Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4b588332-d035-5275-b415-9751a877a4e4@gmail.com>
Date: Wed, 7 Sep 2016 12:05:47 +0200
From: Marek Wrzosek <marek.wrzosek@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Show only cracked usernames and passwords for a
 given hash file?

Hi nyxgeek,

W dniu 07.09.2016 o 05:55, nyxgeek@...abs.co pisze:
> Is there any way to have John's --show flag show just usernames and 
> passwords cracked for a given hash file, in the format of:
> 
> user00:Password1234567890
> 
> 
> instead of having it displayed in-line, like:
> 
> user00:Password1234567890:1000:aad3b435b51404eeaad3b435b51404ee:17bd91defd0d2fe234239a5bb90a9595:::
>
> 

I think, there is another workaround. You can reverse order of
characters in lines, cut fields from 7th to the end, then reverse lines
one more time.
E.g.:
$ echo -e
"user00:Password1234567890:1000:aad3b435b51404eeaad3b435b51404ee:17bd91defd0d2fe234239a5bb90a9595:::\n\
user00:Passwor:d1234567890:1000:aad3b435b51404eeaad3b435b51404ee:17bd91defd0d2fe234239a5bb90a9595:::"|rev|cut
-d: -f7-|rev
user00:Password1234567890
user00:Passwor:d1234567890

> 
> 
> This would allow for the passwords for a particular hash file to
> easily be harvested/analyzed by performing a 'cut -d: -f2-', rather
> than having it be embedded inside the string.  By embedding the
> solved password inside the string, it seems to make it impossible to
> reliably cut out, since a password could easily contain a colon,
> which would then be misread as a delimiter.
> 
The you'll be able to extract passwords by performing a 'cut -d: -f2-'.

E.g.:
$ echo -e
"user00:Password1234567890:1000:aad3b435b51404eeaad3b435b51404ee:17bd91defd0d2fe234239a5bb90a9595:::\n\
user00:Passwor:d1234567890:1000:aad3b435b51404eeaad3b435b51404ee:17bd91defd0d2fe234239a5bb90a9595:::"|rev|cut
-d: -f7-|rev|cut -d: -f2-
Password1234567890
Passwor:d1234567890

Every colon in a password should prevail this operation.

Best Regards,
Marek

-- 
Marek Wrzosek
marek.wrzosek@...il.com

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.