Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 16 Sep 2011 23:33:22 +0200
From: Nicolas RUFF <nicolas.ruff@...il.com>
To: john-users@...ts.openwall.com
Subject: Unable to get md5(unicode($u."&".$p)) working

	Hello,

I am trying to setup the following algorithm with md5_gen:
md5(unicode($u."&".$p))

Therefore I applied the following john.conf modification:
----------------------------
[List.Generic:md5_gen(1009)]
Expression=md5(unicode($u."&".$p))
Flag=MGF_USERNAME
Flag=MGF_NOTSSE2Safe	# just to be sure ...
Func=MD5GenBaseFunc__clean_input
Func=MD5GenBaseFunc__setmode_unicode
Func=MD5GenBaseFunc__append_userid
Func=MD5GenBaseFunc__append_input1_from_CONST1
Func=MD5GenBaseFunc__append_keys
Func=MD5GenBaseFunc__crypt
CONST1=&
Test=md5_gen(1009)ca6ebcf4d6ed610ef1fb7316f9f415db$$Uroot:casque
----------------------------

Test vector passed ok, but john is unable to crack any password afterwards:

----------------------------
$ cat testpwd.txt
john.doe:e1a42cffc9159f386a260fe47d63a780

$ cat testdic.txt
123456
findme
toto

$ ./run/john --wordlist=testdic.txt --format=md5-gen
--subformat="md5_gen(1009)" testpwd.txt
Loaded 1 password hash (md5_gen(1009) md5(unicode($u."&".$p)) [128x1
(MD5_Body)])
guesses: 0  time: 0:00:00:00 DONE (Fri Sep 16 23:07:39 2011)  c/s: 300
trying: 123456 - toto
----------------------------

("john.doe" password is "findme")

Maybe I am missing something obvious, but I am completely stuck at this
point ...

Test platform:
* Ubuntu 10.04 32-bit
* John-1.7.8-jumbo-5
* make linux-x86-any

PS. The following (completely unoptimized) Python script works for me as
a password generator:
----------------------------
from hashlib import md5

def convert_unicode(in_str):
    out_str = ""
    for c in in_str:
        out_str += c + "\x00"
    return out_str

def compute_hash(login, password):
    m = md5()
    m.update( convert_unicode(login + "&" + password) )
    return m.hexdigest()

print compute_hash( "john.doe", "findme" )
----------------------------

Regards,
- Nicolas RUFF

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.