Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CALrQjmVDNLK7aTOCQMRyRGxbOvjckN-DG89hVJCv8XGfiy_piQ@mail.gmail.com>
Date: Fri, 2 Sep 2011 13:53:41 +0200
From: estenole lists <estenole.lists@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: False positives on zip (aes256)

Hello all,

fully functional, at least for my specific needs .-)
(1fh8   was added serveral time to the wordlist for testing)

# usr/src/john-1.7.8-jumbo-5/src# ../run/./john
--wordlist=/zip/listado-john.txt /zip/hachme-hash.txt
Loaded 1 password hash (zip [32/64])
1fh8             (/zip/hackme.zip)
1fh8             (/zip/hackme.zip)
1fh8             (/zip/hackme.zip)
guesses: 3  time: 0:00:02:03 0.75% (ETA: Fri Sep  2 18:18:11 2011)  c/s:
239  trying: 10rM - 10sZ
1fh8             (/zip/hackme.zip)
guesses: 4  time: 0:00:04:06 1.51% (ETA: Fri Sep  2 18:16:23 2011)  c/s:
240  trying: 1jm0 - 1jnl
1pf)             (/zip/hackme.zip)
guesses: 5  time: 0:00:06:08 2.24% (ETA: Fri Sep  2 18:18:39 2011)  c/s:
238  trying: 1u3M - 1u4Z


Thank you !

2011/9/2 estenole lists <estenole.lists@...il.com>

>
> Hello,
>
> seems like the problem was on ldr_remove_hash(crk_db, salt, pw) inside
> crk_process_guess .-)))
>
>
> static int crk_process_guess(struct db_salt *salt, struct db_password *pw,
>         int index)
> {
>         int dupe;
>         char *key;
>
>         dupe = !memcmp(&crk_timestamps[index], &status.crypts,
> sizeof(int64));
>         crk_timestamps[index] = status.crypts;
>
>         key = crk_methods.get_key(index);
>
>         log_guess(crk_db->options->flags & DB_LOGIN ? pw->login : "?",
>                 dupe ? NULL : pw->source, key,
> crk_db->options->field_sep_char);
>
>         crk_db->guess_count++;
>         status.guess_count++;
>
>         if (crk_guesses && !dupe) {
>                 strnfcpy(crk_guesses->ptr, key,
> crk_params.plaintext_length);
>                 crk_guesses->ptr += crk_params.plaintext_length;
>                 crk_guesses->count++;
>         }
>
>         /*ldr_remove_hash(crk_db, salt, pw);*/
>
>         if (!crk_db->salts)
>                 return 1;
>
>         crk_init_salt();
>
>         return 0;
> }
>
>
> Thank you
>
>
>
> 2011/9/2 estenole lists <estenole.lists@...il.com>
>
>>
>> Hello,
>>
>> ive tried it without suceess, it stops on the first key it finds. Ive been
>> makeing some tests
>> and seems like i should modify the function crk_process_gues called from
>> cracker.c. My C
>> knowledge is limited, but that function make some changes that affect the
>> rest of the bufferered
>> keys os any other value.
>>
>>
>>  if (crk_methods.cmp_exact(pw->source, index)) {
>>                                 if (crk_process_guess(salt, pw, index))
>>                                    ->     return 1;
>>                                 else
>>                                         break;
>>                         }
>>
>>                 } while ((pw = pw->next));
>>
>>
>> Ive tried some modifications, but after crk_process_gues the program
>> exits. I tried to modify some
>> calls before but i ended on a Segmen segfault errors.
>>
>> Ill let you know if im able to get it working.
>>
>> Thank you !
>>
>>
>>
>>
>> 2011/9/1 jfoug <jfoug@....net>
>>
>>> You will have to 'change' the zip format source file to  do this. Change
>>> the
>>> cmp_exact to this (NOTE I have not tested, just coding in the email)
>>>
>>> static int cmp_exact(char *source, int index)
>>> {
>>>        static int cnt=0;
>>>        if (++cnt < 13) // we have to 'pass' the self tests.
>>>                return has_been_cracked[index];
>>>        cnt = 20; // to make sure we do not 'wrap' cnt past the end of a
>>> 2^31 number to a negative number
>>>        if (has_been_cracked[index]) {
>>>                fprintf(stderr, "\nPossible pass:  %s   Hash=%s\n\n",
>>> saved_key[index], source);
>>>                log_event("++ Possible pass:   [%s]", saved_key[index]);
>>>        }
>>>      return 0;
>>> }
>>>
>>> Then you can see them show up on the screen output, and also in the
>>> john.log
>>> file.  These can then be tested after the run.
>>>
>>> NOTE, this method will cause john to NEVER find the password.  It simply
>>> informs you in output that a possible password was seen.  The right one
>>> will
>>> be output, along with any false positives.
>>>
>>> Jim.
>>>
>>> >From: estenole lists [mailto:estenole.lists@...il.com]
>>> >
>>> >Hello all,
>>> >
>>> >im using the latest John the Ripper
>>> >1.7.8-jumbo-5<http://www.openwall.com/john/g/john-1.7.8-jumbo-5.tar.gz>
>>> >version
>>> >for trying to get the key of a zip encrypted
>>> >with aes256 bit. I allready know that actuallty false positives are
>>> >common
>>> >at this time.
>>> >
>>> >THe problem is tha when processing the wordlist john stops as soon as a
>>> >key
>>> >is found, but at the moment
>>> >none on them works, what i want to achieve is to force john to try with
>>> >the
>>> >full wordlist while printing
>>> >the keys found so i can try them when finished. Could find any option or
>>> >configuration to do so, do you
>>> >know id theres such a possiblity ?
>>> >
>>> >Thank you
>>>
>>>
>>
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.