Permalink
Browse files

krb5pa-sha1: Last change to input format (hopefully). krb5ng-opencl: …

…rename to

krb5pa-sha1-opencl, incorporate CPU format changes and support etype 17 as well.
  • Loading branch information...
1 parent 3b0af9f commit 32d92603e46804291891ef679a1ccdb5f84e9d30 @magnumripper committed Dec 9, 2012
Showing with 107 additions and 90 deletions.
  1. +5 −8 run/krbpa2john.py
  2. +1 −1 src/Makefile
  3. +2 −2 src/john.c
  4. +25 −26 src/krb5pa-sha1_fmt_plug.c
  5. +74 −53 src/{opencl_krb-ng_fmt.c → opencl_krb5pa-sha1_fmt.c}
View
@@ -20,11 +20,11 @@ def process_file(f):
state = None
encrypted_timestamp = None
- server = None
etype = None
+ user = ''
+ salt = ''
got_etype = False
-
for msg in messages:
if msg.attrib['showname'] == "Kerberos AS-REQ":
if not state:
@@ -53,20 +53,17 @@ def process_file(f):
if 'name' in field.attrib:
if field.attrib['name'] == 'kerberos.etype_info2.salt':
salt = field.attrib["value"]
- server = "AD"
if field.attrib['name'] == 'kerberos.realm':
realm = field.attrib['show']
- server = "plain"
if field.attrib['name'] == 'kerberos.cname':
user = field.attrib['showname'][25:]
if msg.attrib['showname'] == "Kerberos AS-REP" or state == "AS-REQ2":
# we might not have AS-REP packets
if state == "AS-REQ2":
- if server == "AD":
- print "%s:$krb5pa$%s$1$%s$%s" % (binascii.unhexlify(salt), etype, binascii.unhexlify(salt), encrypted_timestamp)
- else:
- print "%s:$krb5pa$%s$0$%s$%s$%s" % (user, etype, user, realm, encrypted_timestamp)
+ if user == "":
+ user = binascii.unhexlify(salt)
+ print "%s:$krb5pa$%s$%s$%s$%s$%s" % (user, etype, user, realm, binascii.unhexlify(salt), encrypted_timestamp)
# reset state
state = None
got_etype = False
View
@@ -154,7 +154,7 @@ OCL_OBJS = \
opencl_DES_fmt.o opencl_DES_bs.o opencl_DES_bs_b.o opencl_strip_fmt.o \
opencl_office2007_fmt.o opencl_office2010_fmt.o opencl_office2013_fmt.o \
opencl_ntlmv2_fmt.o opencl_rawsha256_fmt.o opencl_xsha512-ng_fmt.o \
- opencl_krb-ng_fmt.o
+ opencl_krb5pa-sha1_fmt.o
CUDA_OBJS = \
cuda_common.o \
View
@@ -156,7 +156,7 @@ extern struct fmt_main fmt_opencl_office2007;
extern struct fmt_main fmt_opencl_office2010;
extern struct fmt_main fmt_opencl_office2013;
extern struct fmt_main fmt_opencl_NTLMv2;
-extern struct fmt_main fmt_ocl_krb5ng;
+extern struct fmt_main fmt_ocl_krb5pa_sha1;
#endif
#ifdef HAVE_CUDA
extern struct fmt_main fmt_cuda_cryptmd5;
@@ -316,7 +316,7 @@ static void john_register_all(void)
john_register_one(&fmt_opencl_office2010);
john_register_one(&fmt_opencl_office2013);
john_register_one(&fmt_opencl_NTLMv2);
- john_register_one(&fmt_ocl_krb5ng);
+ john_register_one(&fmt_ocl_krb5pa_sha1);
#endif
#ifdef HAVE_CUDA
View
@@ -47,7 +47,7 @@ static int omp_t = 1;
#include "keychain.h"
#define FORMAT_LABEL "krb5pa-sha1"
-#define FORMAT_NAME "Kerberos 5 AS-REQ Pre-Auth aes256-cts-hmac-sha1-96"
+#define FORMAT_NAME "Kerberos 5 AS-REQ Pre-Auth etype 17/18 aes-cts-hmac-sha1-96"
#define ALGORITHM_NAME "32/" ARCH_BITS_STR
#define BENCHMARK_COMMENT ""
#define BENCHMARK_LENGTH 0
@@ -58,27 +58,26 @@ static int omp_t = 1;
#define MAX_KEYS_PER_CRYPT 1
static struct fmt_tests tests[] = {
- {"$krb5pa$18$0$user1$EXAMPLE.COM$2a0e68168d1eac344da458599c3a2b33ff326a061449fcbc242b212504e484d45903c6a16e2d593912f56c93883bf697b325193d62a8be9c", "openwall"},
- {"$krb5pa$18$0$user1$EXAMPLE.COM$a3918bd0381107feedec8db0022bdf3ac56e534ed54d13c62a7013a47713cfc31ef4e7e572f912fa4164f76b335e588bf29c2d17b11c5caa", "openwall"},
- {"$krb5pa$18$0$l33t$EXAMPLE.COM$98f732b309a1d7ef2355a974842a32894d911e97150f5d57f248e1c2632fbd3735c5f156532ccae0341e6a2d779ca83a06021fe57dafa464", "openwall"},
- {"$krb5pa$18$0$aduser$AD.EXAMPLE.COM$64dfeee04be2b2e0423814e0df4d0f960885aca4efffe6cb5694c4d34690406071c4968abd2c153ee42d258c5e09a41269bbcd7799f478d3", "password@123"},
- {"$krb5pa$18$0$aduser$AD.EXAMPLE.COM$f94f755a8b4493d925094a4eb1cec630ac40411a14c9733a853516fe426637d9daefdedc0567e2bb5a83d4f89a0ad1a4b178662b6106c0ff", "password@12345678"},
- {"$krb5pa$18$1$AD.EXAMPLE.COMaduser$f94f755a8b4493d925094a4eb1cec630ac40411a14c9733a853516fe426637d9daefdedc0567e2bb5a83d4f89a0ad1a4b178662b6106c0ff", "password@12345678"},
+ {"$krb5pa$18$user1$EXAMPLE.COM$$2a0e68168d1eac344da458599c3a2b33ff326a061449fcbc242b212504e484d45903c6a16e2d593912f56c93883bf697b325193d62a8be9c", "openwall"},
+ {"$krb5pa$18$user1$EXAMPLE.COM$$a3918bd0381107feedec8db0022bdf3ac56e534ed54d13c62a7013a47713cfc31ef4e7e572f912fa4164f76b335e588bf29c2d17b11c5caa", "openwall"},
+ {"$krb5pa$18$l33t$EXAMPLE.COM$$98f732b309a1d7ef2355a974842a32894d911e97150f5d57f248e1c2632fbd3735c5f156532ccae0341e6a2d779ca83a06021fe57dafa464", "openwall"},
+ {"$krb5pa$18$aduser$AD.EXAMPLE.COM$$64dfeee04be2b2e0423814e0df4d0f960885aca4efffe6cb5694c4d34690406071c4968abd2c153ee42d258c5e09a41269bbcd7799f478d3", "password@123"},
+ {"$krb5pa$18$aduser$AD.EXAMPLE.COM$$f94f755a8b4493d925094a4eb1cec630ac40411a14c9733a853516fe426637d9daefdedc0567e2bb5a83d4f89a0ad1a4b178662b6106c0ff", "password@12345678"},
+ {"$krb5pa$18$aduser$AD.EXAMPLE.COM$AD.EXAMPLE.COMaduser$f94f755a8b4493d925094a4eb1cec630ac40411a14c9733a853516fe426637d9daefdedc0567e2bb5a83d4f89a0ad1a4b178662b6106c0ff", "password@12345678"},
/* etype 17 hash obtained using MiTM etype downgrade attack */
- {"$krb5pa$17$0$user1$EXAMPLE.COM$c5461873dc13665771b98ba80be53939e906d90ae1ba79cf2e21f0395e50ee56379fbef4d0298cfccfd6cf8f907329120048fd05e8ae5df4", "openwall"},
+ {"$krb5pa$17$user1$EXAMPLE.COM$$c5461873dc13665771b98ba80be53939e906d90ae1ba79cf2e21f0395e50ee56379fbef4d0298cfccfd6cf8f907329120048fd05e8ae5df4", "openwall"},
{NULL},
};
static char (*saved_key)[PLAINTEXT_LENGTH + 1];
static ARCH_WORD_32 (*crypt_out)[BINARY_SIZE / sizeof(ARCH_WORD_32)];
static struct custom_salt {
- int type;
int etype;
unsigned char realm[64];
unsigned char user[64];
- unsigned char ct[44];
unsigned char salt[128]; /* realm + user */
+ unsigned char ct[44];
} *cur_salt;
static unsigned char constant[16];
@@ -210,6 +209,7 @@ static int valid(char *ciphertext, struct fmt_main *self)
char *keeptr = ctcopy;
char *p;
int var;
+
if (strncmp(ciphertext, "$krb5pa$", 8) != 0)
goto err;
@@ -218,20 +218,10 @@ static int valid(char *ciphertext, struct fmt_main *self)
var = atoi(p);
if (var != 17 && var != 18) /* check etype */
goto err;
- p = strtok(NULL, "$");
- var = atoi(p);
- p = strtok(NULL, "$");
-
- if (var == 0) /* salt type */
- p = strtok(NULL, "$");
- if ((p = strtok(NULL, "$")) == NULL)
- goto err;
-
return 1;
err:
MEM_FREE(keeptr);
return 0;
-
}
static void *get_salt(char *ciphertext)
@@ -241,22 +231,30 @@ static void *get_salt(char *ciphertext)
char *p;
int i;
static struct custom_salt cs;
+
ctcopy += 8;
p = strtok(ctcopy, "$");
cs.etype = atoi(p);
p = strtok(NULL, "$");
- cs.type = atoi(p);
- p = strtok(NULL, "$");
- if (cs.type == 0) {
+ if (p[-1] == '$')
+ cs.user[0] = 0;
+ else {
strcpy((char*)cs.user, p);
p = strtok(NULL, "$");
+ }
+ if (p[-1] == '$')
+ cs.realm[0] = 0;
+ else {
strcpy((char*)cs.realm, p);
+ p = strtok(NULL, "$");
+ }
+ if (p[-1] == '$') {
strcpy((char*)cs.salt, (char*)cs.realm);
strcat((char*)cs.salt, (char*)cs.user);
- }
- else
+ } else {
strcpy((char*)cs.salt, p);
- p = strtok(NULL, "$");
+ p = strtok(NULL, "$");
+ }
for (i = 0; i < 44; i++)
cs.ct[i] = atoi16[ARCH_INDEX(p[i * 2])] * 16
+ atoi16[ARCH_INDEX(p[i * 2 + 1])];
@@ -282,6 +280,7 @@ static void *get_binary(char *ciphertext)
unsigned char *out = buf.c;
char *p;
int i;
+
p = strrchr(ciphertext, '$') + 1 + 44 * 2; /* skip to checksum field */
for (i = 0; i < BINARY_SIZE; i++) {
out[i] =
Oops, something went wrong.

0 comments on commit 32d9260

Please sign in to comment.