Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 15 Jul 2015 19:22:43 +0300
From: Aleksey Cherepanov <lyosha@...nwall.com>
To: jfoug@....net
Cc: john-dev@...ts.openwall.com
Subject: Re: Default attack format

On Wed, Jul 15, 2015 at 10:48:41AM -0400, jfoug@....net wrote:
> ---- Aleksey Cherepanov <lyosha@...nwall.com> wrote: 
> > I think --show=types could do the job: the first format in the first
> > line with 1+ formats listed is the default one. But it is in jumbo
> > only.
> 
> That really gives you no information.  It is all in the valid() return (with a prepare).  Only knowing the format names does not allow you to know if a line is valid within that format.   It is all within the actual logic OF the format itself.   Since there is no API into john exposing the format array, there really is no way to know ATT without allowing john to run on the file.

--show=types uses a loop similar to loader's loop, i.e. it calls
prepare() and valid(). There are only a few differences: it does not
stop with 1 format, also it enforces dynamic_allow_rawhash_fixup after
the first line (I think dynamics reset it when there is no bare hash
on the first line). Of course, loader might be changed since
--show=types implementation so more differences might be introduced.

I guess it is not easy to distinguish when dynamic_allow_rawhash_fixup
affected --show=types.

Nevertheless in simple cases, it works as I said:

$ cat pwdump.pw
Administrator:500:207277225E983B147AC464727886BD82:90BBDB25BC6556610DAA4F03900FBE92:::
$ echo | sha512sum - | cut -d ' ' -f 1 > sha512.pw
$ cat sha512.pw
be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

$ john --show=types pwdump.pw sha512.pw
Administrator:207277225E983B147AC464727886BD82:500:::::LM:[...]
?:be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09:::/:/:/:lotus85:[...]

$ john --pot=t.pot pwdump.pw sha512.pw
[...]
Loaded 2 password hashes with no different salts (LM [DES 128/128 SSE2-16])
[...]

$ john --show=types sha512.pw pwdump.pw
?:be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09:::/:/:/:lotus85:[...]
Administrator:207277225E983B147AC464727886BD82:500:::::LM:[...]

$ john --pot=t.pot sha512.pw pwdump.pw
[...]
Loaded 1 password hash (lotus85, Lotus Notes/Domino 8.5 [8/64])
[...]


A run with an empty file or a wrong file could be the run. magnum's
run with empty password seems good too.

$ john --wordlist=/dev/null --pot=t.pot sha512.pw pwdump.pw
[...]
Loaded 1 password hash (lotus85, Lotus Notes/Domino 8.5 [8/64])
Error, dictionary file is empty

$ john --wordlist=/ --pot=t.pot sha512.pw pwdump.pw
[...]
Loaded 1 password hash (lotus85, Lotus Notes/Domino 8.5 [8/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
fgets: Is a directory

$ john --wordlist=asdf --pot=t.pot sha512.pw pwdump.pw
[...]
Loaded 1 password hash (lotus85, Lotus Notes/Domino 8.5 [8/64])
fopen: asdf: No such file or directory

Thanks!

-- 
Regards,
Aleksey Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.