Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 4 Dec 2013 16:08:37 -0700
From: Donald Raikes <evhadu@...look.com>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: RE: jtr newbie: getting no hashes loaded message

Magnum,
 
Thanks for the hints. I had already thought of the dynamic_62 format, but when I run:
 
$ ./john --format dynamic_62 pwd.txt
 
I get no hashes loaded.
 
When I run:
 
$ ./john --format=raw-sha256 pwd.txt
I get 452,000 hashes loaded 
 
However, when I combine the second command with a wordlist of over 18,000,000 words, it returns 0 matches.
 
According to the java source code that was used to generate teh file, the hash was created as follows:
 
1. a secure random 12-bit number is generated.
2. sha256($p+"|"+$s);
3. base64_encode(hash from #2);
 
I wrote a java program to base64_decode the encoded hash and print it in hexadecimal format.
I checked the output with an online base64 to hex converter and it was correct.
 
so now my file format is:
 
username:sha256($p.$s):salt
 
When I ran the second format of the john command from above it said that 452,000 hashes were loaded wit h 0 different salts.
 
it seems like the salts are not being taken into account.
 
a snippet of my password file is below:
 
ShortChic74@...oo.com:D59E1B36975F72F2D15BFFBB522F33953636EFB4ABAEAC749A560384A33A9D75:2179
mirda@...l.uajy.ac.id:11C23E4E4167803DC83AB04AB6BF17B9EF60EE3C957D3DFA974144E131BC617B:2018
Hayley_06jf@...oo.com:90C662E90AD50F4114FCC5A2F3EA82738C25B64BB716CB811B320816F7DDD7A0:387
mjharleygirl83@....com:5BF2293A6088C85AC23CBC82A074B76C05CECDC7FAE42AEF9B8DDC3AAD09FCE8:2802

Any tips welcome :-)
 
> Date: Wed, 4 Dec 2013 23:37:26 +0100
> From: john.magnum@...hmail.com
> To: john-users@...ts.openwall.com
> Subject: Re: [john-users] jtr newbie: getting no hashes loaded message
> 
> On 2013-12-04 05:56, Donald Raikes wrote:
> > Hello,
> >
> > I am working on a class assignment in which we were given a password file containing the following:
> >
> > username:base64_encoded sha256 hashed salted password:salt
> 
> On 2013-12-04 18:45, Donald Raikes wrote:
> > Here is my jtr version info:
> > John the Ripper password cracker, ver: 1.7.9-jumbo-8-RC_mpi [linux-x86-64-native]
> > Just pulled it from the git repository last night and built it.
> 
> That version should be fine. The format might be one of these:
> 
> dynamic_61: sha256($s.$p)
> dynamic_62: sha256($p.$s)
> 
> ...depending on how the salt was used (prepended or appended) and 
> assuming just one iteration. There are numerous other possibilities as 
> well, including these:
> 
> $ ../run/john --list=subformats | grep sha256 | grep -F '$s'
> Format = dynamic_61  type = dynamic_61: sha256($s.$p)
> Format = dynamic_62  type = dynamic_62: sha256($p.$s)
> Format = dynamic_65  type = dynamic_65: sha256(sha256($p).$s)
> Format = dynamic_66  type = dynamic_66: sha256($s.sha256($p))
> Format = dynamic_67  type = dynamic_67: sha256(sha256($s).sha256($p))
> 
> > Here is a few sample records from my password file:
> >
> > ShortChic74@...oo.com:1Z4bNpdfcvLRW/+7Ui8zlTY277Srrqx0mlYDhKM6nXU=:2179
> 
> Like Rich said they currently have to be converted to hex. In the above 
> line I assume "2179" is the salt and hopefully it is meant to be used as 
> a string. Just converting the Base64 hash alone:
> 
> $ echo '1Z4bNpdfcvLRW/+7Ui8zlTY277Srrqx0mlYDhKM6nXU=' | perl -ne 'use 
> MIME::Base64; print unpack("H*", MIME::Base64::decode_base64($_)), "\n";'
> d59e1b36975f72f2d15bffbb522f33953636efb4abaeac749a560384a33a9d75
> 
> Putting it together, it should look like this (all in one line in case 
> it gets folded here):
> 
> ShortChic74@...oo.com:d59e1b36975f72f2d15bffbb522f33953636efb4abaeac749a560384a33a9d75$2179
> 
> Note that a '$' separates the hash and the salt. With this line in a 
> file "test" you can attack it like this:
> 
> ./john --format=dynamic_62 --bare=y test
> 
> ...change to dynamic_61 instead if it's supposed to be sha256($s.$p).
> 
> magnum
> 
 		 	   		  

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.