Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <BLU0-SMTP217FC8D89A8A97E7B7D2F8CFD910@phx.gbl>
Date: Thu, 13 Sep 2012 07:26:03 +0200
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-users@...ts.openwall.com
Subject: Re: Help for JTR

On 09/13/2012 05:10 AM, Jonathan Xiao wrote:
> Hi guys,
> 
> Thanks for the response.
> 
> I did not try using john.exe without any options. I think the results will
> be the same as john.exe --crack-status --incremental hashes.txt because in
> this command, there is also no forcing of john to treat as LM hashes.
> 
> "no passwords found in here" means that john did not get any results after
> completing the job. John says that 4 different hashes have been loaded in
> but after it completes, guesses = 0. If I don't specified format=LM then
> there will be an output from john that john recognise Lm but then it can be
> nt and john recognise nt but it can be LM.

So that means, the first run was a longer one, and it completed the
batch mode (single, default word list with default rules, and
incremental mode) without finding any passwords?

Then, there is no point in retrying incremental mode, because john
already exhausted the complete LM key space in the first run.

> I was reading some posts online that john can't decode if the password is
> more than 8 characters long. Is this true?

This isn't true.
True is that in currently released versions of john, incremental mode is
limited to length 8. (This setting can be adjusted at compile time, but
you'd also need to generate a new .chr file for the new max. length.)
But for LM this doesn't matter.
LM passwords can be up to 14 characters long, but the first 7 characters
and the second part can be cracked separately, and john will do exactly
that. (That's why the number of loaded LM hashes might be twice the
number you'd expect from looking at the lines in your file.)

> Looking forward to your help.

Looks like the system didn't store LM hashes.
(Either because the password was longer than 14 characters, or because
it was configured to not store any LM hashes.)
So you might have to crack the NT hashes instead, without the ability to
crack the LM hashes first, in order to reduce the search space for
cracking the NT hashes.

You may use
john.exe --format=nt
or
john.exe --format=nt2
(depending on which implementation is faster on your system)

Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.