Date: Sat, 29 Mar 2014 22:36:43 +0100 From: magnum <john.magnum@...hmail.com> To: john-users@...ts.openwall.com Subject: Loopback and encoding enhancements Invasive changes to bleeding-jumbo has been committed. Some new features: - The loopback mode can now assemble LM password halves. It's a nefarious hack, but it works like a champ. - You can now specify a "hashed encoding" so you can use UTF-8 wordlists for cracking eg. LM hashes. - You can even specify an "intermediate encoding" for the rules engine to use when both wordlists and output hashes are UTF-8. This has some performance penalty but might come very handy. If you use it when attacking a Unicode format (eg. NT) it will automatically pick the faster way of doing it (no extra conversion). - You can set defaults for most everything in john.conf so you'll end up normally not needing to specify any encodings. Details in doc/ENCODING. Examples (using recommended settings in john.conf - *not* the backward-compatible defaults as shipped): $ file test test: UTF-8 Unicode text $ cat test Müller:101:fb0c033ca6248c12aad3b435b51404ee:062de529e54e31079861ec97d666a44f::: Kübelwagen:102:507cf8a61eb3998e0e3012ff9bfbece4:8afdd1e6003511ee39c3b10254255ef5::: $ ../run/john test -format:lm --single Using default input encoding: UTF-8 Target encoding: CP850 Loaded 3 password hashes with no different salts (LM [DES 128/128 AVX-16]) Press 'q' or Ctrl-C to abort, almost any other key for status GEN (Kübelwagen:2) KÜBELWA (Kübelwagen:1) MÜLLER (Müller) 3g 0:00:00:00 DONE (2014-03-29 01:01) 300.0g/s 12800p/s 12800c/s 38400C/s KÜBELWA..KÜBE1WA Warning: passwords printed above might be partial Use the "--show" option to display all of the cracked passwords reliably Session completed John picked defaults of UTF-8 for input files and CP850 for LM hashes. This also meant that the rules engine and/or the format's internal upper-casing of candidates worked for the non-ASCII character. On top of that the output was correct for my UTF-8 terminal, despite the actual encoding being CP850. The results were also encoded in UTF-8 in the pot file, which is arguable - but it's a prerequisite for the next example: $ ../run/john test -format:nt --loopback Rules engine using CP850 for Unicode Loaded 2 password hashes with no different salts (NT [MD4 128/128 X2 SSE2-16]) Assembling cracked LM halves for loopback Loop-back mode: Reading candidates from pot file $JOHN/john.pot Press 'q' or Ctrl-C to abort, almost any other key for status Kübelwagen (Kübelwagen) müller (Müller) 2g 0:00:00:00 DONE (2014-03-29 01:01) 200.0g/s 3200p/s 3200c/s 6400C/s mÜller..müllermüller Use the "--show" option to display all of the cracked passwords reliably Session completed In the second example, John picked defaults of UTF-8 for input files and CP850 for "intermediate" encoding (although without any extra speed penalty because NT can take any encoding without a second conversion). The loopback mode assembled the LM halves and the default loopback rule case-toggled the candidates to success. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.