Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 2 Sep 2011 13:53:41 +0200
From: estenole lists <estenole.lists@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: False positives on zip (aes256)

Hello all,

fully functional, at least for my specific needs .-)
(1fh8   was added serveral time to the wordlist for testing)

# usr/src/john-1.7.8-jumbo-5/src# ../run/./john
--wordlist=/zip/listado-john.txt /zip/hachme-hash.txt
Loaded 1 password hash (zip [32/64])
1fh8             (/zip/hackme.zip)
1fh8             (/zip/hackme.zip)
1fh8             (/zip/hackme.zip)
guesses: 3  time: 0:00:02:03 0.75% (ETA: Fri Sep  2 18:18:11 2011)  c/s:
239  trying: 10rM - 10sZ
1fh8             (/zip/hackme.zip)
guesses: 4  time: 0:00:04:06 1.51% (ETA: Fri Sep  2 18:16:23 2011)  c/s:
240  trying: 1jm0 - 1jnl
1pf)             (/zip/hackme.zip)
guesses: 5  time: 0:00:06:08 2.24% (ETA: Fri Sep  2 18:18:39 2011)  c/s:
238  trying: 1u3M - 1u4Z


Thank you !

2011/9/2 estenole lists <estenole.lists@...il.com>

>
> Hello,
>
> seems like the problem was on ldr_remove_hash(crk_db, salt, pw) inside
> crk_process_guess .-)))
>
>
> static int crk_process_guess(struct db_salt *salt, struct db_password *pw,
>         int index)
> {
>         int dupe;
>         char *key;
>
>         dupe = !memcmp(&crk_timestamps[index], &status.crypts,
> sizeof(int64));
>         crk_timestamps[index] = status.crypts;
>
>         key = crk_methods.get_key(index);
>
>         log_guess(crk_db->options->flags & DB_LOGIN ? pw->login : "?",
>                 dupe ? NULL : pw->source, key,
> crk_db->options->field_sep_char);
>
>         crk_db->guess_count++;
>         status.guess_count++;
>
>         if (crk_guesses && !dupe) {
>                 strnfcpy(crk_guesses->ptr, key,
> crk_params.plaintext_length);
>                 crk_guesses->ptr += crk_params.plaintext_length;
>                 crk_guesses->count++;
>         }
>
>         /*ldr_remove_hash(crk_db, salt, pw);*/
>
>         if (!crk_db->salts)
>                 return 1;
>
>         crk_init_salt();
>
>         return 0;
> }
>
>
> Thank you
>
>
>
> 2011/9/2 estenole lists <estenole.lists@...il.com>
>
>>
>> Hello,
>>
>> ive tried it without suceess, it stops on the first key it finds. Ive been
>> makeing some tests
>> and seems like i should modify the function crk_process_gues called from
>> cracker.c. My C
>> knowledge is limited, but that function make some changes that affect the
>> rest of the bufferered
>> keys os any other value.
>>
>>
>>  if (crk_methods.cmp_exact(pw->source, index)) {
>>                                 if (crk_process_guess(salt, pw, index))
>>                                    ->     return 1;
>>                                 else
>>                                         break;
>>                         }
>>
>>                 } while ((pw = pw->next));
>>
>>
>> Ive tried some modifications, but after crk_process_gues the program
>> exits. I tried to modify some
>> calls before but i ended on a Segmen segfault errors.
>>
>> Ill let you know if im able to get it working.
>>
>> Thank you !
>>
>>
>>
>>
>> 2011/9/1 jfoug <jfoug@....net>
>>
>>> You will have to 'change' the zip format source file to  do this. Change
>>> the
>>> cmp_exact to this (NOTE I have not tested, just coding in the email)
>>>
>>> static int cmp_exact(char *source, int index)
>>> {
>>>        static int cnt=0;
>>>        if (++cnt < 13) // we have to 'pass' the self tests.
>>>                return has_been_cracked[index];
>>>        cnt = 20; // to make sure we do not 'wrap' cnt past the end of a
>>> 2^31 number to a negative number
>>>        if (has_been_cracked[index]) {
>>>                fprintf(stderr, "\nPossible pass:  %s   Hash=%s\n\n",
>>> saved_key[index], source);
>>>                log_event("++ Possible pass:   [%s]", saved_key[index]);
>>>        }
>>>      return 0;
>>> }
>>>
>>> Then you can see them show up on the screen output, and also in the
>>> john.log
>>> file.  These can then be tested after the run.
>>>
>>> NOTE, this method will cause john to NEVER find the password.  It simply
>>> informs you in output that a possible password was seen.  The right one
>>> will
>>> be output, along with any false positives.
>>>
>>> Jim.
>>>
>>> >From: estenole lists [mailto:estenole.lists@...il.com]
>>> >
>>> >Hello all,
>>> >
>>> >im using the latest John the Ripper
>>> >1.7.8-jumbo-5<http://www.openwall.com/john/g/john-1.7.8-jumbo-5.tar.gz>
>>> >version
>>> >for trying to get the key of a zip encrypted
>>> >with aes256 bit. I allready know that actuallty false positives are
>>> >common
>>> >at this time.
>>> >
>>> >THe problem is tha when processing the wordlist john stops as soon as a
>>> >key
>>> >is found, but at the moment
>>> >none on them works, what i want to achieve is to force john to try with
>>> >the
>>> >full wordlist while printing
>>> >the keys found so i can try them when finished. Could find any option or
>>> >configuration to do so, do you
>>> >know id theres such a possiblity ?
>>> >
>>> >Thank you
>>>
>>>
>>
>

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.