Date: Sat, 16 Jul 2011 02:46:07 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: sha1(md5($pass) On Fri, Jul 15, 2011 at 08:08:33PM +0000, Donovan wrote: > I am on MAC & use the ERIK Winkler Jumbo version of JTR (V12) ( > http://www.macunix.net/JTR/), thanks for his efforts ! > > i try desesperately to crack some "sha1(md5($pass)" These are supported in recent -jumbo, but you need to specify the --format='md5_gen(23)' option, and not all builds will recognize it. Specifically, -x86-64 builds of 1.7.8-jumbo-2 don't, whereas 32-bit x86 and "make generic" builds do. Since you say you're using an existing Universal Binary build for a Mac, you may have to explicitly invoke its 32-bit component using: arch -i386 ./john --format='md5_gen(23)' pw but I don't know/recall if that older version supports md5_gen(23) at all or not, in any of its builds. Maybe not, in which case you'd need to build and use a newer version instead. > I read allready here > http://comments.gmane.org/gmane.comp.security.openwall.john.user/3148 > > & follow the Alexander advice by add on the hashes list " $SHA1p$User$" That's not what you need. This syntax is for certain trivial kinds of salted SHA-1 hashes, with no MD5 involved. > 0000a2776ea490e49563dac224b620ecf73b282e > 00076de90f8e24bff1569b1ae73e92fa10787f6d > 000d39dfcd13fc48af4088254efa26192fcb7f83 > 000da1b6e1e724cf3f23d1784b80fcf48a481890 > 001148f475b9f5d744f63a8318db3c4c2dea4789 Here's how these are loaded by a "make generic" build of 1.7.8-jumbo-2 on a Linux/x86-64 system (no 32-bit gcc/glibc/openssl, which is why I had to use "generic" in this case): $ ./john --format='md5_gen(23)' pw Loaded 5 password hashes with no different salts ( md5_gen(23): sha1(md5($p)) [64x2 (MD5_Body)]) To test that this works right, I generated the following hash: 4028a0e356acc947fcd2bfbf00cef11e128d484a The corresponding password gets cracked: $ ./john --format='md5_gen(23)' pw-test Loaded 1 password hash ( md5_gen(23): sha1(md5($p)) [64x2 (MD5_Body)]) test (?) guesses: 1 time: 0:00:00:04 DONE (Sat Jul 16 02:40:28 2011) c/s: 29.29 trying: 12345 - barney Use the "--show" option to display all of the cracked passwords reliably There's some slowness at startup, though - but with your 5 hashes the speed increased to a reasonable level (millions c/s) after a while. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.