Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 26 May 2006 21:11:44 +0400
From: Solar Designer <>
Subject: Re: how decrypt that ?

On Fri, May 26, 2006 at 10:17:35AM +0200, wrote:
>  How decrypt "30a5f49ccefde0a213536bf2d7d5300d" with AD ?

Strictly speaking, John the Ripper does not "decrypt" anything - rather,
it cracks password hashes by finding suitable plaintext passwords.

The above encoding could correspond to one of many different hash types -
or it could be not a hash at all, indeed.  There are several hash types
that John the Ripper with the jumbo patch supports that would use a hash
encoding like the above, so you have to find out (or guess) and specify
the hash type explicitly.  The likely guess is that this is hex-encoded
raw MD5 - because it is so popular with web forums, etc.

So we place this in a file of the correct format, like this:


Then we run jumbo patched John on the file, assuming that "pw" is the

	./john --format=raw-md5 pw

After a minute or so, we get:

	nermad           (user)

So the password is "nermad".  Later, we can do:

	./john --show --format=raw-md5 pw

to retrieve the previously cracked password, which obviously gives:


	1 password hash cracked, 0 left

Alexander Peslyak <solar at>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598 - bringing security into open computing environments

Was I helpful?  Please give your feedback here:

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ