Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20131118091723.GA25508@lonestar>
Date: Mon, 18 Nov 2013 14:47:23 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-users@...ts.openwall.com
Subject: Cracking OSPF, BGP and RIP authentication with JtR (and Ettercap)

Hi,

Support for cracking OSPF, BGP and RIP authentication was added to
JtR-jumbo (in bleeding-jumbo branch) recently. You will also need the
latest Ettercap code.

$ ettercap -Tqr OSPFv2\ MD5\ authentication.pcap > ospf-hashes

$ ../run/john ospf-hashes
Loaded 4 password hashes with 4 different salts (net-md5, "Keyed MD5" ...
Press 'q' or Ctrl-C to abort, almost any other key for status
abcdefghijklmnop (OSPF-224.0.0.5-0)
abcdefghijklmnop (OSPF-224.0.0.5-0)
...

$ ettercap -Tqr RIPv2\ MD5\ authentication.pcap > rip-hashes

$ ../run/john rip-hashes                                                 1 ↵
Loaded 6 password hashes with 6 different salts (net-md5, "Keyed MD5" ...
Press 'q' or Ctrl-C to abort, almost any other key for status
quagga           (RIPv2-224.0.0.9-520)
quagga           (RIPv2-224.0.0.9-520)
...

$ ../run/tcpmd5tojohn.py bgp-capture.pcap > bgp-hashes

$ ../run/john bgp-hashes
Loaded 38 password hashes with 38 different salts (tcp-md5, ...
Press 'q' or Ctrl-C to abort, almost any other key for status
lolcats          (?)
lolcats          (?)
...

Sample .pcap files are available on https://github.com/kholia/my-pcaps
page.

https://github.com/magnumripper/JohnTheRipper/tree/bleeding-jumbo has
the latest JtR-jumbo code (as usual).

https://github.com/Ettercap/ettercap/ has the latest Ettercap code.

--
Dhiru

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.