Posts

Running JtR's Tokenizer Attack

Image
Disclaimer 1: This blog post is on a new and still under development toolset in John the Ripper. Results depict the state of the toolset as-is and may not reflect changes made as the toolset evolves. Disclaimer 2: I really need to run some actual tests and password cracking sessions using this attack, but I'm splitting that analysis up into a separate blog post. Basically I have enough forgotten drafts sitting in my blogger account that I didn't want to add another one by trying to "finish" this post before hitting publish. So stay tuned for new posts if you want to see how effective this attack really is. Introduction: It's been about 15 years since I last wrote about John the Ripper's Markov based Incremental mode attacks [ Link ] [ Link 2 ]. 15 years is a long time! A lot of work has been done applying Markov based attacks to password cracking sessions, ranging from the OMEN approach to Neural Network based password crackers. That's why I was so excite

Extracting Secrets from Packet Captures (A CMIYC2024 Story)

Image
  " Interest is the most important thing in life; happiness is temporary, but interest is continuous. " - Georgia O'Keeffe Introduction: The focus of this blog entry will be on tools and scripts to analyze packet captures. This  is the result of falling down a rabbit hole when writing the previous tutorial on the CMIYC 2024 WIFI cracking challenge: [ Link ]. In that writeup I realized I hadn't been keeping up on the state of automated tooling to help extract secrets and interesting data from packet captures. So I asked for tips and suggestions on what I could use. And you all responded! This is another reason why these blog posts are really beneficial to me. I learn so much writing them, so thank you! As a disclaimer, while I will be using the CMIYC2024 dataset to explore using some of these tools, these tools are not really suited for password cracking competitions. For short competitions, you are better off performing manual analysis of the data. As a spoiler, none

CMIYC2024: Wifi Cracking Challenge

Image
" It is never too late to be who you might have been. " - George Elliot Introduction: This is a continuation of my write-up about this year's Crack Me If You Can challenges. You can view my previous two write-ups using the following links. Each one covered a specific challenge of the CMIYC contest: [ Striphash ] and [ Radmin3 hashes ].  I'll admit, in my previous posts I was focusing on the plumbing of the challenges. Aka how to extract the hashes and get them in a format that you can run password cracking attacks against. But I danced around how to run successful cracking sessions against those hashes. There's a lot of reasons for that, but the biggest one is that I wasn't very successful during the contest itself. I needed time to step back, and start investigating all the challenges and hints that Korelogic gave out during the contest but I didn't have time to really dig into. Then with sleep and no pressing deadlines I could start to solve, understand,

CMIYC 2024: RAdmin3 Challenge

Image
"Nothing is more permanent than a temporary solution. " - Russian Proverb Introduction: This is a continuation of my write-up about this year's Crack Me If You Can challenge. You can view the previous entry focusing on the StripHash challenge [ here ]. Like the last write-up, this one is going to focus on one specific hash format (RAdmin3), details about that hash format, and how to load those hashes into a cracking session. I'm going to defer most of the actual cracking of these passwords to a later writeup though since running a successful cracking session relies on solving other challenges found throughout the contest. Important Links, Tools, and References for this Post: Synactiv's blog post: Cracking Radmin Server 3 Passwords Link:   https://www.synacktiv.com/en/publications/cracking-radmin-server-3-passwords Reason:  This is really an amazing blog post going into dumping Radmin password hashes, reverse engineering their hashing algorithm, and then cracking t