Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Tue, 18 May 2010 02:09:09 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: MediaWiki password hashes

On Sat, May 15, 2010 at 11:32:30PM -0700, Dan Tentler wrote:
> http://www.mediawiki.org/wiki/Manual_talk:User_table#.22B.22_type_password_.28current_default.29
> 
> The "b style" password hashes.

It turns out that JtR with the jumbo patch is readily capable of
cracking these hashes, due to JimF's "generic MD5" code.  Here's how the
input file should be formatted for this to work:

$ cat pw-mw 
user:md5_gen(9)e4ab7024509eef084cdabd03d8b2972c$838c83e1-

This uses the sample hash from the MediaWiki web page above.

John the Ripper 1.7.5-jumbo-3 cracks this as follows:

$ ./john pw-mw
Loaded 1 password hash ( md5_gen(9): md5($s.md5($p))  [md5-gen MMX 32x2])
password         (user)
guesses: 1  time: 0:00:00:00 100.00% (2) (ETA: Tue May 18 02:01:00 2010)  c/s: 27533  trying: 12345 - falcon
$ ./john --show pw-mw 
user:password

1 password hash cracked, 0 left

Alexander

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ