This document summarizes recent advances in open-source password cracking tools. It discusses John the Ripper, a password cracking tool that now supports cracking passwords and hashes for many formats through community patches. It also discusses Ettercap, a tool for man-in-the-middle attacks that can intercept passwords on networks. Specific techniques are described for cracking passwords for protocols like Kerberos and attacking Microsoft Active Directory infrastructure through password cracking and decrypting encrypted files like PDFs. Future work is planned to expand password cracking abilities and create fake servers to enable additional attacks.

1. ADVANCES IN OPEN-SOURCE
PASSWORD CRACKING
dhiru@openwall.com

2. Agenda
 John the Ripper
 Ettercap
 Attacks on M$ AD / Kerberos infrastructure
 Misc. Stuff
 Current and future work

3. John the Ripper
 John the Ripper is a free open-source password
cracking software tool (http://www.openwall.com/)
 Traditionally supports cracking hashes (LM, FreeBSD,
DES crypt etc.)
 $ cat lm-hash
user:fda95fbeca288d44aad3b435b51404ee
 $ john -format:lm lm-hash
Loaded 1 password hash (LM ...)
HELLO (user)

4. Jumbo patch
 community-enhanced version of JtR, available in almost all
Linux distributions
 Add tons of formats for cracking hashes as well as “non-
hashes”
 Hashes: e.g. MD5, LM
 “non-hashes” : e.g. PDF or other types of files
 Can use GPU to accelerate cracking (Speedups > 150X
possible)

5. Jumbo patch supports cracking
 1Password, Clipperz, Apple DMG images, EncFS, EPiServer, GPG
private keys, IKE PSK, Apple Keychain, GNOME Keyring, KDE
KWallet, KeePass, LastPass, Mozilla Master Passwords, MongoDB,
MS-CHAP, MySQL authentication protocol, M$ Office,
OpenOffice, PDF, O5LOGON, Password Safe, ZIP, RAR, Apple
10.8 hashes, GRUB 2, PFX, SSH keys, PuTTY keys, PostgresSQL,
M$ PST, RACF, etc
 Above list *only* includes formats I have worked on
 Lot of these formats are faster than commercial products.
 Many formats are not even supported by commercial products

6. Example: cracking password protected
SSH keys
 Two-step process
 Use one of the many *2john utilities
 $ sshng2john.py key-catch22 > ssh-hash
 $ john ssh-hash
Loaded 1 password hash (ssh-ng ...)
catch22 (key-catch22)

7. Example: using GPU
 Build GPU-enabled JtR (e.g. make linux-x86-64-opencl)
 $ john -fo:keychain -t
Benchmarking: Mac OS X Keychain ...
Raw: 1331 c/s real, 1331 c/s virtual
 $ john -fo:keychain-opencl -t # ATI 7970 GPU
OpenCL platform 1: AMD Accelerated Parallel Processing ...
Benchmarking: Mac OS X Keychain ...
Raw: 208537 c/s real, 92758 c/s virtual
 Greater than 150X speedup

8. JtR community
 http://www.openwall.com/lists/john-users/
 Join “john-users” mailing list for general discussion and help
 Join “john-dev” if you are interested in JtR development
 #openwall channel on Freenode IRC network
 Writing a plug-in (called format) is easy enough (start
contributing!)
 https://github.com/magnumripper/JohnTheRipper

9. Ettercap
 Ettercap is free, open source network security tool
for doing MiTM attacks.
 Allows interception and modifications of packets
on the fly.
 Can be extended by writing plug-ins

10. Example: Facebook password sniffing
 Facebook loads login form over HTTP which
POSTs credentials to a HTTPS link.
 Modified HTTP dissector (ec_http.c) to replace
“https” with “ http”.
 Login form is now posted over HTTP
 Ettercap filter functionality can be used to do the
same.

11. Example: Facebook password sniffing
 Only 12 lines of code added to ec_http.c
 6 lines to avoid gzip encoding and 6 lines to avoid
SSL

12. Example: works for Flipkart and
Rediffmail too
 Ettercap automatically prints credentials sent over
HTTP
 Don’t expose / load resources over HTTP

13. Ettercap: My contributions
 MySQL v5 challenge-response
 PostgreSQL challenge-response
 VNC challenge-response
 O5LOGON protocol (used by Oracle DB)
 MongoDB challenge-response
 Kerberos MiTM etype downgrade attack
 MongoDB MiTM fixed salt attack

14. Ettercap community
 https://github.com/Ettercap/
 #ettercap-project channel on Freenode IRC
network
 Writing a plug-in (called dissector) is easy once the
protocol is understood (use Wireshark)

15. Attacks on Kerberos and M$ AD
infrastructure
 Popular network authentication protocol used to implement
SSO
 Uses shared secret/symmetric keys (which don’t travel over
the network)
 Uses timestamp pre-authentication in which timestamp is
encrypted with a key (derived from the user password)
 We capture encrypted timestamp and mount offline brute-
force attack

16. Kerberos: Key Derivation
 The “string-to-key” function used to convert a user
password to a secret key in Kerberos is dependent
upon the encryption type (called etype) being used.
 etype functions differ in cost
 etype negotiation process can be attacked to
downgrade etype (and make offline attacks faster)

17. Kerberos: etype downgrade attacks
 Downgrade etype 18 (aes256-cts-hmac-sha1-96, very
expensive) to etype 23 (rc4-hmac, very fast)
 etype 18 brute-force attack, 380 tries per second on
CPU, 125K on ATI 7970 GPU
 etype 23 brute-force attack, 728K tries per second on
CPU
 Speedup > 1900X

18. Kerberos: etype downgrade attacks
 These attacks have been talked about previously
but tools were not published (maybe not even
made).
 My Ettercap plug-in is the first public tool to make
these attacks practical.
 Only 16 lines of code.

19. Misc : Guaranteed cracking of PDF
files using RC4 40-bit encryption
 RC4 40-bit is still popular among banks and
income tax department.
 https://github.com/kholia/RC4-40-brute-pdf
 https://github.com/kholia/qpdf
 Should take less than 2 days on AMD FX-8120 (8-
core Bulldozer)

20. Misc : Guaranteed cracking of PDF
files using RC4 40-bit encryption
 Three-step process
 $ npdf2john test.pdf
test.pdf:$npdf$1*2*40*4*1*16*c56b…
 $ RC4-40-brute ‘test.pdf:$npdf$1*2*40*4…’
Key is : 9296c944ee
 $ qpdf --key=9296c944e --decrypt test.pdf output.pdf

21. Current and future work
 Dropbox account “hijacker”
 Metasploit post script for doing the same
 Offline attacks on LastPass password manager
 Fake VMware vCenter (and ESX) server for Metasploit
project
 Fake LDAP server for Metasploit project

22. Questions