Date: Tue, 18 May 2010 02:09:09 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: MediaWiki password hashes On Sat, May 15, 2010 at 11:32:30PM -0700, Dan Tentler wrote: > http://www.mediawiki.org/wiki/Manual_talk:User_table#.22B.22_type_password_.28current_default.29 > > The "b style" password hashes. It turns out that JtR with the jumbo patch is readily capable of cracking these hashes, due to JimF's "generic MD5" code. Here's how the input file should be formatted for this to work: $ cat pw-mw user:md5_gen(9)e4ab7024509eef084cdabd03d8b2972c$838c83e1- This uses the sample hash from the MediaWiki web page above. John the Ripper 1.7.5-jumbo-3 cracks this as follows: $ ./john pw-mw Loaded 1 password hash ( md5_gen(9): md5($s.md5($p)) [md5-gen MMX 32x2]) password (user) guesses: 1 time: 0:00:00:00 100.00% (2) (ETA: Tue May 18 02:01:00 2010) c/s: 27533 trying: 12345 - falcon $ ./john --show pw-mw user:password 1 password hash cracked, 0 left Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.