Aim Password Cracking W/ John The Ripper?

Full Version: Aim Password Cracking W/ John The Ripper?

GovernmentSecurity.org > The Archives > General Network Security

Fractured

Feb 18 2004, 09:22 AM

I remember there used to be a bunch of programs that could read the stored encrypted password file for AIM and tell you what each of them are in plain text. Recently I have not been able to find one of these programs. I was wondering if the passwords could be brute forced with John the Ripper.

Like would there be a way to extract the hash file and then run John the Ripper to brute force it? How would this be done? How would you extract the password hash and how would you set up John the Ripper to crack it?

Thanks!

Aaron5278

Feb 18 2004, 09:34 PM

I'd like to know the same thing

setthesun

Feb 18 2004, 09:36 PM

Do you know encryption algorith of AIM passwords ? Or could you send a sample encrypted password ?

xzibit

Feb 18 2004, 10:16 PM

i think aim passwords are encrypted with aols own algorithm. I could be wrong.... AIM passwords are stored in the registry at this location...

HKEY_CURRENT_USER\Software\America Online\AOL Instant Messenger ™\CurrentVersion\Users\screename\Login

Heres an example of the password for "sexy"

NIpEilHR4PD17uQjN9Eq3DSKRIpR0eDw9e7kIzfRKtw=

hope this helps....

BTW. U can use the encrypted password and still sign on. Just make a new reg key for the screen name ur trying to use. Have it autosaved.

setthesun

Feb 18 2004, 10:20 PM

Hmm yeah I can't recognize it. Also I'm sure that you can crack it by www.elcomsoft.com software.

Zekk

Feb 19 2004, 12:47 AM

yeah I dunno about jack try www.elcomsoft.com software I have used it b4.

Fractured

Feb 19 2004, 03:02 AM

The cracker at www.elcomsoft.com only works for AIM up to version 4.6.
As we are now up to 5.5 this is quite useless as you can see.

tonikgin

Feb 19 2004, 05:09 AM

open a new txt file, put
root:encryptedhash
and save it.
john.exe file.txt
if it doesnt recognize the hash as one of it's pre defined algorithems to crack, then no.

Fractured

Feb 19 2004, 05:59 AM

No. Just plugging it in like that does not work. Any more suggestions?

tonikgin

Feb 19 2004, 06:11 AM

C:\Stuff\john-16\run>john password.txt
Loaded 1 password (NT LM DES [24/32 4K])

I'm sorry, what were you saying about me beign wrong?

contents of password.txt:
root:FB842CFC6FCE70F9AAD3B435B51404EE

the hash is indeed DES encrypted.

Fractured

Feb 19 2004, 06:32 AM

I dont know what you did. But as far as I can tell, that doesnt work in John the Ripper. Maybe explain more of what you did, cause that doesnt even look like an AIM hash. Unless you took off the '=' and the occasional '+'.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: Aim Password Cracking W/ John The Ripper? GovernmentSecurity.org > The Archives > General Network Security Fractured Feb 18 2004, 09:22 AM I remember there used to be a bunch of programs that could read the stored encrypted password file for AIM and tell you what each of them are in plain text. Recently I have not been able to find one of these programs. I was wondering if the passwords could be brute forced with John the Ripper. Like would there be a way to extract the hash file and then run John the Ripper to brute force it? How would this be done? How would you extract the password hash and how would you set up John the Ripper to crack it? Thanks! Aaron5278 Feb 18 2004, 09:34 PM I'd like to know the same thing setthesun Feb 18 2004, 09:36 PM Do you know encryption algorith of AIM passwords ? Or could you send a sample encrypted password ? xzibit Feb 18 2004, 10:16 PM i think aim passwords are encrypted with aols own algorithm. I could be wrong.... AIM passwords are stored in the registry at this location... HKEY_CURRENT_USER\Software\America Online\AOL Instant Messenger ™\CurrentVersion\Users\screename\Login Heres an example of the password for "sexy" NIpEilHR4PD17uQjN9Eq3DSKRIpR0eDw9e7kIzfRKtw= hope this helps.... BTW. U can use the encrypted password and still sign on. Just make a new reg key for the screen name ur trying to use. Have it autosaved. setthesun Feb 18 2004, 10:20 PM Hmm yeah I can't recognize it. Also I'm sure that you can crack it by www.elcomsoft.com software. Zekk Feb 19 2004, 12:47 AM yeah I dunno about jack try www.elcomsoft.com software I have used it b4. Fractured Feb 19 2004, 03:02 AM The cracker at www.elcomsoft.com only works for AIM up to version 4.6. As we are now up to 5.5 this is quite useless as you can see. tonikgin Feb 19 2004, 05:09 AM open a new txt file, put root:encryptedhash and save it. john.exe file.txt if it doesnt recognize the hash as one of it's pre defined algorithems to crack, then no. Fractured Feb 19 2004, 05:59 AM No. Just plugging it in like that does not work. Any more suggestions? tonikgin Feb 19 2004, 06:11 AM C:\Stuff\john-16\run>john password.txt Loaded 1 password (NT LM DES [24/32 4K]) I'm sorry, what were you saying about me beign wrong? contents of password.txt: root:FB842CFC6FCE70F9AAD3B435B51404EE the hash is indeed DES encrypted. Fractured Feb 19 2004, 06:32 AM I dont know what you did. But as far as I can tell, that doesnt work in John the Ripper. Maybe explain more of what you did, cause that doesnt even look like an AIM hash. Unless you took off the '=' and the occasional '+'. This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.