmp = (char *) mem_alloc(7 + strlen(challenge) + strlen(nethalflm) + 1);
+ memset(tmp, 0, 7 + strlen(challenge) + strlen(nethalflm) + 1);
+ sprintf(tmp, "$NETHALFLM$%s$%s", challenge, nethalflm);
+ *ciphertext = tmp;
+ }
+
+ }
if (db_options->flags & DB_WORDS || db_options->shells->head) {
gid = ldr_get_field(&line);
diff -ruNB john-1.7.2-all9/src/Makefile john-1.7.2-all9+/src/Makefile
--- john-1.7.2-all9/src/Makefile 2008-02-04 10:48:54.000000000 +0530
+++ john-1.7.2-all9+/src/Makefile 2008-02-04 10:50:51.000000000 +0530
@@ -50,6 +50,7 @@
mscash_fmt.o \
NETLM_fmt.o \
NETNTLM_fmt.o \
+ NETHALFLM_fmt.o \
mssql_fmt.o \
mssql05_fmt.o \
batch.o bench.o charset.o common.o compiler.o config.o cracker.o \
diff -ruNB john-1.7.2-all9/src/NETHALFLM_fmt.c
john-1.7.2-all9+/src/NETHALFLM_fmt.c
--- john-1.7.2-all9/src/NETHALFLM_fmt.c 1970-01-01 05:30:00.000000000 +0530
+++ john-1.7.2-all9+/src/NETHALFLM_fmt.c 2008-02-04 10:55:58.000000000 +0530
@@ -0,0 +1,223 @@
+/*
+ * NETHALFLM_fmt.c
+ * Written by DSK (Based on NetLM/NetNTLM patch by JoMo-Kun)
+ * Performs brute-force cracking of the HalfLM challenge/response pairs.
+
+ * Storage Format:
+ * domain\username:::lm response:nt response:challenge
+ *
+ * Code is in public domain.
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "misc.h"
+#include "common.h"
+#include "formats.h"
+
+#include <openssl/des.h>
+
+#ifndef uchar
+#define uchar unsigned char
+#endif
+
+#define FORMAT_LABEL "nethalflm"
+#define FORMAT_NAME "HalfLM C/R DES"
+#define ALGORITHM_NAME "nethalflm"
+#define BENCHMARK_COMMENT ""
+#define BENCHMARK_LENGTH 0
+#define PLAINTEXT_LENGTH 7
+#define BINARY_SIZE 24
+#define SALT_SIZE 8
+#define CIPHERTEXT_LENGTH 48
+#define TOTAL_LENGTH 12 + 2 * SALT_SIZE + CIPHERTEXT_LENGTH
+#define MIN_KEYS_PER_CRYPT 1
+#define MAX_KEYS_PER_CRYPT 1
+
+static struct fmt_tests tests[] = {
+ {"$NETHALFLM$1122334455667788$6E1EC36D3417CE9E09A4424309F116C4C991948DAEB4ADAD",
"G3RG3P00!"},
+ {"$NETHALFLM$1122334455667788$6E1EC36D3417CE9E09A4424309F116C4C991948DAEB4ADAD",
"G3RG3P0"},
+ {"$NETHALFLM$1122334455667788$1354FD5ABF3B627B8B49587B8F2BBA0F9F6C5E420824E0A2",
"ZEEEZ@1"}
+};
+
+static char saved_plain[PLAINTEXT_LENGTH + 1];
+static uchar challenge[SALT_SIZE + 1];
+static uchar output[BINARY_SIZE + 1];
+
+static int nethalflm_valid(char *ciphertext)
+{
+ char *pos;
+
+ if (strncmp(ciphertext, "$NETHALFLM$", 9)!=0) return 0;
+ if (ciphertext[27] != '$') return 0;
+
+ for (pos = &ciphertext[28]; atoi16[ARCH_INDEX(*pos)] != 0x7F; pos++);
+ if (!*pos && pos - ciphertext - 28 == CIPHERTEXT_LENGTH) {
+ return 1;
+ }
+ else
+ return 0;
+}
+
+static char *nethalflm_split(char *ciphertext, int index)
+{
+ static char out[TOTAL_LENGTH + 1];
+
+ memset(out, 0, TOTAL_LENGTH + 1);
+ memcpy(&out, ciphertext, TOTAL_LENGTH);
+ strlwr(&out[10]); /* Exclude: $NETHALFLM$ */
+
+ return out;
+}
+
+static void *nethalflm_get_binary(char *ciphertext)
+{
+ static uchar binary[BINARY_SIZE];
+ int i;
+
+ ciphertext+=28;
+ for (i=0; i<BINARY_SIZE; i++)
+ {
+ binary[i] = (atoi16[ARCH_INDEX(ciphertext[i*2])])<<4;
+ binary[i] |= (atoi16[ARCH_INDEX(ciphertext[i*2+1])]);
+ }
+ return binary;
+}
+
+/* Avoid clash with NETLM_fmt.c */
+static void setup_des_key(unsigned char key_56[], des_key_schedule *ks)
+{
+ des_cblock key;
+
+ key[0] = key_56[0];
+ key[1] = (key_56[0] << 7) | (key_56[1] >> 1);
+ key[2] = (key_56[1] << 6) | (key_56[2] >> 2);
+ key[3] = (key_56[2] << 5) | (key_56[3] >> 3);
+ key[4] = (key_56[3] << 4) | (key_56[4] >> 4);
+ key[5] = (key_56[4] << 3) | (key_56[5] >> 5);
+ key[6] = (key_56[5] << 2) | (key_56[6] >> 6);
+ key[7] = (key_56[6] << 1);
+
+ des_set_key(&key, *ks);
+}
+
+static void nethalflm_crypt_all(int count)
+{
+ static unsigned char magic[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23,
0x24, 0x25};
+ des_key_schedule ks;
+ unsigned char password[7 + 1];
+ unsigned char lm[7];
+
+ /* clear buffers */
+ memset(password, 0, 7 + 1);
+ memset(lm, 0, 7);
+ memset(output, 0, 24);
+
+ strncpy((char *) password, saved_plain, 14);
+ /* Generate first 8-bytes of LM hash */
+ setup_des_key(password, &ks);
+ des_ecb_encrypt((des_cblock*)magic, (des_cblock*)lm, ks, DES_ENCRYPT);
+
+ /* DES-encrypt challenge using LM hash */
+ setup_des_key(lm, &ks);
+ des_ecb_encrypt((des_cblock*)challenge, (des_cblock*)output, ks,
DES_ENCRYPT);
+ /*printf("\nLM Response: ");
+ int i;
+ for( i = 0; i< 24 ;i++)
+ printf("%.2x",output[i]); */
+}
+
+static int nethalflm_cmp_all(void *binary, int count)
+{
+ return !memcmp(output, binary, 8);
+}
+
+static int nethalflm_cmp_one(void *binary, int index)
+{
+ return !memcmp(output, binary, 8);
+}
+
+static int nethalflm_cmp_exact(char *source, int index)
+{
+ return !memcmp(output, nethalflm_get_binary(source), 8);
+}
+
+static void *nethalflm_get_salt(char *ciphertext)
+{
+ static unsigned char binary_salt[SALT_SIZE];
+ int i;
+
+ ciphertext += 11;
+ for (i = 0; i < SALT_SIZE; ++i) {
+ binary_salt[i] = (atoi16[ARCH_INDEX(ciphertext[i*2])] << 4) +
atoi16[ARCH_INDEX(ciphertext[i*2+1])];
+ /*printf("%2x",binary_salt[i]);*/
+ }
+ return (void*)binary_salt;
+}
+
+static void nethalflm_set_salt(void *salt)
+{
+ memcpy(challenge, salt, SALT_SIZE);
+}
+
+static void nethalflm_set_key(char *key, int index)
+{
+ int i;
+
+ memset(saved_plain, 0, PLAINTEXT_LENGTH + 1);
+ strncpy(saved_plain, key, PLAINTEXT_LENGTH);
+
+ /* Upper-case password */
+ for(i=0; i<PLAINTEXT_LENGTH; i++)
+ if ((saved_plain[i] >= 'a') && (saved_plain[i] <= 'z'))
saved_plain[i] ^= 0x20;
+}
+
+static char *nethalflm_get_key(int index)
+{
+ return saved_plain;
+}
+
+struct fmt_main fmt_NETHALFLM = {
+ {
+ FORMAT_LABEL,
+ FORMAT_NAME,
+ ALGORITHM_NAME,
+ BENCHMARK_COMMENT,
+ BENCHMARK_LENGTH,
+ PLAINTEXT_LENGTH,
+ BINARY_SIZE,
+ SALT_SIZE,
+ MIN_KEYS_PER_CRYPT,
+ MAX_KEYS_PER_CRYPT,
+ FMT_8_BIT | FMT_BS | FMT_SPLIT_UNIFIES_CASE,
+ tests
+ }, {
+ fmt_default_init,
+ nethalflm_valid,
+ nethalflm_split,
+ nethalflm_get_binary,
+ nethalflm_get_salt,
+ {
+ fmt_default_binary_hash,
+ fmt_default_binary_hash,
+ fmt_default_binary_hash
+ },
+ fmt_default_salt_hash,
+ nethalflm_set_salt,
+ nethalflm_set_key,
+ nethalflm_get_key,
+ fmt_default_clear_keys,
+ nethalflm_crypt_all,
+ {
+ fmt_default_get_hash,
+ fmt_default_get_hash,
+ fmt_default_get_hash
+ },
+ nethalflm_cmp_all,
+ nethalflm_cmp_one,
+ nethalflm_cmp_exact
+ }
+};
+
+
diff -ruNB john-1.7.2-all9/src/options.c john-1.7.2-all9+/src/options.c
--- john-1.7.2-all9/src/options.c 2008-02-04 10:48:54.000000000 +0530
+++ john-1.7.2-all9+/src/options.c 2008-02-04 10:50:51.000000000 +0530
@@ -101,7 +101,7 @@
"--salts=[-]COUNT load salts with[out] at least COUNT passwords " \
"only\n" \
"--format=NAME force ciphertext format NAME: " \
- "DES/BSDI/MD5/BF/AFS/LM/NT/PO/raw-MD5/IPB2/raw-sha1/salt-sha1/md5a/KRB5/bfegg/nsldap/ssha/oracle/MYSQL/mysql-sha1/mscash/lotus5/DOMINOSEC/NETLM/NETNTLM/mssql/mssql05\n"
\
+ "DES/BSDI/MD5/BF/AFS/LM/NT/PO/raw-MD5/IPB2/raw-sha1/salt-sha1/md5a/KRB5/bfegg/nsldap/ssha/oracle/MYSQL/mysql-sha1/mscash/lotus5/DOMINOSEC/NETLM/NETNTLM/NETHALFLM/mssql/mssql05\n"
\
"--save-memory=LEVEL enable memory saving, at LEVEL 1..3\n"
void opt_init(char *name, int argc, char **argv)
--
dsk
--
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
