[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CANWtx03+xkM+s7NpUKSjo=Q_-P8+J4RRUpVR3D2_e-62f6grAA@mail.gmail.com>
Date: Thu, 7 Jan 2016 09:38:27 -0500
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: get more info about what yield to crack a particular pwd
On Thu, Jan 7, 2016 at 2:53 AM, <patpro@...pro.net> wrote:
> Hi,
>
> I wonder if it's possible (debug mode?) to get more info about each password cracked during a jtr session. I would like to know for example:
> - what actual word from my wordlist was used
> - what rule applied to this word allowed jtr to crack the password
Yes you can, edit your john.conf and or your command line options, see below
# Emit a status line whenever a password is cracked (this is the same as
# passing the --crack-status option flag to john). NOTE: if this is set
# to true here, --crack-status will toggle it back to false.
CrackStatus = Y
# When printing status, show number of candidates tried (eg. 123456p).
# This is added to the "+ Cracked" line in the log as well (and that figure
# will be exact while the screen output will be a multiple of batch size).
StatusShowCandidates = Y
# Write cracked passwords to the log file (default is just the user name)
LogCrackedPasswords = Y
Here is an example session (john.log or is using -session=xxx it's in
session_name.log)
0:00:00:00 Starting a new session
0:00:00:00 Loaded a total of 1 password hash
0:00:00:00 Cost 1 (iteration count) is 6000 for all loaded hashes
0:00:00:00 Cost 2 (version) is 2 for all loaded hashes
0:00:00:00 - UTF-8 input encoding enabled
0:00:00:00 - Passwords in this logfile are UTF-8 encoded
0:00:00:00 - Passwords will be stored UTF-8 encoded in .pot file
0:00:00:00 - Rules/masks using ISO-8859-1
0:00:00:00 - Hash type: KeePass (lengths up to 125)
0:00:00:00 - Algorithm: SHA256 AES 32/64 OpenSSL
0:00:00:00 - Candidate passwords will be buffered and tried in chunks of 4
0:00:00:00 Proceeding with wordlist mode
0:00:00:00 - Rules: all
0:00:00:00 - Wordlist file: password.lst
0:00:00:00 - memory mapping wordlist (26325 bytes)
0:00:00:00 - loading wordfile password.lst into memory (26325 bytes,
max_size=5000000)
0:00:00:00 - wordfile had 3559 lines and required 28472 bytes for index.
0:00:00:00 - suppressed 13 duplicate lines and/or comments from wordlist.
0:00:00:11 - duplicate rule removed at line 755: :
0:00:00:11 - duplicate rule removed at line 755: -s x**
0:00:00:11 - duplicate rule removed at line 755: :
0:00:00:11 - duplicate rule removed at line 755: :
0:00:00:11 - duplicate rule removed at line 756: -[:c] A0"\p[mM]ay"
0:00:00:11 - duplicate rule removed at line 756: -[:c] A0"\p[jJ]une"
0:00:00:11 - duplicate rule removed at line 756: -[:c] A0"\p[jJ]uly"
0:00:00:11 - duplicate rule removed at line 756: -[c:] <* \p[c:] $[0-9]
0:00:00:11 - duplicate rule removed at line 756: -[c:] <* \p[c:]
$[!$@...^&()_+\-={}|[\]\\;'":,/<>?`~*]
0:00:00:11 - duplicate rule removed at line 756: -[c:] \p[c:]
A0q[!$@...^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@...^&()_+\-={}|[\]\\;'":,/<>?`~*]q
0:00:00:11 - duplicate rule removed at line 756: -[c:] \p[c:]
Az"[0-9][0-9][0-9][0-9]" <+
0:00:00:11 - duplicate rule removed at line 756: -[c:] \p[c:]
Az"[!$@#%.][0-9][0-9][0-9]" <+
0:00:00:11 - duplicate rule removed at line 756: -[c:] \p[c:]
Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9][0-9]q <+
0:00:00:22 - 7204515 preprocessed word mangling rules were reduced by
dropping 86142 rules
0:00:00:22 - 7118373 preprocessed word mangling rules
0:00:00:22 + Cracked keepass2: password as candidate #3
0:00:00:22 Session completed
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
