Date: Fri, 12 May 2006 14:06:35 -0700 From: "Arvind Sood" <asood74@...il.com> To: john-users@...ts.openwall.com Subject: Re: John seems to exit without error Thank you Solar Designer, I did as you suggested - and lo and behold -it loaded more hashes... which led to this follow-up problem. but first, here is what I did ... 1- Emptied the contents of ./john.pot using a text editor and then did a "rm -rf john.pot~" (the pot~ showed up when I emptied the .pot file). 2- Deleted all instances of the .log and .rec files for all my sessions. 3- issued the command and got the output as shown here [sooda@...alhost run]$ ./john --format=nt --wordlist=../pwdfiles/lm_cracked.txt --rules --session=ntcrack_1 ../pwdfiles/pwoutput.txt Loaded 13 password hashes with no different salts (NT MD4 [TridgeMD4]) gr8hack (Administrator) password (DCuser) guesses: 2 time: 0:00:00:00 100% c/s: 17666 trying: Passwording [sooda@...alhost run]$ cat ../pwdfiles/lm_cracked.txt GR8HACK PA55W0RD! PASSWORD#1 PASSWORD#1 PASSWORD BENTLEY#1 PASSWORD#1 123PASSWORD321 NO PASSWORD PASSWORD PASSWORD PASSWORD PASSWORD PASSWORD PASSWORD PASSWORD#1 PASSWORD SN0WDAY PASSWORD 890ILER??????? NO PASSWORD 37 password hashes cracked, 8 left [sooda@...alhost run]$ Here are the questions 1- why did john exit after cracking two passwords only? there were many more entries in the lm_cracked.txt file. Should john not have cracked the password set to PA55WORD! for instance? 2- Since there was nothing in the .pot file this time - why did john exit/finish so early? 3- Does john --rules, check for only upper vs. lowercase? or even a combination of cases? for example if we have a password set as "BenTLeY" - will --rules try only "bentley" or "BENTLEY" conclude the password is neither "BENTLEY" nor "bentley" and exit or will it continue to try various combinations of cases for each character (Bentley, BENtley etc.)? .. apologies if that was a dumb-ass question, but I am still learning :-) 4- I never noticed it till now, but John loads only unique hashes. I had 25 user accounts only 13 unique passwords (hence 13 unique hashes). when parsing the file john loaded only the 13 unique entities .... that is so cool !! As always, I am indebted to you for the instruction and support Kind regards, Arvind On 12/05/06, Solar Designer <solar@...nwall.com> wrote: > > On Fri, May 12, 2006 at 01:38:33PM -0400, Arvind Sood wrote: > > - Notice that john immediately returns me to a $ prompt. Also - why did > it > > load 11 hashes? There are many more accounts ..... > > > > [ sooda@...alhost run]$ ./john --wordlist=../pwdfiles/lm_cracked.txt > --rules > > --format=nt --session=ntcrack ../pwdfiles/pwoutput.txt > > Loaded 11 password hashes with no different salts (NT MD4 [TridgeMD4]) > > guesses: 0 time: 0:00:00:00 100% c/s: 34100 trying: Passwording > > [sooda@...alhost run]$ > > > Why does John only load 11 hashes? > > John does not waste time cracking the hashes which are already in > john.pot. In the log file, you should see two separate lines like: > > 0:00:00:00 Loaded a total of <many> password hashes with no different > salts > 0:00:00:00 Remaining 11 password hashes with no different salts > > If you want to have it crack those hashes again - since you're just > testing - you need to move the existing john.pot out of the way. > > > Why does it immediately return me to a $ prompt? > > That's because there's not much work for it to do - you give it the > passwords and it only needs to check for upper vs. lower case. In your > example, it only had to compute NTLM hashes 34,100 times - this can be > done in under a second. :-) > > > - it did not do that with the --format=LM switch. > > Indeed. You actually had it crack passwords for you in that run. > > > Why does john not show up in the ps -ef? > > That's because it really completes its work and terminates in under a > second. It does not "background" itself or something. > > -- > Alexander Peslyak <solar at openwall.com> > GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D > 3598 > http://www.openwall.com - bringing security into open computing > environments > > Was I helpful? Please give your feedback here: > http://rate.affero.net/solar > > -- > To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply > to the automated confirmation request that will be sent to you. > >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.