Date: Sat, 27 Sep 2014 11:15:06 -0700 From: Dan Tentler <dan@...nlabs.com> To: john-users@...ts.openwall.com Subject: Re: john --show hurm, that may be it. These are all NT hashes, taken from a domain controller, they should all be uniform. Yep, that was the case.. [root@...alhost run]# ./john --show pwdump --format=nt2 343 password hashes cracked, 19243 left [root@...alhost run]# ./john --show pwdump 104 password hashes cracked, 20216 left I don't suppose a feature request for "just show me everything" would be out of order? :D On 9/26/14 5:38 PM, magnum wrote: > That RPM/version should not have any such bug. The only reason I can > think of is your input file has a mix of formats. > > Example: > > user1:md5hash > user2:md5hash > user3:sha1hash > user4:sha1hash > > To crack all of them, you need to run raw-md5 and raw-sha1 separately. > But this also goes for -show. To see all cracks you'd need to run > "./john -show -format:raw-md5" and then "./john -show -format:raw-sha1". > > The same is also true for pwdump-style input files. They (often) > contain both LM and NT hashes (on each line!), so to see both you need > to run -show with each of those formats given as --format option. > > If this is not it, I think you need to give more detail. > > magnum > > > On 2014-09-27 00:45, Dan Tentler wrote: >> [root@...alhost run]# ./john >> John the Ripper password cracker, ver: 1.7.9-jumbo-5 [linux-x86-64] >> Copyright (c) 1996-2011 by Solar Designer and others >> >> I downloaded the RPM directly from the site. Not my 'regular box', this >> one is some client VM they gave me - rhel 6.5. >> >> -Dan >> >> On 9/25/14 2:33 AM, magnum wrote: >>> On 2014-09-25 06:54, Dan Tentler wrote: >>>> So I noticed that doing john --show doesn't show everything - it seems >>>> to only show 'cracked' passwords, not passwords that were something >>>> like >>>> 'the username is the password'. >>>> >>>> In this example there are a bunch of passwords that are super simple, >>>> and they don't appear to all show up - ~100 or so of them are >>>> 'mailbox' >>>> - meaning 100 accounts with the password mailbox, but when I do john >>>> --show only one example of it appears in the output.. >>>> >>>> To get a full list (to feed to a tool like pipal or something) I'd >>>> have >>>> to do a bunch of hack and slash command line stuff to map the john.pot >>>> file to the pwdump file so i can get a user:pass mapping for every >>>> entry. >>>> >>>> Is this the new functionality, or have I have I found a bug? >>> >>> That would be a bug! What format is this? What version of John are you >>> using? >>> >>> magnum >>> >>> >> >> > >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.