Date: Sun, 11 Nov 2012 08:06:04 -0500 From: "andrew" <kdkdkdkdkdk489@...il.com> To: john-users@...ts.openwall.com Subject: Re: Trying to understand output of john -status I think you have pointed me in the right direction and help me straighten out my confusion as far, being a novice at this I got confused in a few areas but I think ?? I have straitened it out, I hope. Thanks for your knowledge. Having read your reply I think I have confused a few things, so I'm going to re word this email by saying how I got to where I am. This may show the flaws in what I have done. Of coarse I started this a few months ago so I'm going from notes I made and memory. First let me say that the computer I'm running has linux on it but is an older computer. So your comments on possibly the slowness of the process is most likely partially due to the fact that this is an older computer. Of coarse I would love to speed up the process on this computer but IM not sure is possible??? It's a Pentium 4 1.90 GHz EVO Compaq. The video info is Intel 82845G /GL/GE/PE/GV controller. Its got about 1 Gig of ram. Running linux. My goal is to get the passwords. I tried to follow the documentation regarding JTR as follows... # cp /etc/passwd and /etc/shadow /somewhere # chmod 077 each file Put the files into /john folder Use the following command # ./unshadow ./passwd ./shadow >mypassword # john mypassword Everything seemed to work fine, in that the john.pot file contains two passwords that I already know. e.g. administrator passwords (since I'm administrator I already know those) These were produced fairly quickly. I cannot remember if over the past months I restarted the program with the command # john -restore If I did I think I used that simple command. BUT I know the most recent time I certainly did because I can still see it in the terminal window with the command in it. I had to do this because we had a little thing called Hurricane Sandy and the power went off many times. Now you have mentioned the following... I said .... >> john --show john >> 4 password hashes cracked, 0 left You responded ... >That's a weird command - or rather, it's a weird filename you chose to >use here. First you called the session "john" - that's already pretty >confusing since that's also the name of the John program. Now you're >asking John to print cracked passwords for some file named "john". >What's in that file? I suggest that you avoid confusing/conflicting >names like that. I didn't name the session john, but I think I got confused between the status command and the show command and the session name and the password file. I just thought at the time that since the john.pot was called john that john --show john was the right command. I believe this is where I made a mistake in my report to the NG. After reading your comments I realized that the right command is "john --show mypassword", which gives me I think the output that is more expected. eg. root:xxxxxxx@:0:0:root:/root:/bin/bash admin:xxxxxxx@:101:101:e-smith administrator:/home/e-smith:/sbin/e-smith/console 2 password hashes cracked, 16 left Now, having made corrections to my show command option, and displaying my output of my commands, above properly do you believe that everything is running right? I have a question as to how john actually works. Here is a copy of some of the last tries. guesses: 0 time: 51:06:37:19 0.00% (3) c/s: 4466 trying: shs1geO - shs1god guesses: 0 time: 51:06:37:23 0.00% (3) c/s: 4466 trying: shs1a1n - shs1a1$ guesses: 0 time: 51:06:41:37 0.00% (3) c/s: 4466 trying: shsbL1p - shsbLDS guesses: 0 time: 52:04:08:42 0.00% (3) c/s: 4464 trying: 4peluc31 - 4pelucca guesses: 0 time: 52:04:08:47 0.00% (3) c/s: 4464 trying: 4pelgo78 - 4pelgo75 guesses: 0 time: 57:08:12:25 0.00% (3) c/s: 4475 trying: Bbjipuy - Bbjipua guesses: 0 time: 61:03:26:23 0.00% (3) c/s: 4473 trying: m9kek! - m9kekp guesses: 0 time: 61:03:45:42 0.00% (3) c/s: 4473 trying: ajy241 - ajy24w guesses: 0 time: 61:04:20:53 0.00% (3) c/s: 4473 trying: bprt0r - bprt05 Is it normal that it goes back and forth between, 6 characters and 7. I would have thought that it would try 6 characters then move to 7 and then to 8. Or is it that in this default mode e.g. # john mypassword its just running through all the likely combinations based on the developers experiences and the john.conf file. Finally you said the following ... >>P.S. Please consider posting to john-users via e-mail rather than via >>Gmane. I'm not sure how to do this other than mailing lists?? But I find them harder to manage, you have to subscribe and unsubscribe. You must get all the commands right to do so, rather than just opening a news reader and its there. Unless your talking about something else that I'M not getting? Why is it that you do you not like gmane or the newsgroup method? Thanks for feedback or comments.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.