Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 26 May 2006 21:48:53 +0200
From: "websiteaccess@...il.com" <websiteaccess@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: how decrypt that ?

Le Fri, 26 May 2006 21:11:44 +0400, Solar Designer a écrit:
> On Fri, May 26, 2006 at 10:17:35AM +0200, websiteaccess@...il.com wrote:
>>   How decrypt "30a5f49ccefde0a213536bf2d7d5300d" with AD ?
> 
> Strictly speaking, John the Ripper does not "decrypt" anything - rather,
> it cracks password hashes by finding suitable plaintext passwords.

 your are right :)
> 
> The above encoding could correspond to one of many different hash types -
> or it could be not a hash at all, indeed.  There are several hash types
> that John the Ripper with the jumbo patch supports that would use a hash
> encoding like the above, so you have to find out (or guess) and specify
> the hash type explicitly.  The likely guess is that this is hex-encoded
> raw MD5 - because it is so popular with web forums, etc.
> 
> So we place this in a file of the correct format, like this:
> 
> 	user:30a5f49ccefde0a213536bf2d7d5300d
> 
> Then we run jumbo patched John on the file, assuming that "pw" is the
> filename:
> 
> 	./john --format=raw-md5 pw
> 
> After a minute or so, we get:
> 
> 	nermad           (user)
> 
> So the password is "nermad".  Later, we can do:
> 
> 	./john --show --format=raw-md5 pw
> 
> to retrieve the previously cracked password, which obviously gives:
> 
> 	user:nermad
> 
> 	1 password hash cracked, 0 left
> 

 thanks you very much, very usefull help.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ