Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120913124551.GA30482@openwall.com>
Date: Thu, 13 Sep 2012 16:45:51 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Help for JTR

Jonathan -

On Thu, Sep 13, 2012 at 11:10:50AM +0800, Jonathan Xiao wrote:
> "no passwords found in here" means that john did not get any results after
> completing the job. John says that 4 different hashes have been loaded in
> but after it completes, guesses = 0.

How long did it run for?

> The hash input to john is as follows:
> adm:1003:f5ed24301452410f0f802f643692aaef:3c4ac740fc1ecbee5da191a14f0cdc29:::

Are these the actual hashes or did you overstrike some characters before
posting (for security)?

> "f5ed..." is the LM hash and "3c4ac..." is the nt hash, i think.

Yes, they should be.

What tool did you use to extract the hashes?  In case you were using SAM
and SYSTEM files as input to that tool, is it possible that you happened
to use an inconsistent combination of those?

What is your reason to be cracking these hashes?  If it's to re-gain
access to a system, why don't you just reset the password?

To test JtR and other cracking tools, you may use e.g. this line:

user:1000:e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c:password::

The password is "password".

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.