New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

iSCSI CHAP Linux target framework (tgt) #1773

Open
coelner opened this Issue Nov 8, 2018 · 2 comments

Comments

Projects
None yet
2 participants
@coelner

coelner commented Nov 8, 2018

I tried under Linux iSCSI but I can not break the hash. I used this project: http://stgt.sourceforge.net/, therefore you can find the source in this repo : https://github.com/fujita/tgt.

  1. the challenge is much longer than expected (https://github.com/fujita/tgt/blob/master/usr/iscsi/chap.c#L367)
  2. which format does the hash needs? CHAP_C : CHAP_R : CHAP_N ?
ID#5
InitiatorName=iqn.1993-08.org.debian:01:36337c672699
InitiatorAlias=iscsi0
TargetName=iqn.2017-09.local.snip.fqdn.iscsi1:1.1.disk
SessionType=Normal
AuthMethod=CHAP,None

ID#8
TargetPortalGroupTag=1
AuthMethod=CHAP

ID#11
CHAP_A=5

ID#13
CHAP_A=5
CHAP_I=2
CHAP_C=0xb73158a35a255d051758e95ed4abb2cdc69bb454110e827441213ddc8770e93ea141e1fc673e017e97eadc6b

ID#16
CHAP_N=user1
CHAP_R=0x7f3d71b4c0c6569d2fa26f4c14ac3cf0
C:\HashCracking\hashcat-4.2.1>hashcat64.exe -m 4800 --example-hashes
MODE: 4800
TYPE: iSCSI CHAP authentication, MD5(CHAP)
HASH: aa4aaa1d52319525023c06a4873f4c51:35343534373533343633383832343736:dc
PASS: hashcat
@philsmd

This comment has been minimized.

Member

philsmd commented Nov 14, 2018

what is the password for this example hash?

The format should be CHAP_R:CHAP_C:CHAP_I

7f3d71b4c0c6569d2fa26f4c14ac3cf0:b73158a35a255d051758e95ed4abb2cdc69bb454110e827441213ddc8770e93ea141e1fc673e017e97eadc6b:02

hashcat currently expects exactly 16 bytes for the challenge (note CHAP_C means chap challenge and CHAP_R means chap response, while CHAP_I is the chap_id - an incrementing counter -)

this means that the long challenge that you tried is not currently supported (length: 44 bytes, 88 hexadecimal characters)

@coelner

This comment has been minimized.

coelner commented Nov 15, 2018

The password should be U$er1, but I am not sure.There could be a problem with this software that leads to the password U in real life. That was the reason why I sniffed this at all.

I can generate a new handshake if needed.

Maybe we should specify that hashcat only support iSCSI from the LIO in the linux kernel. the tgt framework is then not supported. Otherwise this is a request for a new algorithm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment