Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 26 May 2006 21:11:44 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: how decrypt that ?

On Fri, May 26, 2006 at 10:17:35AM +0200, websiteaccess@...il.com wrote:
>  How decrypt "30a5f49ccefde0a213536bf2d7d5300d" with AD ?

Strictly speaking, John the Ripper does not "decrypt" anything - rather,
it cracks password hashes by finding suitable plaintext passwords.

The above encoding could correspond to one of many different hash types -
or it could be not a hash at all, indeed.  There are several hash types
that John the Ripper with the jumbo patch supports that would use a hash
encoding like the above, so you have to find out (or guess) and specify
the hash type explicitly.  The likely guess is that this is hex-encoded
raw MD5 - because it is so popular with web forums, etc.

So we place this in a file of the correct format, like this:

	user:30a5f49ccefde0a213536bf2d7d5300d

Then we run jumbo patched John on the file, assuming that "pw" is the
filename:

	./john --format=raw-md5 pw

After a minute or so, we get:

	nermad           (user)

So the password is "nermad".  Later, we can do:

	./john --show --format=raw-md5 pw

to retrieve the previously cracked password, which obviously gives:

	user:nermad

	1 password hash cracked, 0 left

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ