Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 29 Jun 2012 13:33:01 +0200
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: For some dynamic formats on linux-x86-mmx build cracking depends
 on password candidate sequence

$ uname -srvp
Linux 3.4.2-1.fc16.i686.PAE #1 SMP Thu Jun 14 20:53:38 UTC 2012 i686

$ cd test
$ mv pw.dic pw.dic.orig
$ LC_ALL=C tac pw.dic.orig > pw.dic

$ sha1sum pw.dic.orig pw.dic
71e6e0bb9c766c2030730ee1effde079b9fb1222  pw.dic.orig
ee862671a9c34fc76b863670782b3959d0319caa  pw.dic

$ ./jtrts.pl -q dynamic
-------------------------------------------------------------------------------
- JtR-TestSuite (jtrts). Version 1.12.4, June 22, 2012.  By, Jim
Fougeron & others
- Testing:  John the Ripper password cracker, ver: 1.7.9-jumbo-6
[linux-x86-mmx]
--------------------------------------------------------------------------------
form=dynamic_2                    guesses: 1496 time: 0:00:00:00 :
Expected count(s) (1500)  [!!!FAILED!!!]
form=dynamic_2-raw                guesses: 1496 time: 0:00:00:00 :
Expected count(s) (1500)  [!!!FAILED!!!]
form=dynamic_3                    guesses: 1496 time: 0:00:00:00 :
Expected count(s) (1500)  [!!!FAILED!!!]
form=dynamic_3-raw                guesses: 1496 time: 0:00:00:00 :
Expected count(s) (1500)  [!!!FAILED!!!]
form=dynamic_34                   guesses: 1496 time: 0:00:00:00 :
Expected count(s) (1500)  [!!!FAILED!!!]
Some tests had Errors. Performed 42 tests.5 errors
Time used was 157 seconds


$ ./jtrts.pl dynamic -stoponerror
-------------------------------------------------------------------------------
- JtR-TestSuite (jtrts). Version 1.12.4, June 22, 2012.  By, Jim
Fougeron & others
- Testing:  John the Ripper password cracker, ver: 1.7.9-jumbo-6
[linux-x86-mmx]
--------------------------------------------------------------------------------

John Jumbo build detected.
testing: john -test=0

form=dynamic_0                    guesses: 1500 time: 0:00:00:00  [PASSED]
.pot CHK:dynamic_0                guesses: 1500 time: 0:00:00:00  [PASSED]

form=dynamic_0-raw                guesses: 1500 time: 0:00:00:00  [PASSED]
.pot CHK:dynamic_0-raw            guesses: 1500 time: 0:00:00:00  [PASSED]

form=dynamic_1                    guesses: 1500 time: 0:00:00:03  [PASSED]
.pot CHK:dynamic_1                guesses: 1500 time: 0:00:00:00  [PASSED]

form=dynamic_2                    guesses: 1496 time: 0:00:00:00 :
Expected count(s) (1500)  [!!!FAILED!!!]
Exiting on error.  The pot file ./tst.pot contains the found data
The command used to run this test was:

../run/john -ses=./tst -nolog -pot=./tst.pot dynamic_2_tst.in
--wordlist=pw.dic 2>&1 >/dev/null

$ ../run/john -ses=./tst -nolog -pot=./tst.pot dynamic_2_tst.in
--wordlist=pw.dic
Loaded 1500 password hashes with no different salts (dynamic_2:
md5(md5($p)) (e107) [64/64 MMX 64x2])
Remaining 4 password hashes with no different salts
guesses: 0  time: 0:00:00:00 DONE (Fri Jun 29 13:25:10 2012)  c/s:
258577  trying: limiey - Skippin� an�*

$ export LC_ALL=C
$ cut -d: -f 5- dynamic_2_tst.in | sed 's#::$##' | sort -u > all
$ cut -d: -f 2- tst.pot | sort -u > cracked
$ diff cracked all
814a815
> hhello__1
1007a1009
> limiey
1297a1300
> summer__3
1481a1485
> �utle�t__1

$ ../run/john -pot=./tst.pot dynamic_2_tst.in --show=LEFT > left

$ cat left
u407-dynamic_2:$dynamic_2$294587d51a7ffd2dd6871f84baf2586d
u293-dynamic_2:$dynamic_2$4676780e9cb755136b7a65494722f902
u170-dynamic_2:$dynamic_2$f8d46d9a81a4ef90597f0784ecc3e112
u48-dynamic_2:$dynamic_2$b115eaaf971fdfa03203334a80d1eac3

$ ../run/john -pot=./tst.pot left --wordlist=pw.dic
Loaded 4 password hashes with no different salts (dynamic_2:
md5(md5($p)) (e107) [64/64 MMX 64x2])
guesses: 0  time: 0:00:00:00 DONE (Fri Jun 29 13:29:24 2012)  c/s:
166228  trying: limiey - Skippin� an�*


Ant finally, the funny thing:


$ ../run/john -pot=./tst.pot left --wordlist=pw.dic.orig
Loaded 4 password hashes with no different salts (dynamic_2:
md5(md5($p)) (e107) [64/64 MMX 64x2])
limiey           (u48-dynamic_2)
hhello__1        (u170-dynamic_2)
summer__3        (u293-dynamic_2)
�utle�t__1       (u407-dynamic_2)
guesses: 4  time: 0:00:00:00 DONE (Fri Jun 29 13:29:27 2012)  c/s: 7529
 trying: password__4 - Password1__5
Use the "--show" option to display all of the cracked passwords reliably

$ grep -n -C 3 "^hhello__1$" pw.dic.orig
183-outleft__1
184-jus�m�size
185-out�eft
186:hhello__1
187-enterNow__1
188-IwasJu$there__1
189-DOGBERT__1


$ grep -n -C 3 "^hhello__1$" pw.dic
5630-DOGBERT__1
5631-IwasJu$there__1
5632-enterNow__1
5633:hhello__1
5634-out�eft
5635-jus�m�size
5636-outleft__1

Frank



Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.