Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 26 Dec 2011 15:38:35 -0500
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: more info about syntax

On Mon, Dec 26, 2011 at 2:08 PM, newangels newangels
<contact.newangels@...il.com> wrote:
> Hi,
>
> I second what W/A say, it will be really nice from your part & verry
> helpfull to help us to find the correct syntax of each "algo'", we
> dont talk for sure abour "raw-md5, Raw_sha1, Des etc...." but all the
> other one's who are not comment's.
>
> Each time with some exotic Hash it's an real "quest" lol

I've been there, and in some cases there are a few ways to load
the same hash type. There are explicit types and there are
"formated" types.
The format is typically
Username (colon) hash (colon)    [unsalted typical]
Username (colon) salt + hash (colon)    [salted]
Username (colon) salt (colon) hash (colon)    [salted]
Example:
user-1:a3aecb685fd19d080881ff49b06373f2:md5::::::
user-1:$1$Kk3.La/.$PfwgUNX/fPvg/C6Yd9ME01:crypt::::::
user-1:1B1EA87A5FBDCDC1634892381079F54C13F3684B:sha1:::::
user-1:1eafa62b1ef1d05f:mysql323:::::

The explicit formats can be found mostly in the *fmt_plug.c
NT's for example...

$NT$7a21990fcd3d759941e45c490f143d5f
$NT$f9e37e83b83c47a93c2f09f66408631b
$NT$8846f7eaee8fb117ad06bdd830b7586c
$NT$2b2ac2d1c7c8fda6cea80b5fad7563aa
$NT$32ed87bdb5fdc5e9cba88547376818d4
Those will all crack with a username of "?" so it's best to add a name
if you want, user:hash (johnD:$NT$7a21990fcd3d759941e45c490f143d5f)

Pwdump file format is supported to LM and NTLM
user (colon) LM-Hash (colon) NTLM-Hash (colon)(colon)(colon)
The LM and or the Ntlm can be blank or have certain "fillers"
namely **********No Password******* but the colons are the delimiters
that are necessary in that format. The ending colons are needed for
any format I'm aware of, I thought however you can add the password at
the end if you knew it, or put in notes/comments in those portions. I think
Single-crack mode will look at those comments or notes and try doing
crafty things with them.

I don't know of a central example file, or a file that exemplifies how
a hash should be formatted, but I think it depends on the hash itself
and who ever wrote the patch, the standard delimiter is the colon, and
the most basic format is user:hash. Looking at the test routines in the
fmt_plug.c files and you'll find some examples used when running john
-test.
-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.