Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <BLU0-SMTP363EAFF895334B3F2E94599FDBD0@phx.gbl>
Date: Sun, 12 Jan 2014 13:19:43 +0100
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-users@...ts.openwall.com
Subject: Re: How to use Wordlists with John The Ripper

On 01/12/2014 07:54 AM, NRO117@...il.com wrote:
> Meanwhile I attempted as described below.  My results were as follows:
> _____
> 
> john password_sha1.txt -w=password.lst
> stat: password_sha1.txt: No such file or directory
> _____
> 
> sha1.txt being the hash I am attempting to decrypt
> password.lst being the wordlist I am attempting to use
> 
> I then entered the following with results below:  
> _____
> 
> john password_sha1.txt -w=password.lst
> Loaded 2 password hashes with no different salts (LM DES [128/128 BS SSE2])

Probably a copy and paste error, and you actually tried
john sha1.txt -w=password.lst

Otherwise, you should have seen the same error message as before.
> _____
> 
> Does that look right? (no different salts included?)

This means, that your version of John the Ripper has detected the hashes
in sha1.txt as LM hashes.
Because your file is named sha1.txt, I would assume that it doesn't
contain LM hashes.
A number of different hash formats might be wrongly detected by john,
especially raw hashes using hexadecimal encoding, i.e., the hashes are
just sequences of [0-9a-f] or [0-9A-F].


I don't suggest you post one or more hashes in your sha1.txt files
(because others might be able to crack them).
But if my assumption about hex encoded hashes is right, it would be nice
to know:

Where and how did you get these hashes, which application or OS is using
these hashes?
Can you create a similar sample hash with a known trivial password, and
post both the known password and the hash here?
If not, can you at least check the length of the hash encoded string?

Is it the same length than the hex encoded string here:

echo -n "test" |sha1sum -
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3  -

These are 40 characters (20 Bytes in hex encoding).
Are your hashes of the same length?
If not, what is the length?


Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.