Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 19 Jun 2008 00:59:24 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Password generating tool

On Wed, Jun 18, 2008 at 03:27:00PM +0200, Markus Friedel wrote:
> on my way to get John working with BOINC i have to do some tests.
> So i need some passwords. actually i get them by using pwgen an mkpasswd 
> this way:
> 
> pwgen -A -0 $PWLENGTH 1 | mkpasswd -H MD5 -s >> mypassword
> 
> The problem with mkpasswd is, i can only generate md5 and des. But i 
> want to have more algorithms to test on.
> 
> Can somebody show me a tool who does this with more algorithms and still 
> works with john? I have tested mcrypt, but didnt get it work with john.

I've attached a couple of Perl scripts that do what you have asked for -
and more.  The scripts require the Authen::Passphrase module from CPAN,
and they accept a wordlist (such as JtR's default password.lst) on
standard input and produce /etc/passwd-like or PWDUMP-like entries on
standard output.  This covers all of the hash types supported by JtR
natively, and NTLM.  The plaintext passwords are placed into the GECOS
field, which lets the "single crack" mode crack them instantly.

Alexander

#!/usr/bin/perl

use Authen::Passphrase::DESCrypt;
use Authen::Passphrase::BigCrypt;
use Authen::Passphrase::MD5Crypt;
use Authen::Passphrase::BlowfishCrypt;

$u = 0;
while ($p = <>) {
	next if ($p =~ /^#!comment/);
	chomp $p;
	$h = Authen::Passphrase::DESCrypt->new(passphrase => $p, salt_random => 12);
	print "u$u-des:", $h->as_crypt, ":$u:0:$p", "::\n";
	if (length($p) > 8) {
		$h = Authen::Passphrase::BigCrypt->new(passphrase => $p, salt_random => 12);
		print "u$u-bigcrypt:", $h->salt_base64_2, $h->hash_base64, ":$u:0:$p", "::\n";
	}
	$h = Authen::Passphrase::DESCrypt->new(passphrase => $p, fold => 1, nrounds => 725, salt_random => 24);
	print "u$u-bsdi:", $h->as_crypt, ":$u:0:$p", "::\n";
	$h = Authen::Passphrase::MD5Crypt->new(passphrase => $p, salt_random => 1);
	print "u$u-md5:", $h->as_crypt, ":$u:0:$p", "::\n";
	$h = Authen::Passphrase::BlowfishCrypt->new(passphrase => $p, cost => 5, salt_random => 1);
	print "u$u-bf:", $h->as_crypt, ":$u:0:$p", "::\n";
	$u++;
}

#!/usr/bin/perl

use Authen::Passphrase::LANManager;
use Authen::Passphrase::NTHash;

$u = 0;
while ($p = <>) {
	next if ($p =~ /^#!comment/);
	chomp $p;
	$lm = Authen::Passphrase::LANManager->new(passphrase =>
		length($p) <= 14 ? $p : "");
	$nt = Authen::Passphrase::NTHash->new(passphrase => $p);
	print "u$u:$u:", $lm->hash_hex, ":", $nt->hash_hex, ":$p", "::\n";
	$u++;
}


-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ