Date: Mon, 7 Feb 2011 03:43:57 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: John the Ripper does not detect openssl MD5 hashes Martin, On Mon, Feb 07, 2011 at 01:25:47AM +0200, Martin T wrote: > I tried to create few MD5 hashes using openssl and then crack those > hashes using John the Ripper(version 18.104.22.168) and a dictionary file. You need to apply the jumbo patch (or use a build made with the patch applied) in order to crack raw MD5 hashes. Then, you will need the "--format=raw-md5" option to avoid misdetection (because many different hash types may have the same 32 hex characters look). The official JtR supports MD5-based crypt(3) hashes, but not raw MD5. You may download the jumbo patch or a pre-patched build here: http://www.openwall.com/john/#contrib http://download.openwall.net/pub/projects/john/contrib/linux/ http://openwall.info/wiki/john/custom-builds#Compiled-for-Linux-x86 > As you can see, john detects this as a "LM DES [64/64 BS MMX]" not > "MD5" (this is probably a default if nothing else matches?). No, it's not a default. This is what I meant above re: different hash types being encoded in the same way, with 32 hex chars. > root@...tin-desktop:~# john --wordlist=/usr/share/john/password.lst --format=MD5 md5crypt This tells JtR to only load MD5-based crypt(3) hashes, and you have none of those in your file. To summarize, you need to do two things at once: 1. Use a jumbo-patched build of JtR. 2. Supply the "--format=raw-md5" option to it. Alternatively, if you're just experimenting, you may generate hashes of a type supported by the official JtR. You can use these Perl scripts: http://www.openwall.com/lists/john-users/2008/06/18/3 BTW, the above posting is one of those linked from: http://openwall.info/wiki/john/mailing-list-excerpts And you may want to refer to this wiki page with sample hashes: http://openwall.info/wiki/john/sample-hashes I hope this helps. Alexander P.S. You could prefer to run those commands as a non-root user. It's not a good habit to run things as root unnecessarily, and from your shell prompt you don't appear to be on a throw-away LiveCD system.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.