Howto Setup Multi threaded John the Ripper
This article has an updated version -> Here
Today at work a client he needed to access a cisco router but no-one new the password but we had the config files saved which included the MD5 hashes of the enable and enable secret passwords. So I set about cracking the hashes, which was done successfully btw, following on from that I then remembered a John the Ripper MPI patch which I had seen some time ago I ended getting it going at home and the results are good!
Directions for installation are as follows (on Fedora 11)
yum install mpich2 mpich2-devel wget http://www.bindshell.net/tools/johntheripper/john-1.7.2-bp17-mpi8.tar.gz tar -zxvf john-1.7.2-bp17-mpi8.tar.gz cd john-1.7.2-bp17/src make linux-x86-64 (for 64bit version duh!) cd ../run touch ~/.mpd.conf && echo "MPD_SECRETWORD=secret" > ~/.mpd.conf && chmod 600 ~/.mpd.conf mpd & mpiexec.py -n 4 -path ./ -wdir ./ ./john --test
Initial Benchmarking looks good. Below is 1 core vs 4 cores
Traditional DES [128/128 BS SSE2-16] 1591K c/s real, 1594K c/s virtual / 6131K c/s real, 6380K c/s virtual BSDI DES (x725) [128/128 BS SSE2-16] Many salts: 53222 c/s real, 53329 c/s virtual / Many salts: 207665 c/s real, 215407 c/s virtual FreeBSD MD5 [32/64 X2] Raw: 9718 c/s real, 9816 c/s virtual / Raw: 37720 c/s real, 39581 c/s virtual mysql [mysql] Raw: 2571K c/s real, 2571K c/s virtual / Raw: 9397K c/s real, 10254K c/s virtual
About a 100% increase per core! Life is good!
RSDF Files – How to Decrypt / Crack
Recently I came across a new file format called RSDF, these appear to be txt files which have a bunch of links in them, so called link containers. I wanted to access the URLS in these files, but I didnt really want to entrust my computer to just “any” application. So after a bit of searching I came across this crafty german website from there I got the python script to decrypt the RSDF files, this Python script requires:
Python (doh!!)
Python-crypto
Probably something else also…..
from their its as simple as: drsdf.py rsdfcontainer.rsdf
and it outputs to your screen! So without further ado here it is:
#!/usr/bin/env python
# drsdf.py
import binascii
import base64
from Crypto.Cipher import AES
import sys
# 8C 35 19 2D 96 4D C3 18 2C 6F 84 F3 25 22 39 EB 4A 32 0D 25
file = sys.argv[1]
file = file.replace(".ccf", ".rsdf")
f = open(file, "r")
data = f.read()
f.close()
f = open(file, "w")
f.write(data.split("x00")[0])
f.close()
infile = sys.argv[1]
Key = binascii.unhexlify('8C35192D964DC3182C6F84F3252239EB4A320D2500000000')
IV = binascii.unhexlify('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF')
IV_Cipher = AES.new(Key,AES.MODE_ECB)
IV = IV_Cipher.encrypt(IV)
obj = AES.new(Key,AES.MODE_CFB,IV)
rsdf = open(infile,'r')
data = rsdf.read()
data = binascii.unhexlify(''.join(data.split()))
data = data.splitlines()
for link in data:
link = base64.b64decode(link)
link = obj.decrypt(link)
print link.replace('CCF: ','')
rsdf.close()
Happy Downloading!
Clear Print Queue via Batch Script
Had a client whose print queue would jam up and they couldn’t restart the printer spooler until you manually cleared the spooled documents. So I stole this piece of code and put it in a batch file. Works wonders!
@echo off net stop "print spooler" del /q "%SystemRoot%system32spoolPRINTERS*.*" net start "print spooler"
Update: The reason the spooler was dying was because when he printed a PDF document he would close Acrobat before the document finished and in turned killed the Print Spooler. Because we charge by the hour, he didn’t want it to be investigated any further, which is fine by me!