Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 29 Jul 2011 17:28:26 +0800
From: Gu George <>
Subject: Question on Domino Hash crack


I domino web hashes by using meta exploit framework from one web site. The
dump result seems like:

Lotus Domino - Account Found: admin, admin@...**.com,

So, I think the user account is : admin and the hash for "admin" is

Then I use john-1.7.8-jumbo-4 and following instructions from

1. echo >22.txt 'admin:(8A1FBFD38D6E608F9CEF2D313DDE7080)'
2. ./john --format=dominosec 22.txt

But the result is always:No password hashes loaded (see FAQ).

I have made another test:

1. echo >22.txt 'admin:(Gl2g1LxkORRxxrTHqrY6)' --> this hash is copied from, just for test.
2. ./john --format=dominosec 22.txt

The output is: Loaded 1 password hash (More Secure Internet Password [RSA MD
defined by BSAFE 1.x - Lotus v6])
No password hashes left to crack (see FAQ)

So, my question is:

1. What is the hash format I downloaded, e.g. is the hash like
(8A1FBFD38D6E608F9CEF2D313DDE7080) not supported by John?
2. How can I crack this kink of hash?



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.