Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Mon, 7 Feb 2011 03:43:57 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: John the Ripper does not detect openssl MD5 hashes

Martin,

On Mon, Feb 07, 2011 at 01:25:47AM +0200, Martin T wrote:
> I tried to create few MD5 hashes using openssl and then crack those
> hashes using John the Ripper(version 1.7.3.1) and a dictionary file.

You need to apply the jumbo patch (or use a build made with the patch
applied) in order to crack raw MD5 hashes.  Then, you will need the
"--format=raw-md5" option to avoid misdetection (because many different
hash types may have the same 32 hex characters look).

The official JtR supports MD5-based crypt(3) hashes, but not raw MD5.

You may download the jumbo patch or a pre-patched build here:

http://www.openwall.com/john/#contrib
http://download.openwall.net/pub/projects/john/contrib/linux/
http://openwall.info/wiki/john/custom-builds#Compiled-for-Linux-x86

> As you can see, john detects this as a "LM DES [64/64 BS MMX]" not
> "MD5" (this is probably a default if nothing else matches?).

No, it's not a default.  This is what I meant above re: different hash
types being encoded in the same way, with 32 hex chars.

> root@...tin-desktop:~# john --wordlist=/usr/share/john/password.lst --format=MD5 md5crypt

This tells JtR to only load MD5-based crypt(3) hashes, and you have none
of those in your file.

To summarize, you need to do two things at once:

1. Use a jumbo-patched build of JtR.
2. Supply the "--format=raw-md5" option to it.

Alternatively, if you're just experimenting, you may generate hashes of
a type supported by the official JtR.  You can use these Perl scripts:

http://www.openwall.com/lists/john-users/2008/06/18/3

BTW, the above posting is one of those linked from:

http://openwall.info/wiki/john/mailing-list-excerpts

And you may want to refer to this wiki page with sample hashes:

http://openwall.info/wiki/john/sample-hashes

I hope this helps.

Alexander

P.S. You could prefer to run those commands as a non-root user.  It's
not a good habit to run things as root unnecessarily, and from your
shell prompt you don't appear to be on a throw-away LiveCD system.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ