Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 05 Aug 2014 19:54:14 +0200
From: Jörg Knobloch <jorgk@...gk.com>
To: john-users@...ts.openwall.com
Subject: Problem running John on Windows when trying to crack sha512 encrypted
 /etc/shadow from Linux

I am trying to run John on Windows since my Windows PC is more powerful 
than me Linux PC.

This is the hash I want to crack as a first experiment:
root:$6$irSkguJ9$QhY91Upy8ynBsQHZ8rB2RgXOGzH1bPCssJMVrv1dgXU1Ek7CqRhfp3.oRaX/GB3k6/wcl2nYtOmeQG3bie1Qo/:16286:0:99999:7:::
The password for root (which is "root"), so not a great secret.

On Linux I run "john /etc/shadow" and it happily reports the password 
after a while.

On Windows running john.exe from either john179w2.zip, john179j5w.zip or 
john-1.8.0-Win-32.zip I get:
"No password hashes loaded (see FAQ)".

I'm so sorry, it's a beginners question and you say so in the FAQ, but 
sadly you don't give a clear answer. Let's see:

A: Your password file taken from a Unix-like system might be shadowed.
No, I'm using /etc/shadow and on Linux it works fine.

A: All of the password hashes found in the file might be already cracked
No.

A: With PWDUMP-format files, ...
Doesn't apply.

A: If you're using the "--format" option, try dropping it.
No, not using it.

A: Your password hash or cipher type(s) might not be supported by John, 
or at least by the version and build of John that you're using.
Maybe. I've used three different Windows binaries, all give the same error.

Nowhere does it say which cipher types are supported. The Windows 1.79 
"Jumbo version" says:
--format=NAME             force hash type NAME: des/bsdi/md5/bf/afs/lm/
dynamic_n/bfegg/dmd5/dominosec/epi/hdaa/ipb2/krb4/
krb5/mschapv2/mysql-fast/mysql/netlm/netlmv2/netntlm/
netntlmv2/nethalflm/md5ns/nt/phps/po/xsha/crc32/
hmac-md5/lotus5/md4-gen/mediawiki/mscash/mscash2/
mskrb5/mssql/mssql05/mysql-sha1/nsldap/nt2/oracle11/
oracle/phpass-md5/pix-md5/pkzip/raw-md4/raw-md5thick/
raw-md5/raw-sha1/raw-sha/raw-md5u/salted-sha1/sapb/
sapg/sha1-gen/raw-sha224/raw-sha256/raw-sha384/
raw-sha512/xsha512/hmailserver/sybasease/trip/ssh/pdf/

The Windows 1.8 version says:
--format=NAME              force hash type NAME: 
descrypt/bsdicrypt/md5crypt/
                            bcrypt/LM/AFS/tripcode/dummy

The Linux 1.8 versions says:
--format=NAME              force hash type NAME: 
descrypt/bsdicrypt/md5crypt/
                            bcrypt/LM/AFS/tripcode/dummy/crypt

Maybe "crypt" includes the sha512 stuff, which is therefore not 
available on Windows.

A: John only loads properly formatted text files directly.
I'm using the /etc/shadow file or the "unshadowed" (combined with 
/etc/passwd). On Linux both work, on Windows none.

A: The file you're trying to run John on might in fact not be a password 
file at all.
Well, it is.

A: Your command line syntax might be wrong, resulting in John trying to 
load a wrong file.
What can be wrong in "john.exe file.txt"?



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.