Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 13 Aug 2015 04:48:37 -0700
From: Mathieu Laprise <mathlaprise@...il.com>
To: john-dev@...ts.openwall.com
Subject: Question on John --show behavior

Hey guys,
I'm using jumbo latest version from git. I'm trying to solve issue(
https://github.com/shinnok/johnny/issues/22) in Johnny. The goal is to show
all cracked passwords in a file with different formats in the tableview as
soon as the user open it.

First, I thought that calling john --show pw1.txt without parameter would
show ALL cracked passwords in the file. I thought it worked but then I got
this use-case.

I have a file which is recognized as LM(default), but the true is that they
are Nt-old. It's the one from cmiyc contest.
john --show pw1.txt
0 password cracked
john --show --format=Nt-old pw1.txt
2021 passwords cracked

Also, let's add a cracked nsldap hash in the middle of this file.
john --show pw1.txt
1 password cracked
john --show --format=Nt-old pw1.txt
2021 passwords cracked
john --show --format=nsldap pw1.txt
1 password cracked

Instead of step 2, add a cracked Raw-sha512 hash in the middle of this file.
john --show pw1.txt
0 password cracked
john --show --format=Nt-old pw1.txt
2021 passwords cracked
john --show --format=raw-sha512 pw1.txt
1 password cracked

So, I do get the nsldap cracked hash using no parameter, but I don't get
the nt-old and the raw-sha512 hashes.

On the other hand Shinnok did a similar process with descrypt and md5crypt,
but john --show without parameter show all his hashes. We are kind of
confused about how to fix our issue 22 and what's the real behavior of john
--show without parameter.

✔ 18:09 ~jtr/jumbo/run$ ./john --show --format=descrypt
../../../passwds/test-hashes.lst
1:U*U*U*U*
4:*U*U*U*U
5:

3 password hashes cracked, 2 left
✔ 18:09 ~jtr/jumbo/run$ ./john --show --format=md5crypt
../../../passwds/test-hashes.lst
19:test
20:12345678
21:
25:
26:1234
27:john
28:the
29:ripper
30:aaaaa
31:lapin
32:canard
33:test1
35:manger
36:haut
38:password
41:password

16 password hashes cracked, 10 left
✔ 18:09 ~jtr/jumbo/run$ ./john --show ../../../passwds/test-hashes.lst
1:U*U*U*U*
4:*U*U*U*U
5:
17:
19:test
20:12345678
21:
25:
26:1234
27:john
28:the
29:ripper
30:aaaaa
31:lapin
32:canard
33:test1
35:manger
36:haut
38:password
41:password

20 password hashes cracked, 28 left
Thanks john-devs

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.