Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 23 Nov 2012 21:59:06 -0800 (PST)
From: wfdawson <wfdawson@...lsouth.net>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: John not "showing" cracked passwords in pot file

Using the familiar "hello" raw-md5 hash...


$ cat user
user:5d41402abc4b2a76b9719d911017c592


$ john --show --format=raw-md5 user
0 password hashes cracked, 1 left


$ grep 5d41402abc4b2a76b9719d911017c592 ~/.john/john.pot
5d41402abc4b2a76b9719d911017c592:hello


Strange... I thought it was perhaps related to the size of my pot file, so I created a special pot file with only the single hash in it lifted from my legacy pot file.  Same result.  I tried it with the "current" test version from Gentoo, and the latest unstable from github.  Same result each try.  Oddly enough, show=left indicates no remaining uncracked hashes.


$ cat john.pot
5d41402abc4b2a76b9719d911017c592:hello


$ ./john --show --pot=john.pot --format=raw-md5 user
0 password hashes cracked, 1 left


$ ./john --show=left --pot=john.pot --format=raw-md5 user


$ ./john --session=user-all --pot=john.pot --format=raw-md5 user
Loaded 1 password hash (Raw MD5 [128/128 SSE2 intrinsics 12x])
No password hashes left to crack (see FAQ)


ver: 1.7.9-jumbo-7+unstable_omp [linux-x86-64i]

It finally hit me - my legacy pot file is missing the tag that current versions of john prepend to the hash.  A "proper" john.pot should have:

$ cat john.pot
$dynamic_0$5d41402abc4b2a76b9719d911017c592:hello


$ ./john --show --pot=john.pot --format=raw-md5 user
user:hello

1 password hash cracked, 0 left



My pot file has 1340887 untagged hash lines out of 5132667 total.  It seems that lotus5 and dominosec hashes don't get a tag, so that's a legitimate circumstance for much of my pot file.

I suppose I could clean this up by moving my john.pot to another location and artificially re-crack the assembled hashes by iterating over the known hash types to rebuild the "missing" tags.  Is there an easier way to get there?

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.