Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <1353736746.66170.YahooMailNeo@web181301.mail.ne1.yahoo.com>
Date: Fri, 23 Nov 2012 21:59:06 -0800 (PST)
From: wfdawson <wfdawson@...lsouth.net>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: John not "showing" cracked passwords in pot file

Using the familiar "hello" raw-md5 hash...


$ cat user
user:5d41402abc4b2a76b9719d911017c592


$ john --show --format=raw-md5 user
0 password hashes cracked, 1 left


$ grep 5d41402abc4b2a76b9719d911017c592 ~/.john/john.pot
5d41402abc4b2a76b9719d911017c592:hello


Strange... I thought it was perhaps related to the size of my pot file, so I created a special pot file with only the single hash in it lifted from my legacy pot file.  Same result.  I tried it with the "current" test version from Gentoo, and the latest unstable from github.  Same result each try.  Oddly enough, show=left indicates no remaining uncracked hashes.


$ cat john.pot
5d41402abc4b2a76b9719d911017c592:hello


$ ./john --show --pot=john.pot --format=raw-md5 user
0 password hashes cracked, 1 left


$ ./john --show=left --pot=john.pot --format=raw-md5 user


$ ./john --session=user-all --pot=john.pot --format=raw-md5 user
Loaded 1 password hash (Raw MD5 [128/128 SSE2 intrinsics 12x])
No password hashes left to crack (see FAQ)


ver: 1.7.9-jumbo-7+unstable_omp [linux-x86-64i]

It finally hit me - my legacy pot file is missing the tag that current versions of john prepend to the hash.  A "proper" john.pot should have:

$ cat john.pot
$dynamic_0$5d41402abc4b2a76b9719d911017c592:hello


$ ./john --show --pot=john.pot --format=raw-md5 user
user:hello

1 password hash cracked, 0 left



My pot file has 1340887 untagged hash lines out of 5132667 total.  It seems that lotus5 and dominosec hashes don't get a tag, so that's a legitimate circumstance for much of my pot file.

I suppose I could clean this up by moving my john.pot to another location and artificially re-crack the assembled hashes by iterating over the known hash types to rebuild the "missing" tags.  Is there an easier way to get there?

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.