Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 21 Jan 2013 09:18:06 -0500
From: Matt Gardenghi <mtgarden@...il.com>
To: john-users <john-users@...ts.openwall.com>
Subject: Re: UniqPass versus JtR default password list and weird behavior

Thanks. I thought I was simply swapping dictionaries. I guess not. I'll
read the documents more closely tonight.


On Mon, Jan 21, 2013 at 9:11 AM, Rich Rumble <richrumble@...il.com> wrote:

> On Sun, Jan 20, 2013 at 10:44 PM, Matt Gardenghi <mtgarden@...il.com>
> wrote:
> > So, I ran >john --format==nt ntlm.txt
> This command line will run SIngle mode, then Wordlist mode (using
> password.lst by default), and then incremental mode (bruteforce using
> trigraphs to guess more likely passses) Pressing any key during the
> process will show you what mode is cracking currently...
> 1 single, 2 wordlist, and 3 incremental. Single comes and goes very
> quickly for LM/NTLM might be hard to even see that one, it will  use
> the GECOS (in pwdump format it's the "comment" field I think) field
> and usernames themselves to crack passwords:
> http://openwall.info/wiki/john/hash-formats
> <username>:<uid>:<LM-hash>:<NTLM-hash>:<comment>:<homedir>: (This is a
> PWDump Format)
> > That immediately popped three passwords and then an 2 minutes later hit a
> > fourth.
> This is because of Incremental mode probably... it takes longer to
> guess, but still does it faster than aab, aac, aad, aae etc...
> > I deleted the .pot file. I acquired the uniqpass list and tried to
> > substitute that list. Its a 1.2GB dictionary list. John pulled two
> > passwords and then ended saying it was done in one minute.
> >
> > c:\Users\Matt\Desktop\john179j5\run>john --wordlist=uniq.txt --format=nt
> > ntlm.txt
> > Loaded 8 password hashes with no different salts (NT MD4 [128/128 SSE2 +
> > 32/32])
> This is specifying wordlist mode, once it's mangled the wordlist
> specified using the default wordlist rules, it terminates as expected.
> > Use the "--show" option to display all of the cracked passwords reliably
> You should of seen all four on screen, but perhaps there are exceptions.
> > I would have assumed that john would have started performing brute force
> > attacks before terminating. This makes me think something went wrong.
> >
> > I have repeated this process and verified the behaviors.  Any tips on
> what
> > is going wrong?
> Again the first command line only specified the format of password,
> and the second command line specified the format and to only use a
> wordlist. http://www.openwall.com/john/doc/MODES.shtml
> -rich
>



-- 
Matt Gardenghi

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.