Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 22 Feb 2012 09:19:00 +0100
From: magnum <>
Subject: Re: more info about syntax

On 02/22/2012 02:50 AM, Rich Rumble wrote:
> I have started this project, I thought I'd include the list before I got much
> further to make sure the style I'm using was palatable for the community,
> I think it's pretty simple, with examples I've tested. One small question
> I've had in that testing, is about the GECOS field. Is this always after the
> "fifth" colon, or will it vary from patch to patch in jumbo? I've tried adding
> the plain-text passwords to my examples in that field whenever -single
> was able to crack them; however it doesn't always do so when they are
> included in the 5th field, and I've tried 3-7 as well.

In released versions, gecos info is always read from field 5 [starting
from 1] and uid from field 3. After noticing that pwdump-format could
not be used with the --user=<uid> option, this was patched (currently in
git, will be in next Jumbo) so for pwdump format, we now read uid from
field 2.

In l0pthcrack style input, field 5 holds a hash and I noticed these
hashes were used to generate zillions of totally useless password
candidates in single mode. This was fixed in the same patch.

The current code for pwdump will read uid from field 2 and no gid,
gecos, homedir or shell information. Maybe I should change this so we do
read gecos and homedir from fields 5 and 6 according to the Samba doc (I
was not aware of that, I have never seen such info).

The current code for l0phtcrack-style input will read gecos from field 3
(just in case there is a domain name there) and no uid, gid, homedir or
shell. I am not aware of any more fields that could be of use.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.