Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 9 Nov 2008 12:52:22 +0100
From: JoHnY <jtr1@...0.sk>
To: john-users@...ts.openwall.com
Subject: MD5 cracking - finding out substring

Hello all,

I have a problem which someone might be able to help me with.
First let me explain what I am trying to acomplish.
I have an MD5 hash of 52-character string (generated by PHP's md5() function), most of the string is known to me, the only parts of the string which are unknown and thus I am trying to find out, are just two substrings, one 4-character long substring at one position of the string and one 3-character long substring at another position (both positions are fixed), both substrings containing just numbers, so theoretically it's a very easy and quick job for john. 
Now, what is the problem and what I want to find out.
I have patched john with Raw-MD5 patch, compiled john, Raw-MD5 works fine. First question is, is Raw-MD5 correct for cracking MD5 from within PHP's md5() function? I assume it is, but just want to make sure.
I have put the known part of the string to the wordlist (so it is the only string in the wordlist) and created a wordlist rule to insert digits at the position of the unknown parts of the string. The rule looks like this:
li2[0-9]li3[0-9]li4[0-9]li5[0-9] li7[0-9]li8[0-9]li9[0-9]
Everything would be fine up to this point, but the problem is that john somehow can't handle more than 32-character passwords (or the Raw-MD5 patch can't), so the 52-character long string gets cut I have tried to increase the PLAINTEXT_LENGTH define in rawMD5_fmt.c, but it didn't help. 
However, what's strange to me, is that when I run john with --stdout option so that it only outputs all passwords to be tried to standard output, it prints the whole 52-character strings, but when I let him crack it, it cuts the passwords he tries to 32 bytes (when I abort john, it outputs the last tried password and it's cut to 32 characters)
Does anyone know how what to change in john's sources to be able to try the string longer than 32 characters?

Thank you.
JoHnY

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.