|
Message-ID: <20150715162243.GA14071@openwall.com> Date: Wed, 15 Jul 2015 19:22:43 +0300 From: Aleksey Cherepanov <lyosha@...nwall.com> To: jfoug@....net Cc: john-dev@...ts.openwall.com Subject: Re: Default attack format On Wed, Jul 15, 2015 at 10:48:41AM -0400, jfoug@....net wrote: > ---- Aleksey Cherepanov <lyosha@...nwall.com> wrote: > > I think --show=types could do the job: the first format in the first > > line with 1+ formats listed is the default one. But it is in jumbo > > only. > > That really gives you no information. It is all in the valid() return (with a prepare). Only knowing the format names does not allow you to know if a line is valid within that format. It is all within the actual logic OF the format itself. Since there is no API into john exposing the format array, there really is no way to know ATT without allowing john to run on the file. --show=types uses a loop similar to loader's loop, i.e. it calls prepare() and valid(). There are only a few differences: it does not stop with 1 format, also it enforces dynamic_allow_rawhash_fixup after the first line (I think dynamics reset it when there is no bare hash on the first line). Of course, loader might be changed since --show=types implementation so more differences might be introduced. I guess it is not easy to distinguish when dynamic_allow_rawhash_fixup affected --show=types. Nevertheless in simple cases, it works as I said: $ cat pwdump.pw Administrator:500:207277225E983B147AC464727886BD82:90BBDB25BC6556610DAA4F03900FBE92::: $ echo | sha512sum - | cut -d ' ' -f 1 > sha512.pw $ cat sha512.pw be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09 $ john --show=types pwdump.pw sha512.pw Administrator:207277225E983B147AC464727886BD82:500:::::LM:[...] ?:be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09:::/:/:/:lotus85:[...] $ john --pot=t.pot pwdump.pw sha512.pw [...] Loaded 2 password hashes with no different salts (LM [DES 128/128 SSE2-16]) [...] $ john --show=types sha512.pw pwdump.pw ?:be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09:::/:/:/:lotus85:[...] Administrator:207277225E983B147AC464727886BD82:500:::::LM:[...] $ john --pot=t.pot sha512.pw pwdump.pw [...] Loaded 1 password hash (lotus85, Lotus Notes/Domino 8.5 [8/64]) [...] A run with an empty file or a wrong file could be the run. magnum's run with empty password seems good too. $ john --wordlist=/dev/null --pot=t.pot sha512.pw pwdump.pw [...] Loaded 1 password hash (lotus85, Lotus Notes/Domino 8.5 [8/64]) Error, dictionary file is empty $ john --wordlist=/ --pot=t.pot sha512.pw pwdump.pw [...] Loaded 1 password hash (lotus85, Lotus Notes/Domino 8.5 [8/64]) Press 'q' or Ctrl-C to abort, almost any other key for status fgets: Is a directory $ john --wordlist=asdf --pot=t.pot sha512.pw pwdump.pw [...] Loaded 1 password hash (lotus85, Lotus Notes/Domino 8.5 [8/64]) fopen: asdf: No such file or directory Thanks! -- Regards, Aleksey Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.