[<prev] [next>] [day] [month] [year] [list]
Message-Id: <08976157-BA3E-4D72-AE81-0AD8F66AD2F5@sl-chat.de>
Date: Wed, 1 Jul 2009 16:12:53 +0200
From: SL <auditor@...chat.de>
To: john-users@...ts.openwall.com
Subject: Re: Joomla password hashes
On Thu, 7 Feb 2008 07:10:42 +0300, Solar Designer wrote
> On Wed, Feb 06, 2008 at 10:09:17AM -0500, Steve ...... wrote:
>> On Sun, 3 Feb 2008 22:17:13 +0300, Solar Designer wrote:
>>> Here's an example external filter() that adds that salt from your
>>> first
>>> posting in this thread:
>>>
>>> [List.External:Joomla]
>>> void filter()
>>> {
>>> int i;
>>>
>>> // Find end of "word"
>>> i = 0; while (word[i]) i++;
>>>
>>> // Hard-coded salt from http://www.openwall.com/lists/john-users/
>>> 2008/02/01/1
>>> word[i++] = 'R';
>>> word[i++] = 'i';
>>> word[i++] = 'y';
>>> word[i++] = 'O';
>>> word[i++] = '6';
>>> word[i++] = 'I';
>>> word[i++] = 'Z';
>>> word[i++] = 'T';
>>> word[i++] = '9';
>>> word[i++] = 'e';
>>> word[i++] = 'u';
>>> word[i++] = 'D';
>>> word[i++] = 'z';
>>> word[i++] = '6';
>>> word[i++] = '9';
>>> word[i++] = 'F';
>>>
>>> word[i] = 0;
>>> }
>>>
>>> To use it, you'd put the hash in a file (let's call it passwd)
>>> like this:
>>>
>>> joomla1:4e36196d7ddc2610fd425ba0617233ca
>>>
>>> Then run JtR on the file like this:
>>>
>>> ./john -w=password.lst --rules --external=joomla --users=joomla1
>>> --format=raw-md5 passwd
>>
>> Im a little confused.. so I would have to add that below line for
>> line to my
>> john.conf and run john wait a couple days then modify it again
>> changing it
>> line by line run john on another hash?.. sounds like a lot of work
>> and time.
>
>
> That's correct - although it's up to you to decide how long to let
> it run
> on just one hash - a couple of days sounds excessive to me if you
> have a
> lot of hashes. In fact, if you choose to test for just the initial
> passwords (those not changed by the users), then you'd need just a few
> seconds per hash.
>
> [...]
>
> This external mode that I posted was primarily a proof-of-concept.
> For
> actual use on a large number of hashes, you'd want support for these
> hashes added to JtR itself.
Sorry for quoting this much, but since it's a reply to a rather dusty
post, I thought it was sensible.
My approach to salted Joomla MD5's is a little different, but (at
least to my gusto) more convenient (assuming Bash, may work with
other shells, works equally well on Linux and OSX/BSD):
#!/bin/bash
IFS=":";
wordlist="./password.lst";
passwd="./passwd";
while read user hash salt comments; do
echo "Trying $user ...";
./john --session="S1" --stdout --wordlist="$wordlist" --rules \
| sed "s/$/${salt}/" \
| ./john --session="S2" --stdin --format=raw-MD5 --user="$user"
"$passwd";
done < "$passwd"
./passwd's format is:
joomla1:4e36196d7ddc2610fd425ba0617233ca:RiyO6IZT9euDz69F
$username:MD5($password$salt):$salt[:comments, full name, email etc.]
This is certainly not the most performant solution, but with a
carefully crafted wordlist and a moderate ruleset, it's able to audit
an entire user DB within a fortnight.
Of course, you can equally use "--markov" or "--incremental", if
you've got plenty of time or CPU cycles. Just replace
./john --session="S1" --stdout --wordlist="$wordlist" --rules
with
./john --session="S1" --stdout --markov
or
./john --session="S1" --stdout --incremental
(I fail to crack the given example hash though, by the way. As Solar
mentioned, it appears to be nontrivial.)
SL
--
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
