John the Ripper password cracker users

A BC | 5 Feb 13:08

Picon

DES - not "traditional DES-based" - (VNC hash) with JtR

Hi,

I'm a new user of this mailing list, because I have a question I don't find
an answer to : is there a way to use JtR against DES 'hashes', where :
- you know the data to encrypt (challenge)
- you know the data when encrypted (challenge response, server side)
- you search the DES-password that was used to encrypt the data.

It is a way to authenticate with VNC (
http://www.realvnc.com/docs/rfbproto.pdf page 14), which is reputed weak.
So I search how easily it can be efficiently broken, but I am very
surprised I did not find any answer to that. Maybe I searched wrongly, but
all my searched are driven by the well known UNIX traditional DES-based
salted hash.

So, I wish to use JtR for its mangling rules, wordlists capabilities, (and
maybe for its efficiency) but I can't find a way to make it do what I want.
I have searched in the community resources (http://openwall.info/wiki/john),
in the most useful mailing lists posts (
http://openwall.info/wiki/john/mailing-list-excerpts), I have searched in
the direction of "How to use the 'dynamic' format within john"
(jtr179j5/doc/DYNAMIC.txt) but I did not found what I want "DES($s,$p)", I
searched in tutorials (http://openwall.info/wiki/john/tutorials), and I
tried to look at patches (http://openwall.info/wiki/john/custom-builds),
but no keywords matched, nor with our best friend ggl...

I am thinking about how JtR implements its algorithms, but it seems very
complicated.
Otherwise, I am think about using JtR to generate the pwd to stdout, which
I would pipe into a Python soft using PyCrypto, but I don't know if the

(Continue reading)

Corbin Simpson | 6 Feb 03:40

Picon

Re: DES - not "traditional DES-based" - (VNC hash) with JtR

I've implemented this before; it's similar to the tripcode pattern. I'll
follow up later, when I'm not on the road. Solar would know better than me,
though.
On Feb 5, 2012 4:22 PM, "A BC" <miaou.pbl@...> wrote:

> Hi,
>
>
> I'm a new user of this mailing list, because I have a question I don't find
> an answer to : is there a way to use JtR against DES 'hashes', where :
> - you know the data to encrypt (challenge)
> - you know the data when encrypted (challenge response, server side)
> - you search the DES-password that was used to encrypt the data.
>
> It is a way to authenticate with VNC (
> http://www.realvnc.com/docs/rfbproto.pdf page 14), which is reputed weak.
> So I search how easily it can be efficiently broken, but I am very
> surprised I did not find any answer to that. Maybe I searched wrongly, but
> all my searched are driven by the well known UNIX traditional DES-based
> salted hash.
>
> So, I wish to use JtR for its mangling rules, wordlists capabilities, (and
> maybe for its efficiency) but I can't find a way to make it do what I want.
> I have searched in the community resources (http://openwall.info/wiki/john
> ),
> in the most useful mailing lists posts (
> http://openwall.info/wiki/john/mailing-list-excerpts), I have searched in
> the direction of "How to use the 'dynamic' format within john"
> (jtr179j5/doc/DYNAMIC.txt) but I did not found what I want "DES($s,$p)", I
> searched in tutorials (http://openwall.info/wiki/john/tutorials), and I

(Continue reading)

Solar Designer | 7 Feb 16:37

Re: DES - not "traditional DES-based" - (VNC hash) with JtR

On Sun, Feb 05, 2012 at 06:40:06PM -0800, Corbin Simpson wrote:
> I've implemented this before; it's similar to the tripcode pattern. I'll
> follow up later, when I'm not on the road. Solar would know better than me,
> though.

Actually, I never looked into VNC challenge/responses before, so you
might be more familiar with this.

I fail to see much similarity to tripcodes, though.  The only similarity
appears to be in that DES is involved.

Please do post a followup.

Alexander

Rich Rumble | 6 Feb 05:22

Picon

Re: DES - not "traditional DES-based" - (VNC hash) with JtR

On Sun, Feb 5, 2012 at 7:08 AM, A BC <miaou.pbl@...> wrote:
> Is there something I missed ? Is there a solution better than another ? I
> can code in C under Win/Linux, Python, ...
VNC uses a fixed salt and TripleDes, you can get the key from the
windows registry or a the config file on a *nix server. The password
is easily reversed, no need for cracking. VNCdec.c is one of the
first "revealers" I saw for the VNC password.
http://packetstormsecurity.org/files/10159/vncdec.c
Now as far as sniffing the pass, Cain&Abel (oxid.it) has a sniffer
that allows you do that, I believe you can sniff other passwords out
of a VNC session.
-rich

Solar Designer | 7 Feb 16:34

Re: DES - not "traditional DES-based" - (VNC hash) with JtR

On Sun, Feb 05, 2012 at 11:22:46PM -0500, Rich Rumble wrote:
> VNC uses a fixed salt and TripleDes, you can get the key from the
> windows registry or a the config file on a *nix server. The password
> is easily reversed, no need for cracking. VNCdec.c is one of the
> first "revealers" I saw for the VNC password.
> http://packetstormsecurity.org/files/10159/vncdec.c

BTW, this program appears to implement a single DES decryption with a
fixed key.  No idea why you mentioned "a fixed salt and TripleDes".
Anyway, this is not what A BC referred to.

> Now as far as sniffing the pass, Cain&Abel (oxid.it) has a sniffer
> that allows you do that,

Now this is closer, but still the question was about cracking already
sniffed challenge/responses with JtR.  We'll need to implement a new
format for that.  The vncdec.c program above is irrelevant to this.

BTW, does Cain&Abel crack VNC challenge/responses?

Alexander

Solar Designer | 7 Feb 16:59

Re: DES - not "traditional DES-based" - (VNC hash) with JtR

On Sun, Feb 05, 2012 at 01:08:34PM +0100, A BC wrote:
> I'm a new user of this mailing list, because I have a question I don't find
> an answer to : is there a way to use JtR against DES 'hashes', where :
> - you know the data to encrypt (challenge)
> - you know the data when encrypted (challenge response, server side)
> - you search the DES-password that was used to encrypt the data.
> 
> It is a way to authenticate with VNC (
> http://www.realvnc.com/docs/rfbproto.pdf page 14), which is reputed weak.

We have support for a few things like this in -jumbo, but not for VNC's
specifically.  We'll need to implement that.

If you want to try yourself, you may want to look at these source files
as samples for challenge/response cracking:

NETLM_fmt_plug.c
NETSPLITLM_fmt_plug.c
NETNTLM_fmt_plug.c
MSCHAPv2_fmt_plug.c

> So I search how easily it can be efficiently broken,

According to the PDF you referenced, easier than a Unix crypt(3) password.

> So, I wish to use JtR for its mangling rules, wordlists capabilities, (and
> maybe for its efficiency) but I can't find a way to make it do what I want.
> I have searched in the community resources (http://openwall.info/wiki/john),
> in the most useful mailing lists posts (
> http://openwall.info/wiki/john/mailing-list-excerpts), I have searched in

(Continue reading)

A BC | 7 Feb 23:28

Picon

Re: DES - not "traditional DES-based" - (VNC hash) with JtR

Thank you all for your answers.

I am not really used to mailing lists, so I will just answer this mail for
all the previous.
First, thanks for the attention and the suggestions.
Next, I forgot to sign. A BC is just a Google personality. Miaou is better.
(...)

Rich, thanks for the link. Alexander made it clearer I want to unhash a
challenge/response that has already been sniffed. I wish I may use that to
gain an access to the machine...
But I did not knew that VNC store localy the access-pwd only encrypted with
a DES-like with a fixed "secret" key...

Corbin, I am glad you would have a solution ! I think it is not exactly
like the tripcode (I have seen your old post about them :
http://www.openwall.com/lists/john-users/2011/08/13/1). In Tripcodes, salt
is used into crypt(3) (I am not very sure how, so...) which gives a salted
DES encryption of 8 null bytes with the password given. but here, it is a
regular DES encryption with the password. The salting with VNC is that the
data to be encrypted by DES are not null bytes. They are 16 bytes chosen by
the server (challenge). This is indeed simplier than crypt(3). In fact, the
block size is 8 bytes with DES. So the 8 other bytes are to ensure
uniqueness of the encryption (password is padded or truncated to 8 bytes).

Next :
On Tue, Feb 7, 2012 at 4:59 PM, Solar Designer <solar@...> wrote:

> If you want to try yourself, you may want to look at these source files
> as samples for challenge/response cracking:

(Continue reading)

Rich Rumble | 8 Feb 00:48

Picon

Re: DES - not "traditional DES-based" - (VNC hash) with JtR

On Tue, Feb 7, 2012 at 5:28 PM, A BC <miaou.pbl@...> wrote:
> Thank you all for your answers.
>
> Rich, thanks for the link. Alexander made it clearer I want to unhash a
> challenge/response that has already been sniffed. I wish I may use that to
> gain an access to the machine...
> But I did not knew that VNC store localy the access-pwd only encrypted with
> a DES-like with a fixed "secret" key...
I've sent an email to john-dev already containing pcap's of 7 different
vnc sessions, using 3 different VNC protocols (see wikipedia)
http://en.wikipedia.org/wiki/RFB_protocol#Protocol_versions
>> Oh, and please post a test vector or several (sniffed challenge/response
>> pairs and their corresponding known passwords).
You can get them here: http://xinn.org/jtr-pcap/jtr-vnc-pcap.tar.gz
> I am building a FakeServer to obtain them : I installed vinagre, which I
> connect to the server. The server gives him a challenge, vinagre asks for a
> pass, responds to the server. The response IS ok.
There is an old project called VNCcrack, I compiled it today but
I didn't work on the pcap's I gave it, which could be due to
a wide range of reasons. Nonetheless it might give you a head
start on your project: http://www.randombit.net/code/vnccrack/
-rich

A BC | 8 Feb 09:15

Picon

Re: DES - not "traditional DES-based" - (VNC hash) with JtR

Hi,

On Wed, Feb 8, 2012 at 12:48 AM, Rich Rumble <richrumble@...> wrote:

> I've sent an email to john-dev already containing pcap's of 7 different
> vnc sessions, using 3 different VNC protocols (see wikipedia)
> http://en.wikipedia.org/wiki/RFB_protocol#Protocol_versions

> You can get them here: http://xinn.org/jtr-pcap/jtr-vnc-pcap.tar.gz
>

Hey, thanks. But : what is the password you used ? And to be useable with
JtR, we have to extract by hand the interesting information.

I have seen your project. It is intersting because it can read pcaps, but
it uses JtR piped into stdin, which we discussed with Alexander, and is not
very good.

My FakeServer is very very simple : 30 lines of Python script. And it
prints the challenge/response.
Ok, the protocol I use is for 3.7, but it should work with 3.3 because it
uses the weakest authentification protocol.

I am not yet subscribed to the john-dev list. Please forward my answer.
I will join it asap.

Thanks,
Miaou

Rich Rumble | 8 Feb 12:31

Picon

Re: DES - not "traditional DES-based" - (VNC hash) with JtR

On Wed, Feb 8, 2012 at 3:15 AM, A BC <miaou.pbl@...> wrote:
> Hey, thanks. But : what is the password you used ? And to be useable with
> JtR, we have to extract by hand the interesting information.
The passwords are part of the file names, case sensitive, in these cases
"openwall", "Password" and "pass1234"

> I have seen your project. It is intersting because it can read pcaps, but
> it uses JtR piped into stdin, which we discussed with Alexander, and is not
> very good.
It also uses wordlists, again not working for me in either fashion I
just thought
I'd pass it on if you hadn't seen it.

> My FakeServer is very very simple : 30 lines of Python script. And it
> prints the challenge/response.
> Ok, the protocol I use is for 3.7, but it should work with 3.3 because it
> uses the weakest authentification protocol.
Cain&Abel is able to sniff, extract and crack protocol 3.3 only, 3.7 and
3.8 do seem to be different to that program for some reason.
(oxid.it)
-rich

A BC | 8 Feb 15:34

Picon

Re: DES - not "traditional DES-based" - (VNC hash) with JtR

Hi

On Wed, Feb 8, 2012 at 12:31 PM, Rich Rumble <richrumble@...> wrote:

> The passwords are part of the file names, case sensitive, in these cases
> "openwall", "Password" and "pass1234"
>

My bad. I opened the  archive but it didn't strike me...

> Cain&Abel is able to sniff, extract and crack protocol 3.3 only, 3.7 and
> 3.8 do seem to be different to that program for some reason.
> (oxid.it)
>

My project is to crack the easiest hashes. The main difference between auth
protocol 3.3 and 3.7+ is that 3.7+ supports lots of auth method, unlike
3.3, which supports either no auth, or DES challenge/response auth. You can
force the client to use this method, even if the server runs 3.7 or 3.8.

Here is a bunch of tests : http://pastebin.com/9gLBtp2Y
The format in the file is : on each new line is a single test.
hexdump of the challenge, ":", password, " ", hexdump of the response,
"\t", base64 dump of the challenge, ":", password, " ", base64 dump of the
response

Miaou

Return

Return to gmane.comp.security.openwall.john.user.

Project Web Page

John the Ripper password cracker users

Search Archive

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane