Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 13 Jul 2018 12:09:00 +0200
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Output Cracked Passwords Only

On Thu, Jul 12, 2018 at 04:16:23PM -0400, Erik Winkler wrote:
> Can john output the cracked passwords only from the .pot file?  no username, hash, etc.

I don't recall if jumbo possibly got a feature capable of this.

> The problem I have is some of the cracked passwords have a ???:??? in them and this makes parsing the standard ???show output miss hundreds of passwords based on the colon delimiter.

You need to use cut(1) like this:

./john --show passwd | cut -d: -f2-

Notice the extra trailing dash in the "-f2-".  This way, everything
starting with field 2, and not just field 2 itself, is printed.  This
will work for passwords containing a colon, but unfortunately it only
works right for our purpose when there are no further fields (such as
UID, GID, etc.)  You can remove those extra fields from your input file
("passwd" in the above example) prior to the "--show":

cut -d: -f1,2 < passwd-many-fields > passwd-2-fields-only
./john --show passwd-2-fields-only | cut -d: -f2- > passwd-cracked-with-colons

This works because passwd-many-fields only contains hashes (not yet
cracked passwords) in the second field, which are supposed not to
contain colons.

There's also the "--field-separator-char" option to jumbo, but then
you'd potentially run into similar issues with that other character.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ