Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 4 Dec 2013 17:10:56 -0700
From: Donald Raikes <evhadu@...look.com>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: RE: jtr newbie: getting no hashes loaded message

Magnum,
 
Thanks again!
 
After changing the ":" to a "$" I get 450,000 hashes loaded with 4096 different salts.
 
Now it is just a matter of waiting for the process to finish.
 
> Date: Thu, 5 Dec 2013 00:17:34 +0100
> From: john.magnum@...hmail.com
> To: john-users@...ts.openwall.com
> Subject: Re: [john-users] jtr newbie: getting no hashes loaded message
> 
> On 2013-12-05 00:08, Donald Raikes wrote:
> > Magnum,
> >
> > Thanks for the hints. I had already thought of the dynamic_62 format, but when I run:
> >
> > $ ./john --format dynamic_62 pwd.txt
> >
> > I get no hashes loaded.
> 
> That is because you use ':' between hash and salt as opposed to the '$' 
> I suggested.
> 
> > When I run:
> >
> > $ ./john --format=raw-sha256 pwd.txt
> > I get 452,000 hashes loaded
> >
> > However, when I combine the second command with a wordlist of over 18,000,000 words, it returns 0 matches.
> 
> Trying to crack salted hashes with an unsalted format will do no good. 
> Although actually if a password candidate happens to end with the 
> literal salt, it will be cracked (claiming the salt was part of the 
> password).
> 
> > According to the java source code that was used to generate teh file, the hash was created as follows:
> >
> > 1. a secure random 12-bit number is generated.
> > 2. sha256($p+"|"+$s);
> 
> Here's an important detail. It seems we have a literal "|" character to 
> deal with too. Instead of hacking source code and rebuild JtR, you can 
> add that literal character so eg. a salt of "1234" is listed as "|1234".
> 
> > 3. base64_encode(hash from #2);
> >
> > I wrote a java program to base64_decode the encoded hash and print it in hexadecimal format.
> > I checked the output with an online base64 to hex converter and it was correct.
> >
> > so now my file format is:
> >
> > username:sha256($p.$s):salt
> >
> > When I ran the second format of the john command from above it said that 452,000 hashes were loaded wit h 0 different salts.
> >
> > it seems like the salts are not being taken into account.
> >
> > a snippet of my password file is below:
> >
> > ShortChic74@...oo.com:D59E1B36975F72F2D15BFFBB522F33953636EFB4ABAEAC749A560384A33A9D75:2179
> > mirda@...l.uajy.ac.id:11C23E4E4167803DC83AB04AB6BF17B9EF60EE3C957D3DFA974144E131BC617B:2018
> > Hayley_06jf@...oo.com:90C662E90AD50F4114FCC5A2F3EA82738C25B64BB716CB811B320816F7DDD7A0:387
> > mjharleygirl83@....com:5BF2293A6088C85AC23CBC82A074B76C05CECDC7FAE42AEF9B8DDC3AAD09FCE8:2802
> >
> > Any tips welcome :-)
> 
> This works (using dynamic_62):
> ShortChic74@...oo.com:D59E1B36975F72F2D15BFFBB522F33953636EFB4ABAEAC749A560384A33A9D75$|2179
> mirda@...l.uajy.ac.id:11C23E4E4167803DC83AB04AB6BF17B9EF60EE3C957D3DFA974144E131BC617B$|2018
> Hayley_06jf@...oo.com:90C662E90AD50F4114FCC5A2F3EA82738C25B64BB716CB811B320816F7DDD7A0$|387
> mjharleygirl83@....com:5BF2293A6088C85AC23CBC82A074B76C05CECDC7FAE42AEF9B8DDC3AAD09FCE8$|2802
> 
> I *know* that, because I just now cracked one of them. Oh, make that two.
> 
> magnum
> 
 		 	   		  

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.