Follow us on Twitter or via RSS feeds with tweets or complete announcement texts or excerpts
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 29 Jul 2011 17:28:26 +0800
From: Gu George <gu.xy.george@...il.com>
To: john-users@...ts.openwall.com
Subject: Question on Domino Hash crack

All,

I domino web hashes by using meta exploit framework from one web site. The
dump result seems like:

Lotus Domino - Account Found: admin, admin@...**.com,
(8A1FBFD38D6E608F9CEF2D313DDE7080)

So, I think the user account is : admin and the hash for "admin" is
8A1FBFD38D6E608F9CEF2D313DDE7080.

Then I use john-1.7.8-jumbo-4 and following instructions from
http://www.openwall.com/lists/john-users/2011/07/06/3:

1. echo >22.txt 'admin:(8A1FBFD38D6E608F9CEF2D313DDE7080)'
2. ./john --format=dominosec 22.txt

But the result is always:No password hashes loaded (see FAQ).

I have made another test:

1. echo >22.txt 'admin:(Gl2g1LxkORRxxrTHqrY6)' --> this hash is copied from
http://www.openwall.com/lists/john-users/2011/07/06/3, just for test.
2. ./john --format=dominosec 22.txt

The output is: Loaded 1 password hash (More Secure Internet Password [RSA MD
defined by BSAFE 1.x - Lotus v6])
No password hashes left to crack (see FAQ)

So, my question is:

1. What is the hash format I downloaded, e.g. is the hash like
(8A1FBFD38D6E608F9CEF2D313DDE7080) not supported by John?
2. How can I crack this kink of hash?


Thanks

George

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ