|
Message-ID: <1349013371.78910.YahooMailNeo@web120902.mail.ne1.yahoo.com> Date: Sun, 30 Sep 2012 06:56:11 -0700 (PDT) From: NeonFlash <psykosonik_frequenz@...oo.com> To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com> Subject: Re: WebEdition CMS Thanks a lot for implementing this algorithm :) I updated the dynamic.conf file with the configuration provided however, what's the command line to run? I am using: 1.7.9-jumbo-5 The test hash given is: $dynamic_1011$e82bf09e8a1899d4c3d00a3f380d5cdb$SXB:openwall I used: john --subformat=dynamic_1011 -w:wordlist.txt webedition.txt It does not load the hash. Also, in the test hash, what is 'SXB'? openwall is the username which is used as the salt. Is SXB supposed to be the precomputed salt (md5(username))? I am using the configuration file provided by Jim, the one with only 1 call to md5. Thanks once again :) ________________________________ From: Dhiru Kholia <dhiru.kholia@...il.com> To: john-users@...ts.openwall.com Sent: Sunday, September 30, 2012 7:01 PM Subject: Re: [john-users] WebEdition CMS On Sun, Sep 30, 2012 at 5:07 PM, <jfoug@....net> wrote: > Simply looking at that format script, I believe it would work fine. There is > also ways a username can be used directly within dynamic instead. However, > since anyone using this would be fabricating the JtR input file, putting the > username into a salt field would be just as easy as putting into the > username field when building the file. > Also, if a salt is used vs the username within dynamic, then there is a nice > optimization that can be used to double the speed of the format. If you > notice the base-16 MD5 of the salt (user name), is a static string. This can > be pre-computed at load time, and done only once. This reduces the MD5 calls > from 2 to 1 per password/salt trial. Jim, I have tried to implement what you said, MySQL [webedition]> select username,md5(username),passwd,UseSalt from tblUser where username="openwall"; +----------+----------------------------------+----------------------------------+---------+ | username | md5(username) | passwd | UseSalt | +----------+----------------------------------+----------------------------------+---------+ | openwall | f2df0ddd3129c68b1ae7be05779ebeb3 | 14f8b3781f19a3b7ea520311482ce207 | 1 | +----------+----------------------------------+----------------------------------+---------+ #################################################################### # DYNAMIC type for WebEdition CMS md5($p.PMD5(username)) # > select md5(username),passwd,UseSalt from tblUser # PMD5(username), pre-computed md5 of username is salt #################################################################### [List.Generic:dynamic_1012] Expression=md5($p.PMD5(username)) (WebEdition CMS) Flag=MGF_SALTED Flag=MGF_SALT_AS_HEX Func=DynamicFunc__clean_input Func=DynamicFunc__append_keys Func=DynamicFunc__append_salt Func=DynamicFunc__crypt_md5 Test=$dynamic_1012$14f8b3781f19a3b7ea520311482ce207$HEX$f2df0ddd3129c68b1ae7be05779ebeb3:openwall However it fails self-test, Benchmarking: dynamic_1012 md5($p.PMD5(username)) (WebEdition CMS) [128/128 SSE2 intrinsics 10x4x3]... FAILED (get_hash[0](0) Any tips to get it working? -- Cheers, Dhiru
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.