Date: Tue, 05 Aug 2014 19:54:14 +0200 From: Jörg Knobloch <jorgk@...gk.com> To: john-users@...ts.openwall.com Subject: Problem running John on Windows when trying to crack sha512 encrypted /etc/shadow from Linux I am trying to run John on Windows since my Windows PC is more powerful than me Linux PC. This is the hash I want to crack as a first experiment: root:$6$irSkguJ9$QhY91Upy8ynBsQHZ8rB2RgXOGzH1bPCssJMVrv1dgXU1Ek7CqRhfp3.oRaX/GB3k6/wcl2nYtOmeQG3bie1Qo/:16286:0:99999:7::: The password for root (which is "root"), so not a great secret. On Linux I run "john /etc/shadow" and it happily reports the password after a while. On Windows running john.exe from either john179w2.zip, john179j5w.zip or john-1.8.0-Win-32.zip I get: "No password hashes loaded (see FAQ)". I'm so sorry, it's a beginners question and you say so in the FAQ, but sadly you don't give a clear answer. Let's see: A: Your password file taken from a Unix-like system might be shadowed. No, I'm using /etc/shadow and on Linux it works fine. A: All of the password hashes found in the file might be already cracked No. A: With PWDUMP-format files, ... Doesn't apply. A: If you're using the "--format" option, try dropping it. No, not using it. A: Your password hash or cipher type(s) might not be supported by John, or at least by the version and build of John that you're using. Maybe. I've used three different Windows binaries, all give the same error. Nowhere does it say which cipher types are supported. The Windows 1.79 "Jumbo version" says: --format=NAME force hash type NAME: des/bsdi/md5/bf/afs/lm/ dynamic_n/bfegg/dmd5/dominosec/epi/hdaa/ipb2/krb4/ krb5/mschapv2/mysql-fast/mysql/netlm/netlmv2/netntlm/ netntlmv2/nethalflm/md5ns/nt/phps/po/xsha/crc32/ hmac-md5/lotus5/md4-gen/mediawiki/mscash/mscash2/ mskrb5/mssql/mssql05/mysql-sha1/nsldap/nt2/oracle11/ oracle/phpass-md5/pix-md5/pkzip/raw-md4/raw-md5thick/ raw-md5/raw-sha1/raw-sha/raw-md5u/salted-sha1/sapb/ sapg/sha1-gen/raw-sha224/raw-sha256/raw-sha384/ raw-sha512/xsha512/hmailserver/sybasease/trip/ssh/pdf/ The Windows 1.8 version says: --format=NAME force hash type NAME: descrypt/bsdicrypt/md5crypt/ bcrypt/LM/AFS/tripcode/dummy The Linux 1.8 versions says: --format=NAME force hash type NAME: descrypt/bsdicrypt/md5crypt/ bcrypt/LM/AFS/tripcode/dummy/crypt Maybe "crypt" includes the sha512 stuff, which is therefore not available on Windows. A: John only loads properly formatted text files directly. I'm using the /etc/shadow file or the "unshadowed" (combined with /etc/passwd). On Linux both work, on Windows none. A: The file you're trying to run John on might in fact not be a password file at all. Well, it is. A: Your command line syntax might be wrong, resulting in John trying to load a wrong file. What can be wrong in "john.exe file.txt"?
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.