Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <BLU0-SMTP210566B5075127685E07A2AFD470@phx.gbl>
Date: Wed, 13 Jul 2011 19:22:24 +0200
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-users@...ts.openwall.com
Subject: Re: Charset options

Am 13.07.2011 17:10, schrieb Maximilian Melcher:
> Hi list,
> is it possible to crack SAP RFC password hashes (its from rfcdes like
> written here http://marc.info/?l=john-users&m=113450841312517 )?
>
> The format is:
>
> User                  Hash
> RFC_TEST        C4520A225A6A69429C6C7689B85AB01F
>
> and thats longer than a sapB or sapG hash. The password is abcdefgh
> My first guess was that its md5 but when I start john
> with RFC_TEST:C4520A225A6A69429C6C7689B85AB01F it says LM and cant crack it
> with given wordlist. If I force it to md5 => no passwords loaded.
>

This is not a hash, but an encrypted/obfuscated password
for a SAP basis release 6.x.
If you repeatedly change the password for the RFC
connection ("RFC" is a SAP specific abbreviation for
"remote function call"), you should get different resulting
hex strings for the same password.

Years ago I found out how to get the clear text password
for such a hex string using a Linux TestDrivre installation
on my own PC.
Currently, I don't have a private SAP installation.

So, if an attacker gets access to the encrypted password
that is stored in table RFCDES, you have to assume
he knows the password.

That's why, system administrators configuring
RFC destinations should't reuse those passwords
for other accounts.

But if the user specified in the RFC connecion is
a communication user and not a regular dialog user,
you cannot use the known password and user name
to login.


Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.