After many requests to start supporting des_crypt() hashes (used with older UNIX systems like QNX), we have finally added experimental support! We currently only offer a full keyspace search of all typeable characters 0x20 (space) to 0x7e (~) and 0x0 (null) for all possible 8 character combinations (which also covers all possible shorter passwords). As far as we can tell, this 100% guarantees that we will find the password no matter how complex.
This requires 25 rounds of DES but the keyspace is roughly 1/10th the size of the entire DES keyspace so cracking takes a worst case time of around 3.5 days. Because of this, we’ve set the pricing is roughly 3x that of doing a DES KPT job.
To submit a job, simply type your des_crypt() hash into the submission box above and click Submit.
Cracking MSCHAPv2 or WPA2 Enterprise
Go grab a copy of Moxie Marlinspike’s chapcrack and follow the directions:
- The first thing you’ll need to do is obtain the network traffic for the MS-CHAPv2 handshake you’d like to crack.
For PPTP VPN connections, simply use a tool such as tcpdump or wireshark in order to obtain a network capture. For WPA2 Enterprise wireless handshakes, simply use a tool like FreeRADIUS-WPE in order to obtain ‘challenge’ and ‘response’ parameters.
- Next you’ll use
chapcrackin order to parse and extract the MS-CHAPv2 handshake from your packet capture or FreeRADIUS interception.
- For a PPTP handshake, run:
chapcrack.py parse -i /path/to/capture.cap
- For a WPA2 handshake, run:
chapcrack.py radius -C <challenge> -R <response>, where
responseare what you intercepted with FreeRADIUS-WPE
- For a PPTP handshake, run:
- Submit the token
chapcrackgives you to the form below
- When you get your results, you can decrypt a PPTP packet capture:
chapcrack.py decrypt -i </path/to/capture.cap> -o output.cap -n <result>
Cracking LM or NTLMv1 Challenge/Response
You can also use this system to crack standard LM or NTLMv1 challenge/response (NTLMv2 cannot be cracked by the system as it relies on HMAC-MD5). There’s a number of articles that outline how to capture this challenge/response by either sniffing an authentication with an SMB server and/or tricking the victim to connect to a server you control.
- Mark Gamache’s Random Blog: NTLM Challenge Response is 100% Broken (Yes, this is still relevant)
- Using the Metasploit SMB Sniffer Module – Carnal0wnage
To submit one of these jobs to our system, simply use the
radius option with chapcrack:
$ chapcrack.py radius -C <challenge> -R <response>
For example, if you’re using the SMB Capture metasploit module, the
challenge would be its hardcoded challenge string
1122334455667788 and the
response would be the 48 hex character LMHASH or NTHASH string that’s captured and printed by metasploit:
msf > use auxiliary/server/capture/smb msf auxiliary(smb) > run [*] Auxiliary module running as background job msf auxiliary(smb) > [*] Server started. [*] Captured 192.168.0.101:57794 XPSP1VM\Administrator LMHASH:76365e2d142b5612980c67d057eb9efeee5ef6eb6ff6e04d NTHASH:727b4e35f947129ea52b9cdedae86934bb23ef89f50fc595 OS:Windows 2002 Service Pack 1 2600 LM:Windows 2002 5.1
To crack the LM hash:
$ chapcrack.py radius -C 1122334455667788 -R 76365e2d142b5612980c67d057eb9efeee5ef6eb6ff6e04d
To crack the NTLM hash:
$ chapcrack.py radius -C 1122334455667788 -R 727b4e35f947129ea52b9cdedae86934bb23ef89f50fc595
NOTE: If you crack an LM (LMHASH) challenge/response, you’ll get the LM hash. If you crack an NTLMv1 (NTHASH) challenge/response, you’ll get the NTLM hash.
Then submit the generated token to get cracked and you’ll receive the LM or NTLM hash that was used. This can then be used to perform Pass the Hash authentication with the server the user was trying to connect to or you can use traditional LM or NTLM rainbow tables to crack the password.
Most jobs will complete within a few days of placing your order. The cracked 128-bit hash will be sent to the email address which paid for the job. If you would like to check the status of your order, please feel free to contact us.
In order to crack DES you need enough information to verify if the key you’re trying is correct. In the case of MSCHAPv2 we have full known plaintext because it’s sent across the wire in the clear as the challenge. In other cases we may only know some bits of a header that’s being encrypted or that it’s all ascii numbers, etc. To keep the FPGA design running fast we implement a simple mask and compare operation to the plaintext and return any keys that cause a match. The candidate keys can then be further examined with software (through fully decrypting, checking CRCs, etc).
$ ./des_kpt.py encrypt -p 0000000000000000 -k 1044ca254cddc4 -i 0123456789abcdef PT = 0000000000000000 IV = 0123456789abcdef PT+IV = 0123456789abcdef CT = 825f48ccfd6829f0 K = 1044ca254cddc4 KP = 1023324554677689 E = 1 $ ./des_kpt.py decrypt -c 837c0dab74c3e41f -k 1044ca254cddc4 -i 0123456789abcdef PT = 0123456789abcdef IV = 0123456789abcdef CT = 837c0dab74c3e41f CT+IV = 825f48ccfd6829f0 K = 1044ca254cddc4 KP = 1023324554677689 E = 0
Generating a Token
Once you’re satisfied that you’ve found the right plaintext, ciphertext, and mask that you’d like to submit, then use des_kpt to generate your token:
$ ./des_kpt.py parse -p 0123456789abcdef -m ffffffffffff0000 -c 825f48ccfd6829f0 PT = 0123456789ab0000 M = ffffffffffff0000 CT = 825f48ccfd6829f0 E = 0 crack.sh Submission = $98$ASNFZ4mrze////////8AAIJfSMz9aCnw $ ./des_kpt.py parse -p 0123456789abcdef -m ffffffffffff0000 -c 825f48ccfd6829f0 -e PT = 0123456789abcdef M = ffffffffffff0000 CT = 825f48ccfd680000 E = 1 crack.sh Submission = $97$ASNFZ4mrze////////8AAIJfSMz9aAAA
To prevent bandwidth issues and reduce the result file size, we require that the mask in your submitted token have at most 24 zero bits.
Most jobs will complete within a few days of placing your order. The cracked keys will be sent to the email address which paid for the job. If you would like to check the status of your order, please feel free to contact us.