Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 14 May 2015 10:39:24 -0500
From: Mathieu Laprise <>
Subject: Re: Johnny: 1.5.2 Hash type suggestion/guessing, using
 --show=types (was: displaying full meta information about hashes with --show=types)

Aleksey said:

> The patch was pulled into bleeding-jumbo branch (default). So pull the
> new version and try to run it against some files. You'll see the
> output, the format is described above. Skeleton of parser in Perl is
> in attach.
I played with the latest bleeding-jumbo branch and show=types and now I
understand the output and the format you described. Thanks. Is it our goal
to call the perl script in Johnny or is it just to help me write a C++
function ?

Files in PWDUMP format need special handling: per line list show only
> lm and nt, lm for 3rd field and nt for 4th field. IIRC Johnny shows lm
> and nt on separate lines. When you read the file with hashes, you may
> need to remember if line is in PWDUMP format. I am sure you'll find a
> way to connect everything correctly.
I didn't work yet with that kind of file. I've only used /etc/shadow files
in john yet. I've made some research on Google about LM ,NT password hashes
and pwdumping of SAM to understand what you are talking about. I found this
sample that I send to john --show=types
The website where I found it said it has LM and NT(not sure if it's true,
the Windows things is really new to me and I seriously lack files to test
for now :( ).
Output :
Output parser:
valid format LM (disabled 0, dynamic 0)
orig: 207277225E983B147AC464727886BD82
2 parts:

Is this normal that the 4th field 90BBDB25BC6556610DAA4F03900FBE9 seems to
be ignored ? I thought it was supposed to be the NT one?

Are the field "2 parts:" from last example's parser important for Johnny or
is it only the orig: XXXXXXXXx thing that is important ?

BTW did you try some non-trivial cracking with john and with Johnny?
I don't have a lot of password samples, I found this and a few other examples on
internet but If you have interesting samples that you use, please share it.
Also, I didn't play a lot with modes wordlist, rules, charset, single crack
etc.. I played with them but it's not clear to me yet which options I'd
choose in a real attack. Most of the time I use default mode.

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.