Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20060405234745.GA11224@openwall.com>
Date: Thu, 6 Apr 2006 03:47:45 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: new at this cracker business

On Wed, Apr 05, 2006 at 10:06:41PM +0000, jay rubin wrote:
> I decided I wanted to see how secure was my windows password.  Without 
> getting into too much about all the missteps that I've taken I've finally 
> downloaded 1.7 + jumbo patch build for Win32 (1664 KB), by thomas springer 
> and pwdump2.  I ran my SAM file through pwdump2

Jay originally sent a similar question to me privately, but I asked that
he post it to the list. ;-)

Jay - it's a pity that you've omitted the "missteps" from this posting
because they're still relevant.  Basically, your grabbing the SAM file
was a mistake - it would have been more straightforward to use one of
the PWDUMP* tools (such as pwdump2 which you've downloaded) to dump the
hashes to a text file.

SAM files are much harder to process.  John does not process SAM files
directly.  Moreover, recent versions of Windows encrypt hashes in the
SAM with so-called SYSKEY - so you would need to grab that as well.
That's a lot of complexity for no gain.  Just don't do it.

As it relates to your "running a SAM file through pwdump2", you must be
wrong.  pwdump2 does not process SAM files; rather, it dumps the hashes
from the running Windows system.

> and then ran john using
> 
> john -show -format=LM SAM.txt
> 
> the following message was the result
> 
> 0 password hashes cracked, 7 left  (if I run this with a format of NT I get 
> the same thing on with 5 left)

That's obvious - you haven't cracked any of the hashes yet.  But this
tells us that your file is of the correct format (should be PWDUMP
output) - that's good.

To actually start a cracking session, run:

	john SAM.txt

yes, with no options.  This will attempt cracking your LM hashes
(they're case-insensitive, but that's good enough if you just want to
see how long it takes to crack your passwords).

Then, after the above command terminates or after you interrupt it, run:

	john --show SAM.txt

to continue cracking, run:

	john --restore

> I've tried not to waste anyones time by going through the MARC message 
> archieves but still need some help.

Thank you for reviewing the archives.  One thing you could have done
better - also saving you time - is starting by reading the documentation
for JtR - at least the README and EXAMPLES files - before even starting
with the list archives:

	http://www.openwall.com/john/doc/
	http://www.openwall.com/john/doc/EXAMPLES.shtml

> It may be my ini file.

No, the ini file should be fine.

> The ini file I 
> got it is hard to read since the the lines are all strung out while another 
> ini file from a previous version of john I had downloaded is readable.

That's one of the differences between official and unofficial Win32
builds of John.  For the official builds, I spend some extra time to
make things more Windows-ish - including conversion of text files from
Unix to DOS-style linefeeds.  Obviously, others doing unofficial builds
may not care to do the same.  This does not affect the operation of the
program in any way.

You did not have to use the unofficial build for what you intend to do.
The official one you had downloaded previously would have worked.

> Please respond as if writing for John for Dummies.

Well, this response might not be it.  I thought that I need to comment
on the mistakes you've made first.  Step-by-step instructions would have
been both shorter and simpler.  Please let us know if you still have
difficulties and I'll post the "for dummies" thing.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.