Date: Thu, 14 May 2015 10:39:24 -0500 From: Mathieu Laprise <mathlaprise@...il.com> To: john-dev@...ts.openwall.com Subject: Re: Johnny: 1.5.2 Hash type suggestion/guessing, using --show=types (was: displaying full meta information about hashes with --show=types) Aleksey said: > The patch was pulled into bleeding-jumbo branch (default). So pull the > new version and try to run it against some files. You'll see the > output, the format is described above. Skeleton of parser in Perl is > in attach. > I played with the latest bleeding-jumbo branch and show=types and now I understand the output and the format you described. Thanks. Is it our goal to call the perl script in Johnny or is it just to help me write a C++ function ? Files in PWDUMP format need special handling: per line list show only > lm and nt, lm for 3rd field and nt for 4th field. IIRC Johnny shows lm > and nt on separate lines. When you read the file with hashes, you may > need to remember if line is in PWDUMP format. I am sure you'll find a > way to connect everything correctly. > I didn't work yet with that kind of file. I've only used /etc/shadow files in john yet. I've made some research on Google about LM ,NT password hashes and pwdumping of SAM to understand what you are talking about. I found this sample that I send to john --show=types Input: Administrator:500:207277225E983B147AC464727886BD82:90BBDB25BC6556610DAA4F03900FBE9 The website where I found it said it has LM and NT(not sure if it's true, the Windows things is really new to me and I seriously lack files to test for now :( ). Output : Administrator:207277225E983B147AC464727886BD82:500:::::LM:0:0:1:$LM$207277225e983b14:$LM$7ac464727886bd82:0: Output parser: valid format LM (disabled 0, dynamic 0) orig: 207277225E983B147AC464727886BD82 2 parts: $LM$207277225e983b14 $LM$7ac464727886bd82 Is this normal that the 4th field 90BBDB25BC6556610DAA4F03900FBE9 seems to be ignored ? I thought it was supposed to be the NT one? Are the field "2 parts:" from last example's parser important for Johnny or is it only the orig: XXXXXXXXx thing that is important ? BTW did you try some non-trivial cracking with john and with Johnny? > I don't have a lot of password samples, I found this http://openwall.info/wiki/john/sample-hashes and a few other examples on internet but If you have interesting samples that you use, please share it. Also, I didn't play a lot with modes wordlist, rules, charset, single crack etc.. I played with them but it's not clear to me yet which options I'd choose in a real attack. Most of the time I use default mode. Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.