|
Message-ID: <SNT150-W3453A8F47415758243D1F1D7D70@phx.gbl> Date: Wed, 4 Dec 2013 17:10:56 -0700 From: Donald Raikes <evhadu@...look.com> To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com> Subject: RE: jtr newbie: getting no hashes loaded message Magnum, Thanks again! After changing the ":" to a "$" I get 450,000 hashes loaded with 4096 different salts. Now it is just a matter of waiting for the process to finish. > Date: Thu, 5 Dec 2013 00:17:34 +0100 > From: john.magnum@...hmail.com > To: john-users@...ts.openwall.com > Subject: Re: [john-users] jtr newbie: getting no hashes loaded message > > On 2013-12-05 00:08, Donald Raikes wrote: > > Magnum, > > > > Thanks for the hints. I had already thought of the dynamic_62 format, but when I run: > > > > $ ./john --format dynamic_62 pwd.txt > > > > I get no hashes loaded. > > That is because you use ':' between hash and salt as opposed to the '$' > I suggested. > > > When I run: > > > > $ ./john --format=raw-sha256 pwd.txt > > I get 452,000 hashes loaded > > > > However, when I combine the second command with a wordlist of over 18,000,000 words, it returns 0 matches. > > Trying to crack salted hashes with an unsalted format will do no good. > Although actually if a password candidate happens to end with the > literal salt, it will be cracked (claiming the salt was part of the > password). > > > According to the java source code that was used to generate teh file, the hash was created as follows: > > > > 1. a secure random 12-bit number is generated. > > 2. sha256($p+"|"+$s); > > Here's an important detail. It seems we have a literal "|" character to > deal with too. Instead of hacking source code and rebuild JtR, you can > add that literal character so eg. a salt of "1234" is listed as "|1234". > > > 3. base64_encode(hash from #2); > > > > I wrote a java program to base64_decode the encoded hash and print it in hexadecimal format. > > I checked the output with an online base64 to hex converter and it was correct. > > > > so now my file format is: > > > > username:sha256($p.$s):salt > > > > When I ran the second format of the john command from above it said that 452,000 hashes were loaded wit h 0 different salts. > > > > it seems like the salts are not being taken into account. > > > > a snippet of my password file is below: > > > > ShortChic74@...oo.com:D59E1B36975F72F2D15BFFBB522F33953636EFB4ABAEAC749A560384A33A9D75:2179 > > mirda@...l.uajy.ac.id:11C23E4E4167803DC83AB04AB6BF17B9EF60EE3C957D3DFA974144E131BC617B:2018 > > Hayley_06jf@...oo.com:90C662E90AD50F4114FCC5A2F3EA82738C25B64BB716CB811B320816F7DDD7A0:387 > > mjharleygirl83@....com:5BF2293A6088C85AC23CBC82A074B76C05CECDC7FAE42AEF9B8DDC3AAD09FCE8:2802 > > > > Any tips welcome :-) > > This works (using dynamic_62): > ShortChic74@...oo.com:D59E1B36975F72F2D15BFFBB522F33953636EFB4ABAEAC749A560384A33A9D75$|2179 > mirda@...l.uajy.ac.id:11C23E4E4167803DC83AB04AB6BF17B9EF60EE3C957D3DFA974144E131BC617B$|2018 > Hayley_06jf@...oo.com:90C662E90AD50F4114FCC5A2F3EA82738C25B64BB716CB811B320816F7DDD7A0$|387 > mjharleygirl83@....com:5BF2293A6088C85AC23CBC82A074B76C05CECDC7FAE42AEF9B8DDC3AAD09FCE8$|2802 > > I *know* that, because I just now cracked one of them. Oh, make that two. > > magnum >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.