Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <7233e0378a48b5df2eddf99564f560c0@smtp.hushmail.com>
Date: Wed, 22 Feb 2012 09:19:00 +0100
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: more info about syntax

On 02/22/2012 02:50 AM, Rich Rumble wrote:
> I have started this project, I thought I'd include the list before I got much
> further to make sure the style I'm using was palatable for the community,
> I think it's pretty simple, with examples I've tested. One small question
> I've had in that testing, is about the GECOS field. Is this always after the
> "fifth" colon, or will it vary from patch to patch in jumbo? I've tried adding
> the plain-text passwords to my examples in that field whenever -single
> was able to crack them; however it doesn't always do so when they are
> included in the 5th field, and I've tried 3-7 as well.

In released versions, gecos info is always read from field 5 [starting
from 1] and uid from field 3. After noticing that pwdump-format could
not be used with the --user=<uid> option, this was patched (currently in
git, will be in next Jumbo) so for pwdump format, we now read uid from
field 2.

In l0pthcrack style input, field 5 holds a hash and I noticed these
hashes were used to generate zillions of totally useless password
candidates in single mode. This was fixed in the same patch.

The current code for pwdump will read uid from field 2 and no gid,
gecos, homedir or shell information. Maybe I should change this so we do
read gecos and homedir from fields 5 and 6 according to the Samba doc (I
was not aware of that, I have never seen such info).

The current code for l0phtcrack-style input will read gecos from field 3
(just in case there is a domain name there) and no uid, gid, homedir or
shell. I am not aware of any more fields that could be of use.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.