Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <5426FEAA.5040305@atenlabs.com>
Date: Sat, 27 Sep 2014 11:15:06 -0700
From: Dan Tentler <dan@...nlabs.com>
To: john-users@...ts.openwall.com
Subject: Re: john --show

hurm, that may be it.
These are all NT hashes, taken from a domain controller, they should all
be uniform.

Yep, that was the case..

[root@...alhost run]# ./john --show pwdump --format=nt2
343 password hashes cracked, 19243 left

[root@...alhost run]# ./john --show pwdump
104 password hashes cracked, 20216 left


I don't suppose a feature request for "just show me everything" would be
out of order? :D


On 9/26/14 5:38 PM, magnum wrote:
> That RPM/version should not have any such bug. The only reason I can
> think of is your input file has a mix of formats.
>
> Example:
>
> user1:md5hash
> user2:md5hash
> user3:sha1hash
> user4:sha1hash
>
> To crack all of them, you need to run raw-md5 and raw-sha1 separately.
> But this also goes for -show. To see all cracks you'd need to run
> "./john -show -format:raw-md5" and then "./john -show -format:raw-sha1".
>
> The same is also true for pwdump-style input files. They (often)
> contain both LM and NT hashes (on each line!), so to see both you need
> to run -show with each of those formats given as --format option.
>
> If this is not it, I think you need to give more detail.
>
> magnum
>
>
> On 2014-09-27 00:45, Dan Tentler wrote:
>> [root@...alhost run]# ./john
>> John the Ripper password cracker, ver: 1.7.9-jumbo-5 [linux-x86-64]
>> Copyright (c) 1996-2011 by Solar Designer and others
>>
>> I downloaded the RPM directly from the site. Not my 'regular box', this
>> one is some client VM they gave me - rhel 6.5.
>>
>> -Dan
>>
>> On 9/25/14 2:33 AM, magnum wrote:
>>> On 2014-09-25 06:54, Dan Tentler wrote:
>>>> So I noticed that doing john --show doesn't show everything - it seems
>>>> to only show 'cracked' passwords, not passwords that were something
>>>> like
>>>> 'the username is the password'.
>>>>
>>>> In this example there are a bunch of passwords that are super simple,
>>>> and they don't appear to all show up - ~100 or so of them are
>>>> 'mailbox'
>>>> - meaning 100 accounts with the password mailbox, but when I do john
>>>> --show only one example of it appears in the output..
>>>>
>>>> To get a full list (to feed to a tool like pipal or something) I'd
>>>> have
>>>> to do a bunch of hack and slash command line stuff to map the john.pot
>>>> file to the pwdump file so i can get a user:pass mapping for every
>>>> entry.
>>>>
>>>> Is this the new functionality, or have I have I found a bug?
>>>
>>> That would be a bug! What format is this? What version of John are you
>>> using?
>>>
>>> magnum
>>>
>>>
>>
>>
>
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.