Crack SHA512crypt ($6$) with John the Ripper with Native OpenMPI multi-threading
JtR now natively supports multi-threading through the OpenMPI interface. All the code is right there in the jumbo version of JtR all you need to do is install OpenMPI and un comment the lines of code in the makefile. Now you can crack SHA512crypt passwords with all cores.
Alright lets get started:
yum install openmpi wget http://www.openwall.com/john/g/john-1.7.9-jumbo-6.tar.gz tar -zxvf john-1.7.9-jumbo-6.tar.gz cd john-1.7.9-jumbo-6/src
Now we need to edit Makefile and uncomment the ‘OpenMP’ lines.
vi Makefile
and uncomment the following line as per below:
OMPFLAGS =
# gcc with OpenMP
#OMPFLAGS = -fopenmp
OMPFLAGS = -fopenmp -msse2
# Sun Studio with OpenMP (set the OMP_NUM_THREADS env var at runtime)
#OMPFLAGS = -xopenmp
# icc with OpenMP (for make target linux-x86-64-icc)
#ICCOMPFLAGS = -openmp
now compile and run as per normal noticing that you now have 100% cpu usage!
Samhain - POLICY NODIRECTORY explained
This was a tricky one. I kept getting alerts for:
-----BEGIN MESSAGE----- [2012-07-09T23:40:37+1000] server8.somedomain.com CRIT : [2012-07-09T23:40:34+1000] msg=<POLICY NODIRECTORY>, path=</var/log> -----BEGIN SIGNATURE----- EA6AB852FD5E03118A95B8507E514F264CCFE3CC35E3330F 000154 1340761939::server8.somedomain.com -----END MESSAGE-----
And for the life of me wasn’t sure why but after reading the source code the cause is explained:
{ MSG_FI_NODIR, N_("File found where directory was expected"), IDMEF_IMPACT_TYPE_FILE },
And you know what it was correct! /var/log was a softlink to /data/logs!
Adobe Reader X (10.1.3) Offline Installer Link
Here is the Windows XP (SP3) and Windows 7 offline installer for Adobe Reader X: http://ardownload.adobe.com/pub/adobe/reader/win/10.x/10.1.3/en_US/AdbeRdr1013_en_US.exe
Download ncat Win32 (precompiled)
December 2012 Update: A newer precompiled version is available here: http://nmap.org/ncat/
So I was having a hunt around for the modified version of Netcat which is called Ncat developed by the lovely people who wrote the infamous port scanner Nmap. I needed the Win32 binaries for it and after a brief internet trowel it couldn’t be found. So I downloaded the source and compiled it and made it presentable for download for everyone else.
Ncat-5.21 Packed with UPX Packer Ncat-5.21 without UPX Packer
Happy Ncatting :-)
Howto Setup Multi threaded John the Ripper
This article has an updated version -> Here
Today at work a client he needed to access a cisco router but no-one new the password but we had the config files saved which included the MD5 hashes of the enable and enable secret passwords. So I set about cracking the hashes, which was done successfully btw, following on from that I then remembered a John the Ripper MPI patch which I had seen some time ago I ended getting it going at home and the results are good!
Directions for installation are as follows (on Fedora 11)
yum install mpich2 mpich2-devel wget http://www.bindshell.net/tools/johntheripper/john-1.7.2-bp17-mpi8.tar.gz tar -zxvf john-1.7.2-bp17-mpi8.tar.gz cd john-1.7.2-bp17/src make linux-x86-64 (for 64bit version duh!) cd ../run touch ~/.mpd.conf && echo "MPD_SECRETWORD=secret" > ~/.mpd.conf && chmod 600 ~/.mpd.conf mpd & mpiexec.py -n 4 -path ./ -wdir ./ ./john --test
Initial Benchmarking looks good. Below is 1 core vs 4 cores
Traditional DES [128/128 BS SSE2-16] 1591K c/s real, 1594K c/s virtual / 6131K c/s real, 6380K c/s virtual BSDI DES (x725) [128/128 BS SSE2-16] Many salts: 53222 c/s real, 53329 c/s virtual / Many salts: 207665 c/s real, 215407 c/s virtual FreeBSD MD5 [32/64 X2] Raw: 9718 c/s real, 9816 c/s virtual / Raw: 37720 c/s real, 39581 c/s virtual mysql [mysql] Raw: 2571K c/s real, 2571K c/s virtual / Raw: 9397K c/s real, 10254K c/s virtual
About a 100% increase per core! Life is good!