Date: Wed, 22 Feb 2012 09:19:00 +0100 From: magnum <john.magnum@...hmail.com> To: john-users@...ts.openwall.com Subject: Re: more info about syntax On 02/22/2012 02:50 AM, Rich Rumble wrote: > I have started this project, I thought I'd include the list before I got much > further to make sure the style I'm using was palatable for the community, > I think it's pretty simple, with examples I've tested. One small question > I've had in that testing, is about the GECOS field. Is this always after the > "fifth" colon, or will it vary from patch to patch in jumbo? I've tried adding > the plain-text passwords to my examples in that field whenever -single > was able to crack them; however it doesn't always do so when they are > included in the 5th field, and I've tried 3-7 as well. In released versions, gecos info is always read from field 5 [starting from 1] and uid from field 3. After noticing that pwdump-format could not be used with the --user=<uid> option, this was patched (currently in git, will be in next Jumbo) so for pwdump format, we now read uid from field 2. In l0pthcrack style input, field 5 holds a hash and I noticed these hashes were used to generate zillions of totally useless password candidates in single mode. This was fixed in the same patch. The current code for pwdump will read uid from field 2 and no gid, gecos, homedir or shell information. Maybe I should change this so we do read gecos and homedir from fields 5 and 6 according to the Samba doc (I was not aware of that, I have never seen such info). The current code for l0phtcrack-style input will read gecos from field 3 (just in case there is a domain name there) and no uid, gid, homedir or shell. I am not aware of any more fields that could be of use. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.