Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 4 Dec 2013 15:16:44 -0500
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: jtr newbie: getting no hashes loaded message

On Wed, Dec 4, 2013 at 12:45 PM, Donald Raikes <evhadu@...look.com> wrote:
> Here is a few sample records from my password file:
>
These seem to be from the Yahoo plain-text leak d33ds.co.uk (it's not
there anymore)
http://dazzlepod.com/yahoo/
I changed the format to salted-sha1 (which i gather is more dynamic
and just sha1)
ShortChic74@...oo.com:{SSHA}1Z4bNpdfcvLRW/+7Ui8zlTY277Srrqx0mlYDhKM6nXU=
mirda@...l.uajy.ac.id:{SSHA}EcI+TkFngD3IOrBKtr8Xue9g7jyVfT36l0FE4TG8YXs=
Hayley_06jf@...oo.com:{SSHA}kMZi6QrVD0EU/MWi8+qCc4wltku3FsuBGzIIFvfd16A=
mjharleygirl83@....com:{SSHA}W/IpOmCIyFrCPLyCoHS3bAXOzcf65Crvm43cOq0J/Og=

john sha256.txt -w=yahoo.txt
Loaded 4 password hashes with 4 different salts (Salted-SHA1 [SHA1 32/32])
But the passwords don't crack using the Yahoo list :( I can be
mistaken on this too, but I read once that ssha (salted-sha1) would
try more than sha1... I could be wrong, and I often am.

> When I ran your script, I got an error, and unfortunately, I am not a python expert by any stretch:
It's not mine i got it from that thread I linked to earlier... I don't
have any idea about py myself :)
> Any suggestions on how to fix the script/data would be appreciated.
i used an online B64->hex page to create other lines like:
ShortChic74@...oo.com:5bf2293a6088c85ac23cbc82a074b76c05cecdc7fae42aef9b8ddc3aad09fce8
mirda@...l.uajy.ac.id:90c662e90ad50f4114fcc5a2f3ea82738c25b64bb716cb811b320816f7ddd7a0
Hayley_06jf@...oo.com:11c23e4e4167803dc83ab04ab6bf17b9ef60ee3c957d3dfa974144e131bc617b
mjharleygirl83@....com:d59e1b36975f72f2d15bffbb522f33953636efb4abaeac749a560384a33a9d75

It loads as raw-sha256 but I don't think that format is salted. I'm at
a loss when it comes to the salted formats really, but I'm trying to
learn, maybe someone can chime in or elaborate on $dynamic_62$ format?

i think we need to separate the salt from base64 or have that
(dynamic_6x)format brute force the salt too? I'm not sure really,
looking at the source code for "dynamic_preloads.c" to figure out the
formats. I've tried all the dynamic_6x against the "decoded" strings
and it doesn't appear the passwords are from that yahoo dump or again
I've not got the format right yet.

Anyone else have any ideas?
-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.