Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20110207004357.GA1738@openwall.com>
Date: Mon, 7 Feb 2011 03:43:57 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: John the Ripper does not detect openssl MD5 hashes

Martin,

On Mon, Feb 07, 2011 at 01:25:47AM +0200, Martin T wrote:
> I tried to create few MD5 hashes using openssl and then crack those
> hashes using John the Ripper(version 1.7.3.1) and a dictionary file.

You need to apply the jumbo patch (or use a build made with the patch
applied) in order to crack raw MD5 hashes.  Then, you will need the
"--format=raw-md5" option to avoid misdetection (because many different
hash types may have the same 32 hex characters look).

The official JtR supports MD5-based crypt(3) hashes, but not raw MD5.

You may download the jumbo patch or a pre-patched build here:

http://www.openwall.com/john/#contrib
http://download.openwall.net/pub/projects/john/contrib/linux/
http://openwall.info/wiki/john/custom-builds#Compiled-for-Linux-x86

> As you can see, john detects this as a "LM DES [64/64 BS MMX]" not
> "MD5" (this is probably a default if nothing else matches?).

No, it's not a default.  This is what I meant above re: different hash
types being encoded in the same way, with 32 hex chars.

> root@...tin-desktop:~# john --wordlist=/usr/share/john/password.lst --format=MD5 md5crypt

This tells JtR to only load MD5-based crypt(3) hashes, and you have none
of those in your file.

To summarize, you need to do two things at once:

1. Use a jumbo-patched build of JtR.
2. Supply the "--format=raw-md5" option to it.

Alternatively, if you're just experimenting, you may generate hashes of
a type supported by the official JtR.  You can use these Perl scripts:

http://www.openwall.com/lists/john-users/2008/06/18/3

BTW, the above posting is one of those linked from:

http://openwall.info/wiki/john/mailing-list-excerpts

And you may want to refer to this wiki page with sample hashes:

http://openwall.info/wiki/john/sample-hashes

I hope this helps.

Alexander

P.S. You could prefer to run those commands as a non-root user.  It's
not a good habit to run things as root unnecessarily, and from your
shell prompt you don't appear to be on a throw-away LiveCD system.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.