Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <2bed2a3b9edb34dbdad0847e45f88589@smtp.hushmail.com>
Date: Fri, 14 Dec 2012 10:01:24 +0100
From: magnum <john.magnum@...hmail.com>
To: "john-dev@...ts.openwall.com" <john-dev@...ts.openwall.com>
Subject: John not "showing" cracked passwords in pot file (was:john-dev)

I started looking into this:

$ echo user:5d41402abc4b2a76b9719d911017c592 >test.in
$ echo 5d41402abc4b2a76b9719d911017c592:hello >test.pot

$ ../run/john --show --pot=test.pot --format=raw-md5 test.in 
0 password hashes cracked, 1 left

$ ../run/john --show --pot=test.pot --format=dynamic_0 test.in
0 password hashes cracked, 1 left

$ ../run/john --pot=test.pot --format=raw-md5 test.in --show=left
(no output)

$ ../run/john --pot=test.pot --format=raw-md5 test.in 
Loaded 1 password hash (Raw MD5 [128/128 SSE2 intrinsics 12x])
No password hashes left to crack (see FAQ)

Same results as wfdawson. But I can't see what is wrong in rawMD5_fmt:

* valid() accepts tags or not
* split() adds a tag
* prepare() is not used

This seems correct to me. What is wrong then? The problem is only with --show and only when not using 'left'. We really need to fix this.

magnum


On 24 Nov, 2012, at 11:36 , magnum <john.magnum@...hmail.com> wrote:

> On 11/24/2012 06:59 AM, wfdawson wrote:
>> Using the familiar "hello" raw-md5 hash...
>> 
>> 
>> $ cat user
>> user:5d41402abc4b2a76b9719d911017c592
>> 
>> 
>> $ john --show --format=raw-md5 user
>> 0 password hashes cracked, 1 left
>> 
>> 
>> $ grep 5d41402abc4b2a76b9719d911017c592 ~/.john/john.pot
>> 5d41402abc4b2a76b9719d911017c592:hello
> 
>> It finally hit me - my legacy pot file is missing the tag that current versions of john prepend to the hash.  A "proper" john.pot should have:
>> 
>> $ cat john.pot
>> $dynamic_0$5d41402abc4b2a76b9719d911017c592:hello
>> 
>> 
>> $ ./john --show --pot=john.pot --format=raw-md5 user
>> user:hello
>> 
>> 1 password hash cracked, 0 left
> 
> This is probably a bug. I recall we have fixed it before but it keeps crawling back. Off the top of my head we made this decision years ago (1.7.7-jumbo-something):
> 
> - when loading hashes, accept tags or not
> - when using --show, accept tags or not (your case)
> - when writing to pot file, always include the tag
> 
>> My pot file has 1340887 untagged hash lines out of 5132667 total.  It seems that lotus5 and dominosec hashes don't get a tag, so that's a legitimate circumstance for much of my pot file.
>> 
>> I suppose I could clean this up by moving my john.pot to another location and artificially re-crack the assembled hashes by iterating over the known hash types to rebuild the "missing" tags.  Is there an easier way to get there?
> 
> Easiest way to do just that is using --loopback mode, as you may already know. Eg:
> 
> $ john --loop --format=raw-md5
> $ john --loop --format=nt
> $ john --loop --format=raw-sha1
> 
> magnum
> 
> 
> 

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.