Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 14 Dec 2012 10:01:24 +0100
From: magnum <john.magnum@...hmail.com>
To: "john-dev@...ts.openwall.com" <john-dev@...ts.openwall.com>
Subject: John not "showing" cracked passwords in pot file (was:john-dev)

I started looking into this:

$ echo user:5d41402abc4b2a76b9719d911017c592 >test.in
$ echo 5d41402abc4b2a76b9719d911017c592:hello >test.pot

$ ../run/john --show --pot=test.pot --format=raw-md5 test.in 
0 password hashes cracked, 1 left

$ ../run/john --show --pot=test.pot --format=dynamic_0 test.in
0 password hashes cracked, 1 left

$ ../run/john --pot=test.pot --format=raw-md5 test.in --show=left
(no output)

$ ../run/john --pot=test.pot --format=raw-md5 test.in 
Loaded 1 password hash (Raw MD5 [128/128 SSE2 intrinsics 12x])
No password hashes left to crack (see FAQ)

Same results as wfdawson. But I can't see what is wrong in rawMD5_fmt:

* valid() accepts tags or not
* split() adds a tag
* prepare() is not used

This seems correct to me. What is wrong then? The problem is only with --show and only when not using 'left'. We really need to fix this.

magnum


On 24 Nov, 2012, at 11:36 , magnum <john.magnum@...hmail.com> wrote:

> On 11/24/2012 06:59 AM, wfdawson wrote:
>> Using the familiar "hello" raw-md5 hash...
>> 
>> 
>> $ cat user
>> user:5d41402abc4b2a76b9719d911017c592
>> 
>> 
>> $ john --show --format=raw-md5 user
>> 0 password hashes cracked, 1 left
>> 
>> 
>> $ grep 5d41402abc4b2a76b9719d911017c592 ~/.john/john.pot
>> 5d41402abc4b2a76b9719d911017c592:hello
> 
>> It finally hit me - my legacy pot file is missing the tag that current versions of john prepend to the hash.  A "proper" john.pot should have:
>> 
>> $ cat john.pot
>> $dynamic_0$5d41402abc4b2a76b9719d911017c592:hello
>> 
>> 
>> $ ./john --show --pot=john.pot --format=raw-md5 user
>> user:hello
>> 
>> 1 password hash cracked, 0 left
> 
> This is probably a bug. I recall we have fixed it before but it keeps crawling back. Off the top of my head we made this decision years ago (1.7.7-jumbo-something):
> 
> - when loading hashes, accept tags or not
> - when using --show, accept tags or not (your case)
> - when writing to pot file, always include the tag
> 
>> My pot file has 1340887 untagged hash lines out of 5132667 total.  It seems that lotus5 and dominosec hashes don't get a tag, so that's a legitimate circumstance for much of my pot file.
>> 
>> I suppose I could clean this up by moving my john.pot to another location and artificially re-crack the assembled hashes by iterating over the known hash types to rebuild the "missing" tags.  Is there an easier way to get there?
> 
> Easiest way to do just that is using --loopback mode, as you may already know. Eg:
> 
> $ john --loop --format=raw-md5
> $ john --loop --format=nt
> $ john --loop --format=raw-sha1
> 
> magnum
> 
> 
> 


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ