[prev in list] [next in list] [prev in thread] [next in thread] 

List:       john-users
Subject:    Re: [john-users] Break a virtual drive
From:       Dhiru Kholia <dhiru.kholia () gmail ! com>
Date:       2018-12-28 11:17:20
Message-ID: CANO7a6zk4OLxJSfyuNUZUdyGGaV_xVtf9qgkBtnjQVaxD679AQ () mail ! gmail ! com
[Download RAW message or body]

On Fri, Dec 28, 2018 at 3:06 AM magnum <john.magnum@hushmail.com> wrote:
> > A general question we may discuss is whether we should possibly bundle
> > password reset tools and such along wth JtR (and then their discussion
> > would become on-topic here), or keep JtR as a password cracker only.
>
> That is an interesting question: We have things like cisco2john.pl that
> tries to de-obfuscate obfuscated passwords for cracking actual hashes.
> That's a grey zone. Personally I'd be fine with including scripts (in
> Jumbo) to de-obfuscate anything. I agree it's off-scope but it's also a
> password seed issue, and as such it's totally viable.

I am in favor of including such scripts in general.

Some time back, I snuck in a tutorial to de-obfuscate Kerio Connect "hashes".

https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/doc/Auditing-Kerio-Connect.md

Also, commercial tools like Passware already include functionality on
similar lines. E.g. Passware can grab disk encryption keys from
memory. Ideally, I would similar scripts/tools to be included and
maintained in Volatility
(https://github.com/volatilityfoundation/volatility) but I haven't
looker deeper into this stuff yet.

Dhiru
[prev in list] [next in list] [prev in thread] [next in thread]