|
Message-ID: <1349020142.33931.YahooMailNeo@web120904.mail.ne1.yahoo.com> Date: Sun, 30 Sep 2012 08:49:02 -0700 (PDT) From: NeonFlash <psykosonik_frequenz@...oo.com> To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com> Subject: Re: WebEdition CMS Ok, so I installed the latest version of JtR (jumbo community release) on Linux and it works now :) So, the function primitives are missing for Windows Platform :) For anyone else, who might be trying to get it working on Windows, it won't, so install it on Linux. This text is missing in doc/DYNAMIC on Windows. I am not sure if there is a precompiled release for Windows platform for JtR jumbo versions > 1.7.5. If there is, then please point me to it, I would like to have one as a reference. I did not find a link to it on openwall.com/john # DynamicFunc__crypt_md5 # performs a md5 on all elements of input1[] and places the results into output1[] The output will be the # 16 byte BINARY blob of the 'raw' md5. It loads the hashes. Loaded 3 password hashes with 3 different salts (dynamic_1011 md5($p.md5($s)) (WebEdition CMS) [128/128 SSE2 intrinsics 10x4x3]) Remaining 2 password hashes with 2 different salts guesses: 0 time: 0:00:00:23 55.48% (ETA: Sun Sep 30 21:16:10 2012) c/s: 2623K trying: flashfst - flashfubar openwall (?) openwall (?) guesses: 2 time: 0:00:00:32 DONE (Sun Sep 30 21:16:00 2012) c/s: 2574K trying: openunlimited - openwanker Use the "--show" option to display all of the cracked passwords reliably All good. Now, time to perform benchmarks and learn more about the dynamic format :) ________________________________ From: NeonFlash <psykosonik_frequenz@...oo.com> To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com> Sent: Sunday, September 30, 2012 8:52 PM Subject: Re: [john-users] WebEdition CMS So, I read further into the documentation in the path: doc/DYNAMIC.txt and noticed that the below 2 function primitives (which you are using in dynamic_1011) are not present: DynamicFunc__crypt_md5 DynamicFunc__crypt_md5_in2_to_out1 I guess, as a result of this, it fails while parsing the List.Generic:dynamic_1011 section in john.ini I am using 1.7.9-jumbo-5 [win32-cygwin-x86-sse2i] Since, I am on Windows right now, so cannot view the source code, but it appears that these functions might be missing in the following files while it was compiled for Windows: dynamic.h dynamic_fmt.c dynamic_parser.c Can someone verify for this particular version on Windows? ________________________________ From: NeonFlash <psykosonik_frequenz@...oo.com> To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com> Sent: Sunday, September 30, 2012 8:32 PM Subject: Re: [john-users] WebEdition CMS I would love to test various configurations for this format as well, but can anyone tell me why wouldn't the hashes load for me? syntax 1: john -w:wordlist.txt -fo=dynamic_1011 webedition.txt error: Unknown ciphertext format name requested syntax 2: john --subformat=dynamic_1011 -w:wordlist.txt webedition.txt error: No password hashes loaded (see FAQ) syntax 3: john -w:wordlist.txt webedition.txt error: No password hashes loaded (see FAQ) configuration from dynamic.conf file: [List.Generic:dynamic_1011] Expression=md5($p.md5($s)) (WebEdition CMS) Flag=MGF_SALTED Func=DynamicFunc__clean_input Func=DynamicFunc__append_salt Func=DynamicFunc__crypt_md5 Func=DynamicFunc__clean_input2 Func=DynamicFunc__append_keys2 Func=DynamicFunc__append_from_last_output_to_input2_as_base16 Func=DynamicFunc__crypt_md5_in2_to_out1 Test=$dynamic_1011$e82bf09e8a1899d4c3d00a3f380d5cdb$SXB:openwall Test=$dynamic_1011$c0e024d9200b5705bc4804722636378a$admin:admin Test=$dynamic_1011$14f8b3781f19a3b7ea520311482ce207$openwall:openwall Question #1: Do I need to add this configuration to dynamic.conf or john.ini file? Now, I added to john.ini and these are the error messages I receive: Error, unknown function: Func=DynamicFunc__crypt_md5 Error parsing section [List.Generic:dynamic_1011] Error in line 698 file is john.ini Any help would be appreciated. Thanks. ________________________________ From: "jfoug@....net" <jfoug@....net> To: john users <john-users@...ts.openwall.com> Sent: Sunday, September 30, 2012 7:41 PM Subject: Re: [john-users] WebEdition CMS Works code worked for me. Likely you missed the extra flag value. That value is VERY important. What that flag does is when the file is being loaded, it takes the salt, performs a MD5 on it, then takes that base-16 results, and uses THAT value as the salt. In other words, it precomputes the md5($s) one time, and then you simply append that value where you need it from that point on, thus cutting down the number of MD5 crypt calls in your inner loop. This is one KEY line, you may have not copied into your format: Flag=MGF_SALT_AS_HEX Here are some quick/dirty timings for this format (note 1012 on my test was my 1 MD5 script) Original $ ./john -test=5 -form=dynamic_1011 Benchmarking: dynamic_1011 md5($p.md5($s)) (WebEdition CMS) [128/128 SSE2 intrinsics 10x4x3]... DONE Many salts: 5702K c/s real, 5719K c/s virtual Only one salt: 4827K c/s real, 4827K c/s virtual Using MGF_SALT_AS_HEX $ ./john -test=5 -form=dynamic_1011 Benchmarking: dynamic_1011 md5($p.md5($s)) (WebEdition CMS) [128/128 SSE2 intrinsics 10x4x3]... DONE Many salts: 9256K c/s real, 9256K c/s virtual Only one salt: 6678K c/s real, 6789K c/s virtual Hotice how the 'many salts' speed gets quite a bit bigger performance boost with this model. This is due to the salt itself now being pretty long (32 bytes). In the 'Many salts' test, there is less memory copying happening with the salt. But you can see precomputing the salt make a pretty large boost to speed. Jim. On Sun, Sep 30, 2012 at 8:31 AM, Dhiru Kholia wrote: > On Sun, Sep 30, 2012 at 5:07 PM, <jfoug@....net> wrote: >> Simply looking at that format script, I believe it would work fine. There is >> also ways a username can be used directly within dynamic instead. However, >> since anyone using this would be fabricating the JtR input file, putting the >> username into a salt field would be just as easy as putting into the >> username field when building the file. > >> Also, if a salt is used vs the username within dynamic, then there is a nice >> optimization that can be used to double the speed of the format. If you >> notice the base-16 MD5 of the salt (user name), is a static string. This can >> be pre-computed at load time, and done only once. This reduces the MD5 calls >> from 2 to 1 per password/salt trial. > > Jim, > > I have tried to implement what you said, > > MySQL [webedition]> select username,md5(username),passwd,UseSalt from > tblUser where username="openwall"; > > +----------+----------------------------------+----------------------------------+---------+ > | username | md5(username) | passwd > | UseSalt | > > +----------+----------------------------------+----------------------------------+---------+ > | openwall | f2df0ddd3129c68b1ae7be05779ebeb3 | > 14f8b3781f19a3b7ea520311482ce207 | 1 | > > +----------+----------------------------------+----------------------------------+---------+ > > #################################################################### > # DYNAMIC type for WebEdition CMS md5($p.PMD5(username)) > # > select md5(username),passwd,UseSalt from tblUser > # PMD5(username), pre-computed md5 of username is salt > #################################################################### > [List.Generic:dynamic_1012] > Expression=md5($p.PMD5(username)) (WebEdition CMS) > Flag=MGF_SALTED > Flag=MGF_SALT_AS_HEX > Func=DynamicFunc__clean_input > Func=DynamicFunc__append_keys > Func=DynamicFunc__append_salt > Func=DynamicFunc__crypt_md5 > > Test=$dynamic_1012$14f8b3781f19a3b7ea520311482ce207$HEX$f2df0ddd3129c68b1ae7be05779ebeb3:openwall > > However it fails self-test, > > Benchmarking: dynamic_1012 md5($p.PMD5(username)) (WebEdition CMS) > [128/128 SSE2 intrinsics 10x4x3]... FAILED (get_hash[0](0) > > Any tips to get it working? > > -- Cheers, > Dhiru
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.