pyth0n3 Posted January 26, 2010 Report Posted January 26, 2010 (edited) Probabil ati folosit John The Ripper , e un tool pentru crak de password. In Linux /Unix password-urile se gasesc in /etc/shadow (criptate cu diverse tipuri de algoritme),iar in cateva distro de default sunt criptate cu un algoritm SHA si (Salt folosit si in alte distro) ,pentru a citi mai mult despre acest algoritm va rog sa folositi google.Aici voi explica cum sa instalati john the ripper si sa aplicati o patch pt acest tool pentru a putea cracka passwor-ul in distro care folosesc SHA ,fara acest patch nu functioneaza sa crackezi passwordul in distro cu algoritm SHA .O distro care foloseste SHA de default e Ubuntu 9.04 , 9.10 ,dar sunt si multe altele.diff -urpN john-1.7.3.1/src/Makefile john-1.7.3.1-gencrypt/src/Makefile--- john-1.7.3.1/src/Makefile 2008-07-18 01:28:55 +0000+++ john-1.7.3.1-gencrypt/src/Makefile 2009-09-02 11:50:28 +0000@@ -17,7 +17,7 @@ NULL = /dev/null CPPFLAGS = -E CFLAGS = -c -Wall -O2 -fomit-frame-pointer ASFLAGS = -c-LDFLAGS = -s+LDFLAGS = -s -lcrypt OPT_NORMAL = -funroll-loops OPT_INLINE = -finline-functions@@ -28,6 +28,7 @@ JOHN_OBJS_MINIMAL = \ BF_fmt.o BF_std.o \ AFS_fmt.o \ LM_fmt.o \+ crypt_fmt.o \ batch.o bench.o charset.o common.o compiler.o config.o cracker.o \ crc32.o external.o formats.o getopt.o idle.o inc.o john.o list.o \ loader.o logger.o math.o memory.o misc.o options.o params.o path.o \diff -urpN john-1.7.3.1/src/crypt_fmt.c john-1.7.3.1-gencrypt/src/crypt_fmt.c--- john-1.7.3.1/src/crypt_fmt.c 1970-01-01 00:00:00 +0000+++ john-1.7.3.1-gencrypt/src/crypt_fmt.c 2009-09-02 13:01:34 +0000@@ -0,0 +1,216 @@+/* public domain proof-of-concept code by Solar Designer */++#define _XOPEN_SOURCE /* for crypt(3) */+#include <string.h>+#include <unistd.h>++#include "arch.h"+#include "params.h"+#include "formats.h"++#define FORMAT_LABEL "crypt"+#define FORMAT_NAME "generic crypt(3)"+#define ALGORITHM_NAME "?/" ARCH_BITS_STR++#define BENCHMARK_COMMENT ""+#define BENCHMARK_LENGTH 0++#define PLAINTEXT_LENGTH 72++#define BINARY_SIZE 128+#define SALT_SIZE BINARY_SIZE++#define MIN_KEYS_PER_CRYPT 1+#define MAX_KEYS_PER_CRYPT 1++static struct fmt_tests tests[] = {+ {"CCNf8Sbh3HDfQ", "U*U*U*U*"},+ {"CCX.K.MFy4Ois", "U*U***U"},+ {"CC4rMpbg9AMZ.", "U*U***U*"},+ {"XXxzOu6maQKqQ", "*U*U*U*U"},+ {"SDbsugeBiC58A", ""},+ {NULL}+};++static char saved_key[PLAINTEXT_LENGTH + 1];+static char saved_salt[SALT_SIZE];+static char *crypt_out;++static int valid(char *ciphertext)+{+#if 1+ int l = strlen(ciphertext);+ return l >= 13 && l < BINARY_SIZE;+#else+/* Poor load time, but more effective at rejecting bad/unsupported hashes */+ char *r = crypt("", ciphertext);+ int l = strlen(r);+ return+ !strncmp(r, ciphertext, 2) &&+ l == strlen(ciphertext) &&+ l >= 13 && l < BINARY_SIZE;+#endif+}++static void *binary(char *ciphertext)+{+ static char out[BINARY_SIZE];+ strncpy(out, ciphertext, sizeof(out)); /* NUL padding is required */+ return out;+}++static void *salt(char *ciphertext)+{+ static char out[SALT_SIZE];+ int cut = sizeof(out);++#if 1+/* This piece is optional, but matching salts are not detected without it */+ switch (strlen(ciphertext)) {+ case 13:+ case 24:+ cut = 2;+ break;++ case 20:+ if (ciphertext[0] == '_') cut = 9;+ break;++ case 34:+ if (!strncmp(ciphertext, "$1$", 3)) {+ char *p = strchr(ciphertext + 3, '$');+ if (p) cut = p - ciphertext;+ }+ break;++ case 59:+ if (!strncmp(ciphertext, "$2$", 3)) cut = 28;+ break;++ case 60:+ if (!strncmp(ciphertext, "$2a$", 4)) cut = 29;+ break;+ }+#endif++ /* NUL padding is required */+ memset(out, 0, sizeof(out));+ memcpy(out, ciphertext, cut);++ return out;+}++static int binary_hash_0(void *binary)+{+ return ((unsigned char *)binary)[12] & 0xF;+}++static int binary_hash_1(void *binary)+{+ return ((unsigned char *)binary)[12] & 0xFF;+}++static int binary_hash_2(void *binary)+{+ return+ (((unsigned char *)binary)[12] & 0xFF) |+ ((int)(((unsigned char *)binary)[11] & 0xF) << 8);+}++static int get_hash_0(int index)+{+ return (unsigned char)crypt_out[12] & 0xF;+}++static int get_hash_1(int index)+{+ return (unsigned char)crypt_out[12] & 0xFF;+}++static int get_hash_2(int index)+{+ return+ ((unsigned char)crypt_out[12] & 0xFF) |+ ((int)((unsigned char)crypt_out[11] & 0xF) << 8);+}++static int salt_hash(void *salt)+{+ int pos = strlen((char *)salt) - 2;++ return+ (((unsigned char *)salt)[pos] & 0xFF) |+ ((int)(((unsigned char *)salt)[pos + 1] & 3) << 8);+}++static void set_salt(void *salt)+{+ strcpy(saved_salt, salt);+}++static void set_key(char *key, int index)+{+ strcpy(saved_key, key);+}++static char *get_key(int index)+{+ return saved_key;+}++static void crypt_all(int count)+{+ crypt_out = crypt(saved_key, saved_salt);+}++static int cmp_all(void *binary, int count)+{+ return !strcmp((char *)binary, crypt_out);+}++static int cmp_exact(char *source, int index)+{+ return 1;+}++struct fmt_main fmt_crypt = {+ {+ FORMAT_LABEL,+ FORMAT_NAME,+ ALGORITHM_NAME,+ BENCHMARK_COMMENT,+ BENCHMARK_LENGTH,+ PLAINTEXT_LENGTH,+ BINARY_SIZE,+ SALT_SIZE,+ MIN_KEYS_PER_CRYPT,+ MAX_KEYS_PER_CRYPT,+ FMT_CASE | FMT_8_BIT,+ tests+ }, {+ fmt_default_init,+ valid,+ fmt_default_split,+ binary,+ salt,+ {+ binary_hash_0,+ binary_hash_1,+ binary_hash_2+ },+ salt_hash,+ set_salt,+ set_key,+ get_key,+ fmt_default_clear_keys,+ crypt_all,+ {+ get_hash_0,+ get_hash_1,+ get_hash_2+ },+ cmp_all,+ cmp_all,+ cmp_exact+ }+};diff -urpN john-1.7.3.1/src/john.c john-1.7.3.1-gencrypt/src/john.c--- john-1.7.3.1/src/john.c 2006-05-08 14:49:28 +0000+++ john-1.7.3.1-gencrypt/src/john.c 2009-09-02 11:50:11 +0000@@ -38,6 +38,7 @@ extern int CPU_detect(void); extern struct fmt_main fmt_DES, fmt_BSDI, fmt_MD5, fmt_BF; extern struct fmt_main fmt_AFS, fmt_LM;+extern struct fmt_main fmt_crypt; extern int unshadow(int argc, char **argv); extern int unafs(int argc, char **argv);@@ -64,6 +65,7 @@ static void john_register_all(void) john_register_one(&fmt_BF); john_register_one(&fmt_AFS); john_register_one(&fmt_LM);+ john_register_one(&fmt_crypt); if (!fmt_list) { fprintf(stderr, "Unknown ciphertext format name requested\n");Copiati codul intrun file cu numele john.patchDescarcati John The Ripper de aici http://www.openwall.com/john/g/john-1.7.3.4.tar.gzIntrati cu cd in directory unde ati descarcat john Decomprimati archiva john-1.7.3.4.tar.gz tar -zxvf john-1.7.3.4.tar.gzCopiati file john.patch in directory ce ati decomprimat john-1.7.3.4Cu cd intrati in directory john-1.7.3.4Scrieti:sudo patch -Np1 -i john.patchAcesta e un exemplu de output:pyth0n3@pyth0n3:~/john-1.7.3.4$ sudo patch -Np1 -i john.patch patching file src/Makefilepatching file src/crypt_fmt.cpatching file src/john.cHunk #2 succeeded at 67 (offset 2 lines).Dupa care va duceti in src/cd src/si dati comandul sudo makeAcesta e un exemplu de output:pyth0n3@pyth0n3:~/john-1.7.3.4/src$ sudo makeTo build John the Ripper, type: make clean SYSTEMwhere SYSTEM can be one of the following:linux-x86-64 Linux, x86-64 with SSE2 (best)linux-x86-sse2 Linux, x86 with SSE2 (best if 32-bit)linux-x86-mmx Linux, x86 with MMXlinux-x86-any Linux, x86linux-alpha Linux, Alphalinux-sparc Linux, SPARC 32-bitlinux-ppc32-altivec Linux, PowerPC w/AltiVec (best)linux-ppc32 Linux, PowerPC 32-bitlinux-ppc64 Linux, PowerPC 64-bitlinux-ia64 Linux, IA-64freebsd-x86-64 FreeBSD, x86-64 with SSE2 (best)freebsd-x86-sse2 FreeBSD, x86 with SSE2 (best if 32-bit)freebsd-x86-mmx FreeBSD, x86 with MMXfreebsd-x86-any FreeBSD, x86freebsd-alpha FreeBSD, Alphaopenbsd-x86-64 OpenBSD, x86-64 with SSE2 (best)openbsd-x86-sse2 OpenBSD, x86 with SSE2 (best if 32-bit)openbsd-x86-mmx OpenBSD, x86 with MMXopenbsd-x86-any OpenBSD, x86openbsd-alpha OpenBSD, Alphaopenbsd-sparc64 OpenBSD, SPARC 64-bit (best)openbsd-sparc OpenBSD, SPARC 32-bitopenbsd-ppc32 OpenBSD, PowerPC 32-bitopenbsd-ppc64 OpenBSD, PowerPC 64-bitopenbsd-pa-risc OpenBSD, PA-RISCopenbsd-vax OpenBSD, VAXnetbsd-sparc64 NetBSD, SPARC 64-bitnetbsd-vax NetBSD, VAXsolaris-sparc64-cc Solaris, SPARC V9 64-bit, cc (best)solaris-sparc64-gcc Solaris, SPARC V9 64-bit, gccsolaris-sparcv9-cc Solaris, SPARC V9 32-bit, ccsolaris-sparcv8-cc Solaris, SPARC V8 32-bit, ccsolaris-sparc-gcc Solaris, SPARC 32-bit, gccsolaris-x86-64-cc Solaris, x86-64 with SSE2, cc (best)solaris-x86-64-gcc Solaris, x86-64 with SSE2, gccsolaris-x86-sse2-cc Solaris 9 4/04+, x86 with SSE2, ccsolaris-x86-sse2-gcc Solaris 9 4/04+, x86 with SSE2, gccsolaris-x86-mmx-cc Solaris, x86 with MMX, ccsolaris-x86-mmx-gcc Solaris, x86 with MMX, gccsolaris-x86-any-cc Solaris, x86, ccsolaris-x86-any-gcc Solaris, x86, gccsco-x86-any-gcc SCO, x86, gccsco-x86-any-cc SCO, x86, cctru64-alpha Tru64 (Digital UNIX, OSF/1), Alphaaix-ppc32 AIX, PowerPC 32-bitmacosx-x86-64 Mac OS X 10.5+, Xcode 3.0+, x86-64 with SSE2 (best)macosx-x86-sse2 Mac OS X, x86 with SSE2macosx-ppc32-altivec Mac OS X, PowerPC w/AltiVec (best)macosx-ppc32 Mac OS X, PowerPC 32-bitmacosx-ppc64 Mac OS X 10.4+, PowerPC 64-bitmacosx-universal Mac OS X, Universal Binary (x86 + x86-64 + PPC)hpux-pa-risc-gcc HP-UX, PA-RISC, gcchpux-pa-risc-cc HP-UX, PA-RISC, ANSI ccirix-mips64-r10k IRIX, MIPS 64-bit (R10K) (best)irix-mips64 IRIX, MIPS 64-bitirix-mips32 IRIX, MIPS 32-bitdos-djgpp-x86-mmx DOS, DJGPP, x86 with MMXdos-djgpp-x86-any DOS, DJGPP, x86win32-cygwin-x86-sse2 Win32, Cygwin, x86 with SSE2 (best)win32-cygwin-x86-mmx Win32, Cygwin, x86 with MMXwin32-cygwin-x86-any Win32, Cygwin, x86beos-x86-sse2 BeOS, x86 with SSE2 (best)beos-x86-mmx BeOS, x86 with MMXbeos-x86-any BeOS, x86generic Any other Unix-like system with gccAici va trebui sa alegeti sistemul operativ pe care il aveti , daca folositi linux i86 32 bit ceea ce multi il folosesc alegeti linux-x86-sse2Dati comandul sudo make linux-x86-sse2Pentru a vedea daca functioneaza mergeti in directory run care se afla in john-1.7.3.4si dati comandul sudo ./john /etc/shadowL'output exemplu:pyth0n3@pyth0n3:~/john-1.7.3.4/run$ sudo ./john /etc/shadowLoaded 1 password hash (generic crypt(3) [?/32])in cazul in care aveti mai multe password vor aparea mai multe .Daca utilizati john the ripper fara acest patch nu veti putea cracka password criptate cu algoritmul SHA SHA1 SHA512Cateva distro Linux folosesc acest algoritm combinat cu (Salt ) Salt (cryptography) - Wikipedia, the free encyclopediaPrintre care Ubuntu 9.04 9.10Pentru documentation john the ripper John the Ripper documentation Edited January 26, 2010 by pyth0n3 Quote
curiosul Posted January 26, 2010 Report Posted January 26, 2010 Foarte frumos...ma gandesc la un patch beta pt jtr adica sa decripteze si mai multi algoritmi...acu sa nu-mi sari in cap daca mi-a cam zburat imaginatia... Quote