Help with 7500 Kerberos 5 AS-REQ Pre-Auth
#1
7500 Kerberos 5 AS-REQ Pre-Auth

In the example the hash is listed as:
$krb5pa$23$user$realm$salt$4e751db65422b2117f7eac7b721932dc8aa0d9966785ecd958f971f622bf5c42dc0c70b532363138363631363132333238383835

I'm trying to figure out how to get this to work? Can anyone describe the underlying hash algorithm hashcat implements? It appears to be completely different from JtR's mskrb5... which is the Microsoft kerberos pre-auth with RC4-HMAC-SHA1. (I still haven't found a tool that does the Windows Vista/7+ AES256-HMAC-SHA1 hashes reliably yet).

This is their example hash: $mskrb5$$$98cd00b6f222d1d34e08fe0823196e0b$5937503ec29e3ce4e94a051632d0fff7b6781f93e3decf7dca707340239300d602932154

should crack out as a zero length string iirc.
Here are other examples that work fine from JtR:
{"$mskrb5$john$JOHN.DOE.MS.COM$02E837D06B2AC76891F388D9CC36C67A$2A9785BF5036C45D3843490BF9C228E8C18653E10CE58D7F8EF119D2EF4F92B1803B1451", "fr2beesgr"},{"$mskrb5$$$98cd00b6f222d1d34e08fe0823196e0b$5937503ec29e3ce4e94a051632d0fff7b6781f93e3decf7dca707340239300d602932154", ""},
{"$mskrb5$$$F4085BA458B733D8092E6B348E3E3990$034ACFC70AFBA542690B8BC912FCD7FED6A848493A3FF0D7AF641A263B71DCC72902995D", "frank"},
{"$mskrb5$$$eb03b6fbcfe91f8346f3c0ae7e8abfe5$afcbe07c32c3450b37d0f2516354570fe7d3e78f829e77cdc1718adf612156507181f7da", "John"},
{"$mskrb5$$$881c257ce5df7b11715a6a60436e075a$c80f4a5ec18e7c5f765fb9f00eda744a57483db500271369cf4752a67ca0e67f37c68402", "the"},
{"$mskrb5$$$ef012e13c8b32448241091f4e1fdc805$354931c919580d4939421075bcd50f2527d092d2abdbc0e739ea72929be087de644cef8a", "Ripper"},
{"$mskrb5$$$334ef74dad191b71c43efaa16aa79d88$34ebbad639b2b5a230b7ec1d821594ed6739303ae6798994e72bd13d5e0e32fdafb65413", "VeryveryveryloooooooongPassword"},

I've tested with real production hashes with success from Cain/Wireshark captures of XP machines authenticating with success in JtR, but I can't share them, see screenshot. They do come out to the exact same lengths though.

How would I get their example hash to load in hashcat? The user/realm don't play any part in the hash, the salt/checksum should be the first 16 bytes of the blob, the remainder decrypts to a timestramp iirc.
If I pull it out like you have to do for JtR (notice the $ in the middle of the blob) I get a length error.
i.e. $krb5pa$23$$$4e751db65422b2117f7eac7b72193$2dc8aa0d9966785ecd958f971f622bf5c42dc0c70b532363138363631363132333238383835

If I leave it blank and leave the blob portion full length I get a line length exception.
i.e. $krb5pa$23$$$$4e751db65422b2117f7eac7b721932dc8aa0d9966785ecd958f971f622bf5c42dc0c70b532363138363631363132333238383835

If I copy the salt portion in to the salt item it works, but doesn't find the password.
i.e. $krb5pa$23$$$4e751db65422b2117f7eac7b72193$4e751db65422b2117f7eac7b721932dc8aa0d9966785ecd958f971f622bf5c42dc0c70b532363138363631363132333238383835

I'm stumped, works fine in JtR, what am I doing wrong?

Here's Cain with JUST the blob portion (no user/realm needed) correctly identifying the correct passwords (note the lock/keys icon):
[Image: mskrb5.png]

I found this: https://hashcat.net/trac/ticket/137 which shows the correct algorithm:
K = NTLM Hash of password
K1 = HMAC-MD5(K, 1)
K3 = HMAC-MD5(K1, Checksum)

RC4 Decrypt rest of blob with K3 as our key. Should be an ascii timestamp.

Thank you

ETA: I'm using oclHashcat64 v1.01 on an AMD card.
#2
Hey, first of all, the example works fine:

Code:
root@ht:~/oclHashcat-1.20# cat > hash
$krb5pa$23$user$realm$salt$4e751db65422b2117f7eac7b721932dc8aa0d9966785ecd958f971f622bf5c42dc0c70b532363138363631363132333238383835
root@ht:~/oclHashcat-1.20# ./oclHashcat64.bin -m 7500 hash -a 3 hashcat --quiet --potfile-disable
$krb5pa$23$user$realm$salt$4e751db65422b2117f7eac7b721932dc8aa0d9966785ecd958f971f622bf5c42dc0c70b532363138363631363132333238383835:hashcat

Now, get ready for the mad part, expect the unexpected!

In your post, I don't know how you do copy/paste, but is an invisible character. When I tried to reproduce your hash I got the following (note, that is with your hash from your post):

Code:
root@ht:~/oclHashcat-1.20# cat > hash
$krb5pa$23$user$realm$salt$4e751db65422b2117f7eac7b721932dc8aa0d9966785ecd958f97​1f622bf5c42dc0c70b532363138363631363132333238383835
root@ht:~/oclHashcat-1.20# ./oclHashcat64.bin -m 7500 hash -a 3 hashcat --quiet --potfile-disable
WARNING: Hashfile 'hash' in line 1 ($krb5pa$23$user$realm$salt$4e751db65422b2117f7eac7b721932dc8aa0d9966785ecd958f97​1f622bf5c42dc0c70b532363138363631363132333238383835): Salt-length exception

Beside, this is a salt-length exception, not a line-length exception. However, that was strange since that matches the hashcat example hash so it should work.

After I played around a bit with it I found the root of the problem when doing an hex dump:

Code:
root@ht:~/oclHashcat-1.20# xxd hash
0000000: 246b 7262 3570 6124 3233 2475 7365 7224  $krb5pa$23$user$
0000010: 7265 616c 6d24 7361 6c74 2434 6537 3531  realm$salt$4e751
0000020: 6462 3635 3432 3262 3231 3137 6637 6561  db65422b2117f7ea
0000030: 6337 6237 3231 3933 3264 6338 6161 3064  c7b721932dc8aa0d
0000040: 3939 3636 3738 3565 6364 3935 3866 3937  9966785ecd958f97
0000050: e280 8b31 6636 3232 6266 3563 3432 6463  ...1f622bf5c42dc
0000060: 3063 3730 6235 3332 3336 3331 3338 3336  0c70b53236313836
0000070: 3336 3331 3336 3331 3332 3333 3332 3338  3631363132333238
0000080: 3338 3338 3335 0a                        383835.

Take a close look at offset 0x50. I guess you have a different problem here...
#3
I dont know where those bytes came from, mine don't have them. The example given for hashcat runs, I can get other hashes to run with the text "salt" in the salt field, but it doesn't find anything, that's the problem. If I leave "salt" blank I get a salt length exception.

[Image: screenshot.png]

The correct password should be "frank"
#4
hey, that hash works fine for me, see here:

Code:
root@ht:~/oclHashcat-1.20# cat hash
$krb5pa$23$user$realm$salt$034ACFC70AFBA542690B8BC912FCD7FED6A848493A3FF0D7AF641A263B71DCC72902995DF4085BA458B733D8092E6B348E3E3990
root@ht:~/oclHashcat-1.20# ./oclHashcat64.bin -m 7500 hash -a 3 frank --potfile-disable
oclHashcat v1.20 starting...

Device #1: Tahiti, 2965MB, 925Mhz, 32MCU

Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Applicable Optimizers:
* Zero-Byte
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Kernel ./kernels/4098/m7500.Tahiti_1411.4_1411.4 (VM).kernel (133340 bytes)
Device #1: Kernel ./kernels/4098/markov_le_v1.Tahiti_1411.4_1411.4 (VM).kernel (94272 bytes)
Device #1: Kernel ./kernels/4098/bzero.Tahiti_1411.4_1411.4 (VM).kernel (30452 bytes)

                                            
INFO: approaching final keyspace, workload adjusted

$krb5pa$23$user$realm$salt$034acfc70afba542690b8bc912fcd7fed6a848493a3ff0d7af641a263b71dcc72902995df4085ba458b733d8092e6b348e3e3990:frank
                                            
Session.Name...: oclHashcat
Status.........: Cracked
Input.Mode.....: Mask (frank) [5]
Hash.Target....: $krb5pa$23$user$realm$salt$034acfc70afba542690b8bc912fcd7fed6a848493a3ff0d7af641a263b71dcc72902995df4085ba458b733d8092e6b348e3e3990
Hash.Type......: Kerberos 5 AS-REQ Pre-Auth etype 23
Time.Started...: Fri Mar 28 17:40:34 2014 (1 sec)
Speed.GPU.#1...:        0 H/s
Recovered......: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.......: 1/1 (100.00%)
Skipped........: 0/1 (0.00%)
Rejected.......: 0/1 (0.00%)
HWMon.GPU.#1...:  0% Util, 32c Temp, 20% Fan

Started: Fri Mar 28 17:40:34 2014
Stopped: Fri Mar 28 17:40:35 2014
#5
I think I see what the error is you did. You prepended the hash to the ciphertext, but you need to append it
#6
That works. Checksum goes at the end, opposite order as Cain and JtR. Not obvious from the example.

Thank you.