Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 21 Jan 2009 15:26:37 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: md5 hash with a salt? Format?

On Wed, Jan 21, 2009 at 05:10:08AM -0600, Billy Newsom wrote:
> My plaintext password might be "silly" and the salt was 4d.
> 
> So if we ran
> %md5 -s '4dsilly'
> MD5 ("4dsilly") = 396df9c93be5ec566810be9dfbae7b4f
> 
> Okay, how in the world do I get john to run that? What should my password 
> file look like, and which md5 option do I tell it to use?

I am not aware of an existing patch for JtR to crack salted raw MD5
hashes (with the salt prepended or appended to the password), although
it would be trivial to make one.  For this reason, when this question
was raised before, I recommended to use an external filter() along with
the existing raw MD5 patch (or rather, with the jumbo patch, since it
includes that):

	http://www.openwall.com/lists/john-users/2008/02/03/9

For your specific example, you may use:

[List.External:PrependSalt]
void filter()
{
	int i;

	i = 0; while (word[i++]); // determine the length (plus one)
	while (i--) word[i + 2] = word[i]; // make room for the salt
	// prepend the salt
	word[0] = '4';
	word[1] = 'd';
}

in john.conf, and you'd run it like:

	./john -i --external=PrependSalt --format=raw-md5 passwd

(or with any other cracking mode), with the "passwd" file containing:

username:396df9c93be5ec566810be9dfbae7b4f

Notice how the salt gets into the external mode definition in john.conf
only, not into the password file.

> I don't see where 
> I put the salt, because there is no documentation on the way each password 
> format file should look. Hint: could you generate such an example file with 
> test cases and simple passwords to crack so we can follow the examples?

Lack of documentation wasn't the only problem this time - there's simply
no built-in support for "generic" salted raw MD5 hashes, not even with
contributed patches (that I am aware of).  However, you've got a good
point - it'd be great to see this kind of content added to the wiki.
I don't think I am the one to work on this, at least not right now, as
it would mostly apply to "formats" added with contributed patches.  So
let me redirect your hint to others in the community - here's something
you can add to the wiki. ;-)

Thanks,

Alexander

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.