Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <00e001cd4439$9d0641b0$d712c510$@net>
Date: Wed, 6 Jun 2012 18:10:49 -0500
From: "jfoug" <jfoug@....net>
To: <john-users@...ts.openwall.com>
Subject: RE: JtR to process the LinkedIn hash dump

>From: Brad Tilley [mailto:brad@...ystems.com]
>> The patches are found here:
>>
>> http://openwall.info/wiki/john/patches
>
>Thanks. That's working well in testing with the rockyou word list.

You will note that 'most' of them that you crack will have 00000 as the
first bytes of the hash (if you are using the rock-u words, and nothing more
than 'rules' from JtR).  This shows that whomever released this, that they
are using 00000 as a 'already cracked' signature.

To check to see if you have hashes which are 'not' already cracked (assuming
you have a clean john.pot file, with ONLY these hashes in it), you can
easily do:

grep -v "26$00000" john.pot

It will list any hashes that do not start with 5 0's (and the password of
course).

The lines that show from that grep will be like this:

$dynamic_26$hash:pass   (where hash does not start with 00000)

Jim.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.