#define MAX_DICTSTAT 10000
-#define NUM_DEFAULT_BENCHMARK_ALGORITHMS 135
+#define NUM_DEFAULT_BENCHMARK_ALGORITHMS 136
#define global_free(attr) \
{ \
8700,
9100,
133,
+ 13500,
11600,
12500,
13000,
" --remove Enable remove of hash once it is cracked",
" --remove-timer=NUM Update input hash file each NUM seconds",
" --potfile-disable Do not write potfile",
+ " --potfile-path Specific path to potfile",
" --debug-mode=NUM Defines the debug mode (hybrid only by using rules), see references below",
" --debug-file=FILE Output file for debugging rules (see also --debug-mode)",
" --induction-dir=FOLDER Specify induction directory to use, default is $session.induct",
" 8700 = Lotus Notes/Domino 6",
" 9100 = Lotus Notes/Domino 8",
" 133 = PeopleSoft",
+ " 13500 = PeopleSoft Token",
"",
"[[ Archives ]]",
"",
{
wpa_t *wpa = (wpa_t *) data.esalts_buf;
- uint pke[25] = { 0 };
-
- char *pke_ptr = (char *) pke;
-
- for (uint i = 0; i < 25; i++)
- {
- pke[i] = byte_swap_32 (wpa->pke[i]);
- }
-
- char mac1[6] = { 0 };
- char mac2[6] = { 0 };
-
- memcpy (mac1, pke_ptr + 23, 6);
- memcpy (mac2, pke_ptr + 29, 6);
-
log_info ("Hash.Target....: %s (%02x:%02x:%02x:%02x:%02x:%02x <-> %02x:%02x:%02x:%02x:%02x:%02x)",
(char *) data.salts_buf[0].salt_buf,
- mac1[0] & 0xff,
- mac1[1] & 0xff,
- mac1[2] & 0xff,
- mac1[3] & 0xff,
- mac1[4] & 0xff,
- mac1[5] & 0xff,
- mac2[0] & 0xff,
- mac2[1] & 0xff,
- mac2[2] & 0xff,
- mac2[3] & 0xff,
- mac2[4] & 0xff,
- mac2[5] & 0xff);
+ wpa->orig_mac1[0],
+ wpa->orig_mac1[1],
+ wpa->orig_mac1[2],
+ wpa->orig_mac1[3],
+ wpa->orig_mac1[4],
+ wpa->orig_mac1[5],
+ wpa->orig_mac2[0],
+ wpa->orig_mac2[1],
+ wpa->orig_mac2[2],
+ wpa->orig_mac2[3],
+ wpa->orig_mac2[4],
+ wpa->orig_mac2[5]);
}
else if (data.hash_mode == 5200)
{
wpa_t *wpas = (wpa_t *) data.esalts_buf;
wpa_t *wpa = &wpas[salt_pos];
- uint pke[25] = { 0 };
-
- char *pke_ptr = (char *) pke;
-
- for (uint i = 0; i < 25; i++)
- {
- pke[i] = byte_swap_32 (wpa->pke[i]);
- }
-
- u8 mac1[6] = { 0 };
- u8 mac2[6] = { 0 };
-
- memcpy (mac1, pke_ptr + 23, 6);
- memcpy (mac2, pke_ptr + 29, 6);
-
// compare hex string(s) vs binary MAC address(es)
for (uint i = 0, j = 0; i < 6; i++, j += 2)
{
- if (mac1[i] != hex_to_u8 ((const u8 *) &mac1_pos[j]))
+ if (wpa->orig_mac1[i] != hex_to_u8 ((const u8 *) &mac1_pos[j]))
{
cracked = 0;
+
break;
}
}
for (uint i = 0, j = 0; i < 6; i++, j += 2)
{
- if (mac2[i] != hex_to_u8 ((const u8 *) &mac2_pos[j]))
+ if (wpa->orig_mac2[i] != hex_to_u8 ((const u8 *) &mac2_pos[j]))
{
cracked = 0;
+
break;
}
}
u64 limit = LIMIT;
uint keyspace = KEYSPACE;
uint potfile_disable = POTFILE_DISABLE;
+ char *potfile_path = NULL;
uint debug_mode = DEBUG_MODE;
char *debug_file = NULL;
char *induction_dir = NULL;
#define IDX_LIMIT 'l'
#define IDX_KEYSPACE 0xff35
#define IDX_POTFILE_DISABLE 0xff06
+ #define IDX_POTFILE_PATH 0xffe0
#define IDX_DEBUG_MODE 0xff43
#define IDX_DEBUG_FILE 0xff44
#define IDX_INDUCTION_DIR 0xff46
{"limit", required_argument, 0, IDX_LIMIT},
{"keyspace", no_argument, 0, IDX_KEYSPACE},
{"potfile-disable", no_argument, 0, IDX_POTFILE_DISABLE},
+ {"potfile-path", required_argument, 0, IDX_POTFILE_PATH},
{"debug-mode", required_argument, 0, IDX_DEBUG_MODE},
{"debug-file", required_argument, 0, IDX_DEBUG_FILE},
{"induction-dir", required_argument, 0, IDX_INDUCTION_DIR},
case IDX_REMOVE_TIMER: remove_timer = atoi (optarg);
remove_timer_chgd = 1; break;
case IDX_POTFILE_DISABLE: potfile_disable = 1; break;
+ case IDX_POTFILE_PATH: potfile_path = optarg; break;
case IDX_DEBUG_MODE: debug_mode = atoi (optarg); break;
case IDX_DEBUG_FILE: debug_file = optarg; break;
case IDX_INDUCTION_DIR: induction_dir = optarg; break;
return (-1);
}
- if (hash_mode_chgd && hash_mode > 13400) // just added to remove compiler warnings for hash_mode_chgd
+ if (hash_mode_chgd && hash_mode > 13500) // just added to remove compiler warnings for hash_mode_chgd
{
log_error ("ERROR: Invalid hash-type specified");
logfile_top_uint (outfile_check_timer);
logfile_top_uint (outfile_format);
logfile_top_uint (potfile_disable);
+ logfile_top_string (potfile_path);
#if defined(HAVE_HWMON) && defined(HAVE_ADL)
logfile_top_uint (powertune_enable);
#endif
case 8300: hash_type = HASH_TYPE_SHA1;
salt_type = SALT_TYPE_EMBEDDED;
attack_exec = ATTACK_EXEC_INSIDE_KERNEL;
- opts_type = OPTS_TYPE_PT_GENERATE_LE
+ opts_type = OPTS_TYPE_PT_GENERATE_BE
| OPTS_TYPE_ST_HEX
| OPTS_TYPE_ST_ADD80;
kern_type = KERN_TYPE_NSEC3;
dgst_pos3 = 3;
break;
+ case 13500: hash_type = HASH_TYPE_SHA1;
+ salt_type = SALT_TYPE_EMBEDDED;
+ attack_exec = ATTACK_EXEC_INSIDE_KERNEL;
+ opts_type = OPTS_TYPE_PT_GENERATE_BE
+ | OPTS_TYPE_PT_UNICODE
+ | OPTS_TYPE_PT_ADD80;
+ kern_type = KERN_TYPE_SHA1_SLTPWU;
+ dgst_size = DGST_SIZE_4_5;
+ parse_func = pstoken_parse_hash;
+ sort_by_digest = sort_by_digest_4_5;
+ opti_type = OPTI_TYPE_ZERO_BYTE
+ | OPTI_TYPE_PRECOMPUTE_INIT
+ | OPTI_TYPE_EARLY_SKIP
+ | OPTI_TYPE_NOT_ITERATED
+ | OPTI_TYPE_PREPENDED_SALT
+ | OPTI_TYPE_RAW_HASH;
+ dgst_pos0 = 3;
+ dgst_pos1 = 4;
+ dgst_pos2 = 2;
+ dgst_pos3 = 1;
+ break;
+
default: usage_mini_print (PROGNAME); return (-1);
}
case 13000: esalt_size = sizeof (rar5_t); break;
case 13100: esalt_size = sizeof (krb5tgs_t); break;
case 13400: esalt_size = sizeof (keepass_t); break;
+ case 13500: esalt_size = sizeof (pstoken_t); break;
}
data.esalt_size = esalt_size;
char potfile[256] = { 0 };
- snprintf (potfile, sizeof (potfile) - 1, "%s/%s", profile_dir, POTFILE_FILENAME);
+ if (potfile_path == NULL)
+ {
+ snprintf (potfile, sizeof (potfile) - 1, "%s/%s", profile_dir, POTFILE_FILENAME);
+ }
+ else
+ {
+ strncpy (potfile, potfile_path, sizeof (potfile) - 1);
+ }
data.pot_fp = NULL;
wpa_t *wpa = (wpa_t *) hashes_buf[hashes_cnt].esalt;
- u8 *pke_ptr = (u8 *) wpa->pke;
-
// do the appending task
snprintf (salt_ptr + cur_pos,
rem_len,
":%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x",
- pke_ptr[20], pke_ptr[27], pke_ptr[26], pke_ptr[25], pke_ptr[24], pke_ptr[31], // MAC1
- pke_ptr[30], pke_ptr[29], pke_ptr[28], pke_ptr[35], pke_ptr[34], pke_ptr[33]); // MAC2
-
+ wpa->orig_mac1[0],
+ wpa->orig_mac1[1],
+ wpa->orig_mac1[2],
+ wpa->orig_mac1[3],
+ wpa->orig_mac1[4],
+ wpa->orig_mac1[5],
+ wpa->orig_mac2[0],
+ wpa->orig_mac2[1],
+ wpa->orig_mac2[2],
+ wpa->orig_mac2[3],
+ wpa->orig_mac2[4],
+ wpa->orig_mac2[5]);
// memset () the remaining part of the salt
{
wpa_t *wpa = (wpa_t *) found->esalt;
- uint pke[25] = { 0 };
-
- char *pke_ptr = (char *) pke;
-
- for (uint i = 0; i < 25; i++)
- {
- pke[i] = byte_swap_32 (wpa->pke[i]);
- }
-
- u8 mac1[6] = { 0 };
- u8 mac2[6] = { 0 };
-
- memcpy (mac1, pke_ptr + 23, 6);
- memcpy (mac2, pke_ptr + 29, 6);
-
// compare hex string(s) vs binary MAC address(es)
for (uint i = 0, j = 0; i < 6; i++, j += 2)
{
- if (mac1[i] != hex_to_u8 ((const u8 *) &mac1_pos[j]))
+ if (wpa->orig_mac1[i] != hex_to_u8 ((const u8 *) &mac1_pos[j]))
{
found = NULL;
+
break;
}
}
for (uint i = 0, j = 0; i < 6; i++, j += 2)
{
- if (mac2[i] != hex_to_u8 ((const u8 *) &mac2_pos[j]))
+ if (wpa->orig_mac2[i] != hex_to_u8 ((const u8 *) &mac2_pos[j]))
{
found = NULL;
+
break;
}
}