Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 8 Feb 2015 19:27:45 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: dmg2john.py Text file rendering

Jordan,

Please see inline:

On Fri, Jan 30, 2015 at 11:32:13AM -0500, Jordan Cross wrote:
> I have a .dmg file that was created through the Mac OS X disk utility and
> it is about 1.02gb, and I am unsure of which form of encryption that was
> used. I believe that there are two options during creation: AES 128 and AES
> 256. I am unsure of the version of JTR that I am running, it has slipped my
> mind.

Please either find out which version of JtR you're using (and let us
know) or download and try a recent version (and let us know which one as
well).  To find out JtR version, run it in a terminal without giving it
any command-line options.  It will print a lengthy usage summary, but
before that it will also print its version number (you might need to
scroll up to see it).

> However, the version I have wasn't compiled including dmg2john.py.

dmg2john.py is a script that is run as-is, it is not to be "compiled".
I guess what you mean is that your version did not include that script.
However, it might have included dmg2john binary executable, which is
compiled from some C source files.  These two implementations of
dmg2john provide similar functionality (but there may be differences).

> I wound up getting it from GitHub.

Which branch?

> When running the dmg2john I can successfully get a rendered .txt file.

Great!  Now just feed it to a recent enough version of JtR.

> However, the first time I dumped the
> file in, using single mode, too "excessive hashes" were loaded for
> cracking.

What do you mean by "too "excessive hashes" were loaded for cracking"?
What did this look like?

> I canceled that process and tried one more time and now it
> replies with "No password hashes loaded (see FAQ)"

This suggests that either your password was cracked, or you received
false positives (although for a .dmg file that is unexpected).  Please
try running "./john --show" on your .txt file (the dmg2john output)?
Does it print a cracked password?  Does that password work?  Having
tried that, you may "rm john.pot" and start over, this time observing
the behavior more closely so that you can report it to us in here.

> Can anyone explain to me what's going on?

Definitely some confusion is going on.  Other than that, it's unclear.
Let's find out, or avoid the problem by using a newer version.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.