Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 11 Nov 2012 08:06:04 -0500
From: "andrew" <>
Subject: Re: Trying to understand output of john -status

I think you have pointed me in the right direction and help me straighten 
out my confusion as far, being a novice at this I got confused in a few 
areas but I think ?? I have straitened it out, I hope.

Thanks for your knowledge. Having read your reply I think I have confused a 
few things, so I'm going to re word this email by saying how I got to where 
I am. This may show the flaws in what I  have done.

Of coarse I started this a few months ago so I'm going from notes I made and 

First let me say that the computer I'm running has linux on it but is an 
older computer. So your comments on possibly the slowness of the process is 
most likely partially due to the fact that this is an older computer.

Of coarse I would love to speed up the process on this computer but IM not 
sure is possible???
It's a Pentium 4 1.90 GHz EVO Compaq.
The video info is Intel 82845G /GL/GE/PE/GV controller.
Its got about 1 Gig of ram. Running linux.

My goal is to get the passwords.

I tried to follow the documentation regarding JTR as follows...

# cp  /etc/passwd  and  /etc/shadow /somewhere

# chmod 077 each file

Put the files into /john folder
Use the following command
# ./unshadow ./passwd ./shadow >mypassword

# john mypassword

Everything seemed to work fine, in that the john.pot file contains two 
passwords that I already know. e.g. administrator passwords (since I'm 
administrator I already know those) These were produced fairly quickly.

I cannot remember if over the past months I restarted the program with the 
# john -restore
If I did I think I used that simple command. BUT I know the most recent time 
I certainly did because I can still see it in the terminal window with the 
command in it.   I had to do this because we had a little thing called 
Hurricane Sandy and the power went off many times.

Now you have mentioned the following...
I said ....
>> john --show john
>> 4 password hashes cracked, 0 left

You responded ...
>That's a weird command - or rather, it's a weird filename you chose to
>use here.  First you called the session "john" - that's already pretty
>confusing since that's also the name of the John program.  Now you're
>asking John to print cracked passwords for some file named "john".
>What's in that file?  I suggest that you avoid confusing/conflicting
>names like that.

I didn't name the session john, but I think I got confused between the 
status command and the show command and the session name and the password 
file. I just thought at the time that since the john.pot was called john 
that john --show john was the right command.

I believe this is where I made a mistake in my report to the NG. After 
reading your comments I realized that the right command is "john --show 
mypassword", which gives me I think the output that is more expected. eg.


2 password hashes cracked, 16 left

Now, having made corrections to my show command option, and displaying my 
output of my commands, above properly do you believe that everything is 
running right?

I have a question as to how john actually works.  Here is a copy of some of 
the last tries.

guesses: 0  time: 51:06:37:19 0.00% (3)  c/s: 4466  trying: shs1geO - 
guesses: 0  time: 51:06:37:23 0.00% (3)  c/s: 4466  trying: shs1a1n - 
guesses: 0  time: 51:06:41:37 0.00% (3)  c/s: 4466  trying: shsbL1p - 
guesses: 0  time: 52:04:08:42 0.00% (3)  c/s: 4464  trying: 4peluc31 - 
guesses: 0  time: 52:04:08:47 0.00% (3)  c/s: 4464  trying: 4pelgo78 - 
guesses: 0  time: 57:08:12:25 0.00% (3)  c/s: 4475  trying: Bbjipuy - 
guesses: 0  time: 61:03:26:23 0.00% (3)  c/s: 4473  trying: m9kek! - m9kekp
guesses: 0  time: 61:03:45:42 0.00% (3)  c/s: 4473  trying: ajy241 - ajy24w
guesses: 0  time: 61:04:20:53 0.00% (3)  c/s: 4473  trying: bprt0r - bprt05

Is it normal that it goes back and forth between, 6 characters and 7. I 
would have thought that it would try 6 characters then move to 7 and then to 

Or is it that in this default mode e.g. # john mypassword  its just running 
through all the likely combinations based on the developers experiences and 
the john.conf file.

Finally you said the following ...

>>P.S. Please consider posting to john-users via e-mail rather than via 

I'm not sure how to do this other than mailing lists?? But I find them 
harder to manage, you have to subscribe and unsubscribe. You must get all 
the commands right to do so, rather than just opening a news reader and its 
there. Unless your talking about something else that I'M not getting? Why is 
it that you do you not like gmane or the newsgroup method?

Thanks for feedback or comments. 

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.