Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130121142356.GA10868@openwall.com>
Date: Mon, 21 Jan 2013 18:23:56 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: UniqPass versus JtR default password list and weird behavior

On Mon, Jan 21, 2013 at 09:11:39AM -0500, Rich Rumble wrote:
> On Sun, Jan 20, 2013 at 10:44 PM, Matt Gardenghi <mtgarden@...il.com> wrote:
> > c:\Users\Matt\Desktop\john179j5\run>john --wordlist=uniq.txt --format=nt
> > ntlm.txt
> > Loaded 8 password hashes with no different salts (NT MD4 [128/128 SSE2 +
> > 32/32])
> This is specifying wordlist mode, once it's mangled the wordlist
> specified using the default wordlist rules, it terminates as expected.

When you specify --wordlist on the command line and do not also request
--rules, no mangling occurs.  The wordlist is run without rules.

> > I have repeated this process and verified the behaviors.  Any tips on what
> > is going wrong?

Nothing is going wrong.  John the Ripper does exactly what it is asked to.

To obtain JtR's default behavior (the three different cracking modes),
the wordlist should be specified in "Wordlist = ..." in the config file
(john.ini on Windows), then "john" should be run (almost) without
command-line option (--format=nt is needed in this case, though).

Alternatively, the three modes (and maybe more) may be run explicitly,
one by one.  "--wordlist=uniq.txt --rules=jumbo" is also a good thing to
try (more mangling rules than are used by default).

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.