Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 7 Feb 2011 03:43:57 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: John the Ripper does not detect openssl MD5 hashes

Martin,

On Mon, Feb 07, 2011 at 01:25:47AM +0200, Martin T wrote:
> I tried to create few MD5 hashes using openssl and then crack those
> hashes using John the Ripper(version 1.7.3.1) and a dictionary file.

You need to apply the jumbo patch (or use a build made with the patch
applied) in order to crack raw MD5 hashes.  Then, you will need the
"--format=raw-md5" option to avoid misdetection (because many different
hash types may have the same 32 hex characters look).

The official JtR supports MD5-based crypt(3) hashes, but not raw MD5.

You may download the jumbo patch or a pre-patched build here:

http://www.openwall.com/john/#contrib
http://download.openwall.net/pub/projects/john/contrib/linux/
http://openwall.info/wiki/john/custom-builds#Compiled-for-Linux-x86

> As you can see, john detects this as a "LM DES [64/64 BS MMX]" not
> "MD5" (this is probably a default if nothing else matches?).

No, it's not a default.  This is what I meant above re: different hash
types being encoded in the same way, with 32 hex chars.

> root@...tin-desktop:~# john --wordlist=/usr/share/john/password.lst --format=MD5 md5crypt

This tells JtR to only load MD5-based crypt(3) hashes, and you have none
of those in your file.

To summarize, you need to do two things at once:

1. Use a jumbo-patched build of JtR.
2. Supply the "--format=raw-md5" option to it.

Alternatively, if you're just experimenting, you may generate hashes of
a type supported by the official JtR.  You can use these Perl scripts:

http://www.openwall.com/lists/john-users/2008/06/18/3

BTW, the above posting is one of those linked from:

http://openwall.info/wiki/john/mailing-list-excerpts

And you may want to refer to this wiki page with sample hashes:

http://openwall.info/wiki/john/sample-hashes

I hope this helps.

Alexander

P.S. You could prefer to run those commands as a non-root user.  It's
not a good habit to run things as root unnecessarily, and from your
shell prompt you don't appear to be on a throw-away LiveCD system.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.