03-28-2014, 06:57 AM
7500 Kerberos 5 AS-REQ Pre-Auth
In the example the hash is listed as:
$krb5pa$23$user$realm$salt$4e751db65422b2117f7eac7b721932dc8aa0d9966785ecd958f971f622bf5c42dc0c70b532363138363631363132333238383835
I'm trying to figure out how to get this to work? Can anyone describe the underlying hash algorithm hashcat implements? It appears to be completely different from JtR's mskrb5... which is the Microsoft kerberos pre-auth with RC4-HMAC-SHA1. (I still haven't found a tool that does the Windows Vista/7+ AES256-HMAC-SHA1 hashes reliably yet).
This is their example hash: $mskrb5$$$98cd00b6f222d1d34e08fe0823196e0b$5937503ec29e3ce4e94a051632d0fff7b6781f93e3decf7dca707340239300d602932154
should crack out as a zero length string iirc.
Here are other examples that work fine from JtR:
{"$mskrb5$john$JOHN.DOE.MS.COM$02E837D06B2AC76891F388D9CC36C67A$2A9785BF5036C45D3843490BF9C228E8C18653E10CE58D7F8EF119D2EF4F92B1803B1451", "fr2beesgr"},{"$mskrb5$$$98cd00b6f222d1d34e08fe0823196e0b$5937503ec29e3ce4e94a051632d0fff7b6781f93e3decf7dca707340239300d602932154", ""},
{"$mskrb5$$$F4085BA458B733D8092E6B348E3E3990$034ACFC70AFBA542690B8BC912FCD7FED6A848493A3FF0D7AF641A263B71DCC72902995D", "frank"},
{"$mskrb5$$$eb03b6fbcfe91f8346f3c0ae7e8abfe5$afcbe07c32c3450b37d0f2516354570fe7d3e78f829e77cdc1718adf612156507181f7da", "John"},
{"$mskrb5$$$881c257ce5df7b11715a6a60436e075a$c80f4a5ec18e7c5f765fb9f00eda744a57483db500271369cf4752a67ca0e67f37c68402", "the"},
{"$mskrb5$$$ef012e13c8b32448241091f4e1fdc805$354931c919580d4939421075bcd50f2527d092d2abdbc0e739ea72929be087de644cef8a", "Ripper"},
{"$mskrb5$$$334ef74dad191b71c43efaa16aa79d88$34ebbad639b2b5a230b7ec1d821594ed6739303ae6798994e72bd13d5e0e32fdafb65413", "VeryveryveryloooooooongPassword"},
I've tested with real production hashes with success from Cain/Wireshark captures of XP machines authenticating with success in JtR, but I can't share them, see screenshot. They do come out to the exact same lengths though.
How would I get their example hash to load in hashcat? The user/realm don't play any part in the hash, the salt/checksum should be the first 16 bytes of the blob, the remainder decrypts to a timestramp iirc.
If I pull it out like you have to do for JtR (notice the $ in the middle of the blob) I get a length error.
i.e. $krb5pa$23$$$4e751db65422b2117f7eac7b72193$2dc8aa0d9966785ecd958f971f622bf5c42dc0c70b532363138363631363132333238383835
If I leave it blank and leave the blob portion full length I get a line length exception.
i.e. $krb5pa$23$$$$4e751db65422b2117f7eac7b721932dc8aa0d9966785ecd958f971f622bf5c42dc0c70b532363138363631363132333238383835
If I copy the salt portion in to the salt item it works, but doesn't find the password.
i.e. $krb5pa$23$$$4e751db65422b2117f7eac7b72193$4e751db65422b2117f7eac7b721932dc8aa0d9966785ecd958f971f622bf5c42dc0c70b532363138363631363132333238383835
I'm stumped, works fine in JtR, what am I doing wrong?
Here's Cain with JUST the blob portion (no user/realm needed) correctly identifying the correct passwords (note the lock/keys icon):
I found this: https://hashcat.net/trac/ticket/137 which shows the correct algorithm:
K = NTLM Hash of password
K1 = HMAC-MD5(K, 1)
K3 = HMAC-MD5(K1, Checksum)
RC4 Decrypt rest of blob with K3 as our key. Should be an ascii timestamp.
Thank you
ETA: I'm using oclHashcat64 v1.01 on an AMD card.
In the example the hash is listed as:
$krb5pa$23$user$realm$salt$4e751db65422b2117f7eac7b721932dc8aa0d9966785ecd958f971f622bf5c42dc0c70b532363138363631363132333238383835
I'm trying to figure out how to get this to work? Can anyone describe the underlying hash algorithm hashcat implements? It appears to be completely different from JtR's mskrb5... which is the Microsoft kerberos pre-auth with RC4-HMAC-SHA1. (I still haven't found a tool that does the Windows Vista/7+ AES256-HMAC-SHA1 hashes reliably yet).
This is their example hash: $mskrb5$$$98cd00b6f222d1d34e08fe0823196e0b$5937503ec29e3ce4e94a051632d0fff7b6781f93e3decf7dca707340239300d602932154
should crack out as a zero length string iirc.
Here are other examples that work fine from JtR:
{"$mskrb5$john$JOHN.DOE.MS.COM$02E837D06B2AC76891F388D9CC36C67A$2A9785BF5036C45D3843490BF9C228E8C18653E10CE58D7F8EF119D2EF4F92B1803B1451", "fr2beesgr"},{"$mskrb5$$$98cd00b6f222d1d34e08fe0823196e0b$5937503ec29e3ce4e94a051632d0fff7b6781f93e3decf7dca707340239300d602932154", ""},
{"$mskrb5$$$F4085BA458B733D8092E6B348E3E3990$034ACFC70AFBA542690B8BC912FCD7FED6A848493A3FF0D7AF641A263B71DCC72902995D", "frank"},
{"$mskrb5$$$eb03b6fbcfe91f8346f3c0ae7e8abfe5$afcbe07c32c3450b37d0f2516354570fe7d3e78f829e77cdc1718adf612156507181f7da", "John"},
{"$mskrb5$$$881c257ce5df7b11715a6a60436e075a$c80f4a5ec18e7c5f765fb9f00eda744a57483db500271369cf4752a67ca0e67f37c68402", "the"},
{"$mskrb5$$$ef012e13c8b32448241091f4e1fdc805$354931c919580d4939421075bcd50f2527d092d2abdbc0e739ea72929be087de644cef8a", "Ripper"},
{"$mskrb5$$$334ef74dad191b71c43efaa16aa79d88$34ebbad639b2b5a230b7ec1d821594ed6739303ae6798994e72bd13d5e0e32fdafb65413", "VeryveryveryloooooooongPassword"},
I've tested with real production hashes with success from Cain/Wireshark captures of XP machines authenticating with success in JtR, but I can't share them, see screenshot. They do come out to the exact same lengths though.
How would I get their example hash to load in hashcat? The user/realm don't play any part in the hash, the salt/checksum should be the first 16 bytes of the blob, the remainder decrypts to a timestramp iirc.
If I pull it out like you have to do for JtR (notice the $ in the middle of the blob) I get a length error.
i.e. $krb5pa$23$$$4e751db65422b2117f7eac7b72193$2dc8aa0d9966785ecd958f971f622bf5c42dc0c70b532363138363631363132333238383835
If I leave it blank and leave the blob portion full length I get a line length exception.
i.e. $krb5pa$23$$$$4e751db65422b2117f7eac7b721932dc8aa0d9966785ecd958f971f622bf5c42dc0c70b532363138363631363132333238383835
If I copy the salt portion in to the salt item it works, but doesn't find the password.
i.e. $krb5pa$23$$$4e751db65422b2117f7eac7b72193$4e751db65422b2117f7eac7b721932dc8aa0d9966785ecd958f971f622bf5c42dc0c70b532363138363631363132333238383835
I'm stumped, works fine in JtR, what am I doing wrong?
Here's Cain with JUST the blob portion (no user/realm needed) correctly identifying the correct passwords (note the lock/keys icon):
I found this: https://hashcat.net/trac/ticket/137 which shows the correct algorithm:
K = NTLM Hash of password
K1 = HMAC-MD5(K, 1)
K3 = HMAC-MD5(K1, Checksum)
RC4 Decrypt rest of blob with K3 as our key. Should be an ascii timestamp.
Thank you
ETA: I'm using oclHashcat64 v1.01 on an AMD card.