Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 12 Jan 2014 13:19:43 +0100
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-users@...ts.openwall.com
Subject: Re: How to use Wordlists with John The Ripper

On 01/12/2014 07:54 AM, NRO117@...il.com wrote:
> Meanwhile I attempted as described below.  My results were as follows:
> _____
> 
> john password_sha1.txt -w=password.lst
> stat: password_sha1.txt: No such file or directory
> _____
> 
> sha1.txt being the hash I am attempting to decrypt
> password.lst being the wordlist I am attempting to use
> 
> I then entered the following with results below:  
> _____
> 
> john password_sha1.txt -w=password.lst
> Loaded 2 password hashes with no different salts (LM DES [128/128 BS SSE2])

Probably a copy and paste error, and you actually tried
john sha1.txt -w=password.lst

Otherwise, you should have seen the same error message as before.
> _____
> 
> Does that look right? (no different salts included?)

This means, that your version of John the Ripper has detected the hashes
in sha1.txt as LM hashes.
Because your file is named sha1.txt, I would assume that it doesn't
contain LM hashes.
A number of different hash formats might be wrongly detected by john,
especially raw hashes using hexadecimal encoding, i.e., the hashes are
just sequences of [0-9a-f] or [0-9A-F].


I don't suggest you post one or more hashes in your sha1.txt files
(because others might be able to crack them).
But if my assumption about hex encoded hashes is right, it would be nice
to know:

Where and how did you get these hashes, which application or OS is using
these hashes?
Can you create a similar sample hash with a known trivial password, and
post both the known password and the hash here?
If not, can you at least check the length of the hash encoded string?

Is it the same length than the hex encoded string here:

echo -n "test" |sha1sum -
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3  -

These are 40 characters (20 Bytes in hex encoding).
Are your hashes of the same length?
If not, what is the length?


Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.