Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 4 Apr 2011 01:14:20 -0500
From: "JimF" <jfoug@....net>
To: <john-users@...ts.openwall.com>
Subject: perl script to generate test hashes

I have built a perl script and have added many of the formats handled by 
john.  This script will write out john readable password hashes.

There are still a few formats not handled, and I have not undertaken the 
md5_gen() format (yet).   However, I am posting it now, even though it is 
not quite done, so that others can find use for it.

Adding new formats to this script is easy (if you understand the format). 
Simply add a new string to the @funcs array at the start of the file, then 
add a new sub at the bottom of the file.  The sub at bottom MUST be same 
name as the @funcs array, but the sub's name MUST be lower case.  The string 
in the @funcs must be same letters, but case does not matter.   The 
subroutine in the bottom, will be passed the password (as $_[0] first and 
only argument)  Reading many of the other functions should give an idea of 
what is required.

To use the script is easy.  All password input is from stdin (if you do not 
redirect a file, the script will propt for input).  You can list as many 
'done' formats as you want on the command line.  The script will generate a 
list of password hashes for each type.

So if you did:

gen_pass.pl des xsha mscash < words.dict > hashes.txt

Then in hashes.txt, there would be 3 'blocks' of hashes, a block for Unix 
DES, a block for Mac X-SHA and a block for mscash.  Each of these will have 
random salts (if needed), and each word out of words.dict will be a password 
hash for that format.

This script is in the wiki, on page 
http://openwall.info/wiki/john/Generating-test-hashes

One word of warning.  This script slurps up the entire stdin data into a 
perl array (so that it can rerun these passwords multiple times if multiple 
formats are requested).  This can be a LOT of memory. Do not try to run the 
script, giving it your favorite 2gb wordlist.  It will almost certainly have 
serious memory thrashing issues, and may simply crash.  However, I was able 
to run a 16MB (about 1.6 million word) english dict against it, in a couple 
minutes on a machine that is seriously underpowered.  I ran simple rawmd5 
and it did complete.  Remember when running lists, that this is in perl, and 
will be slower than john.  So if you wanted to make 1 million 
PHPass/MD5a/Blowfish hashes, it is gonna take a while.

Jim.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.