Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 12 May 2006 13:38:33 -0400
From: "Arvind Sood" <asood74@...il.com>
To: john-users@...ts.openwall.com
Subject: John seems to exit without error

Hello

I am testing JTR Windows cracking, by first cracking the LM passwords and
then feeding the cracked passwords into another john session (with
--format=nt).
JTR loads the hashes and seems to exit without an error. Here are the
results (relax ! these are not my users' passwords- this is a test run on a
trial box)

John Show for an initial cracking session (with format--lm switch)

[sooda@...alhost run]$ ./john --show ../pwdfiles/pwoutput.txt
Administrator:GR8HACK:500:B519ED65E3FF0B7CB777B3AC6BFFD500:::
AWuser:PA55W0RD!:1034:12317DFC7459035349F035E025C623D4:::
CAuser:PASSWORD#1:1010:F14EEE53C480F0063ACC5BA8F026457B:::
CMuser:PASSWORD#1:1003:F14EEE53C480F0063ACC5BA8F026457B:::
DCuser:PASSWORD:1007:8846F7EAEE8FB117AD06BDD830B7586C:::
DSuser:BENTLEY#1:1004:005AD59E28BF272CE25CB902467657AD:::
EMuser:PASSWORD#1:1015:F14EEE53C480F0063ACC5BA8F026457B:::
EPuser:123PASSWORD321:1006:7FA44B306BCCAC8D949C8A8394A3BC6D:::
Guest:NO PASSWORD:501:NO PASSWORD*********************:::
HMuser:PASSWORD:1014:8846F7EAEE8FB117AD06BDD830B7586C:::
JKuser:PASSWORD:1013:8846F7EAEE8FB117AD06BDD830B7586C:::
JMuser:PASSWORD:1016:8846F7EAEE8FB117AD06BDD830B7586C:::
JOuser:PASSWORD:1020:8846F7EAEE8FB117AD06BDD830B7586C:::
LWuser:PASSWORD:1019:8846F7EAEE8FB117AD06BDD830B7586C:::
MLuser:PASSWORD:1008:8846F7EAEE8FB117AD06BDD830B7586C:::
PJuser:PASSWORD#1:1012:F14EEE53C480F0063ACC5BA8F026457B:::
RWuser:PASSWORD:1021:8846F7EAEE8FB117AD06BDD830B7586C:::
SWuser:SN0WDAY:1031:C481CEEFF9CBA2B96DADCB1FE411F163:::
TCuser:PASSWORD:1011:8846F7EAEE8FB117AD06BDD830B7586C:::
TSuser:890ILER???????:1005:9A5948B4671AC0E0FD85BA348B45EC60:::
__vmware_user__:NO PASSWORD:1029:12BB3FF865A5AFE396A459AD064544A7:::

37 password hashes cracked, 8 left
[sooda@...alhost run]$


I then redirect the output to a txt file, as follows

[sooda@...alhost run]$ ./john --show /home/sooda/john-
1.7.0.2/pwdfiles/pwoutput.txt | cut -d: -f2 > /home/sooda/john-
1.7.0.2/pwdfiles/lm_cracked.txt
[sooda@...alhost run]$ cat ../pwdfiles/lm_cracked.txt
GR8HACK
PA55W0RD!
PASSWORD#1
PASSWORD#1
PASSWORD
BENTLEY#1
PASSWORD#1
123PASSWORD321
NO PASSWORD
PASSWORD
PASSWORD
PASSWORD
PASSWORD
PASSWORD
PASSWORD
PASSWORD#1
PASSWORD
SN0WDAY
PASSWORD
890ILER???????
NO PASSWORD

I then use this file with the mangling rules for a --format=nt crack (refer
previous post
http://article.gmane.org/gmane.comp.security.openwall.john.user/620/match=ps)

- Notice that john immediately returns me to a $ prompt. Also - why did it
load 11 hashes? There are many more accounts .....

[sooda@...alhost run]$ ./john --wordlist=../pwdfiles/lm_cracked.txt --rules
--format=nt --session=ntcrack ../pwdfiles/pwoutput.txt
Loaded 11 password hashes with no different salts (NT MD4 [TridgeMD4])
guesses: 0  time: 0:00:00:00 100%  c/s: 34100  trying: Passwording
[sooda@...alhost run]$

I then did a ps -ef to see if john is running

[sooda@...alhost run]$ ps -ef |grep john
sooda   4434  2295  0 18:30 pts/2    00:00:00 grep john

I made sure no password had the ":" special character in them. JTR is
1.7.0.2 with the Jumbo patch on linux-x86-mmx

Why does John only load 11 hashes?
Why does it immediately return me to a $ prompt? - it did not do that with
the --format=LM switch.
Why does john not show up in the ps -ef?

Since these are test cases, I can even part with the dump file (which is a
pwdump3e output for a Windows 2000 Server)

Thanks in advance for all your help

Arvind

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ