Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <1349014316.66647.YahooMailNeo@web120903.mail.ne1.yahoo.com>
Date: Sun, 30 Sep 2012 07:11:56 -0700 (PDT)
From: NeonFlash <psykosonik_frequenz@...oo.com>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: Re: WebEdition CMS

Thanks. But it does not work for me. Now, I have updated my dynamic.conf with the configuration you have given.

Here is the syntax I use:

C:\JTR\run>john -w:wordlist.txt webedition.txt
No password hashes loaded (see FAQ)

The hash in webedition.txt file is:

$dynamic_1011$e82bf09e8a1899d4c3d00a3f380d5cdb$SXB

Are there any other changes I need to make to load the hash?

I have observed a lot of inconsistencies in loading dynamic hashes in general, can't seem to get it working at first attempt generally though :D



________________________________
 From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-users@...ts.openwall.com; NeonFlash <psykosonik_frequenz@...oo.com> 
Sent: Sunday, September 30, 2012 7:35 PM
Subject: Re: [john-users] WebEdition CMS
 
On Sun, Sep 30, 2012 at 7:26 PM, NeonFlash
<psykosonik_frequenz@...oo.com> wrote:
> I updated the dynamic.conf file with the configuration provided however, what's the command line to run?
>
> I am using:  1.7.9-jumbo-5
>
> The test hash given is:
> $dynamic_1011$e82bf09e8a1899d4c3d00a3f380d5cdb$SXB:openwall

The correct has is
"$dynamic_1011$e82bf09e8a1899d4c3d00a3f380d5cdb$SXB". Remove
":openwall" from the hash.

> I used:
>
> john --subformat=dynamic_1011 -w:wordlist.txt webedition.txt

✗ cat ~/webedition.txt
$dynamic_1011$e82bf09e8a1899d4c3d00a3f380d5cdb$SXB

✗ ../run/john w:wordlist.txt ~/webedition.txt
Loaded 1 password hash (dynamic_1011 md5($p.md5($s)) (WebEdition CMS)
[128/128 SSE2 intrinsics 10x4x3])
openwall         (?)
guesses: 1  time: 0:00:00:00 DONE (Sun Sep 30 19:31:50 2012)  c/s: 9.5

> It does not load the hash.

Try the changes mentioned above.

> Also, in the test hash, what is 'SXB'?

It is the salt (username).

> openwall is the username which is used as the salt. Is SXB supposed to be the precomputed salt (md5(username))?
>
> I am using the configuration file provided by Jim, the one with only 1 call to md5.

For now I am using the following configuration,

####################################################################
# DYNAMIC type for WebEdition CMS md5($p.md5($s))
# > select username,passwd,UseSalt from tblUser
# username is salt
####################################################################
[List.Generic:dynamic_1011]
Expression=md5($p.md5($s)) (WebEdition CMS)
Flag=MGF_SALTED
Func=DynamicFunc__clean_input
Func=DynamicFunc__append_salt
Func=DynamicFunc__crypt_md5
Func=DynamicFunc__clean_input2
Func=DynamicFunc__append_keys2
Func=DynamicFunc__append_from_last_output_to_input2_as_base16
Func=DynamicFunc__crypt_md5_in2_to_out1
Test=$dynamic_1011$e82bf09e8a1899d4c3d00a3f380d5cdb$SXB:openwall
Test=$dynamic_1011$c0e024d9200b5705bc4804722636378a$admin:admin
Test=$dynamic_1011$14f8b3781f19a3b7ea520311482ce207$openwall:openwall

I couldn't get Jim's configuration working. Trying to debug it currently.

-- 
Cheers,
Dhiru

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.