////////////////////////////////////////////////////////////////////////////////

1. /////////////////////////////////////////////////////////////////////////////////////////////
2. Add these lines to JtR /run/dynamic.conf:
3. /////////////////////////////////////////////////////////////////////////////////////////////
4. [List.Generic:dynamic_1591]
5. Expression=md5($u:ManagementRealm:$p)
6. CONST1=:ManagementRealm:
7. Flag=MGF_USERNAME
8. Flag=MGF_NOTSSE2Safe
9. Func=DynamicFunc__clean_input
10. Func=DynamicFunc__append_userid
11. Func=DynamicFunc__append_input1_from_CONST1
12. Func=DynamicFunc__append_keys
13. Func=DynamicFunc__crypt_md5
14. Test=$dynamic_1591$1c3470194afdc84b90a0781c5e4462fc:test:user
15.  
16. /////////////////////////////////////////////////////////////////////////////////////////////
17. JBoss hash creation
18. /////////////////////////////////////////////////////////////////////////////////////////////
19. root@kali:~/ts/jboss-as-7.1.1.Final/bin# ./add-user.sh
20.  
21. What type of user do you wish to add?
22. a) Management User (mgmt-users.properties)
23. b) Application User (application-users.properties)
24. (a): a
25.  
26. Enter the details of the new user to add.
27. Realm (ManagementRealm) :
28. Username : user
29. Password :
30. Re-enter Password :
31. About to add user 'user' for realm 'ManagementRealm'
32. Is this correct yes/no? yes
33. Added user 'user' to file '/root/ts/jboss-as-7.1.1.Final/standalone/configuration/mgmt-users.properties'
34. Added user 'user' to file '/root/ts/jboss-as-7.1.1.Final/domain/configuration/mgmt-users.properties'
35. root@kali:~/ts/jboss-as-7.1.1.Final/bin# cat /root/ts/jboss-as-7.1.1.Final/standalone/configuration/mgmt-users.properties
36. #
37. # Properties declaration of users for the realm 'ManagementRealm' which is the default realm
38. # for new AS 7.1 installations. Further authentication mechanism can be configured
39. # as part of the <management /> in standalone.xml.
40. #
41. # Users can be added to this properties file at any time, updates after the server has started
42. # will be automatically detected.
43. #
44. # By default the properties realm expects the entries to be in the format: -
45. # username=HEX( MD5( username ':' realm ':' password))
46. #
47. # A utility script is provided which can be executed from the bin folder to add the users: -
48. # - Linux
49. # bin/add-user.sh
50. #
51. # - Windows
52. # bin\add-user.bat
53.  
54. # The following illustrates how an admin user could be defined, this
55. # is for illustration only and does not correspond to a usable password.
56. #
57. user=1c3470194afdc84b90a0781c5e4462fc
58.  
59. /////////////////////////////////////////////////////////////////////////////////////////////
60. JtR test
61. /////////////////////////////////////////////////////////////////////////////////////////////
62. root@kali:/opt/bleeding-jumbo/JohnTheRipper/run# ./john --format=dynamic_1591 bibi
63. Using default input encoding: UTF-8
64. Loaded 1 password hash (dynamic_1591 [md5($u:ManagementRealm:$p) 32/64 x2 (MD5_body)])
65. Warning: no OpenMP support for this hash type, consider --fork=8
66. Press 'q' or Ctrl-C to abort, almost any other key for status
67. password (davy)
68. 1g 0:00:00:00 DONE 2/3 (2016-04-15 08:57) 5.882g/s 14758p/s 14758c/s 14758C/s 123456..phillips
69. Use the "--show" option to display all of the cracked passwords reliably
70. Session completed