Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 18 Dec 2014 10:01:47 +0100
From: Frank Dittrich <frank.dittrich@...lbox.org>
To: john-users@...ts.openwall.com
Subject: Re: content of passwd file and --single

On 12/18/2014 08:51 AM, patpro@...pro.net wrote:
> On 18 déc. 2014, at 08:26, Frank Dittrich <frank.dittrich@...lbox.org> wrote:
>> This is the mode you should start cracking with.  It will use the
>> login names, "GECOS" / "Full Name" fields, and users' home directory
>> names as candidate passwords, also with a large set of mangling rules
>> applied. [...]
> 
> I've read the doc before posting, but it looks kind of fuzzy to me. What I would like is an explicit list of fields that matters / where I can put pieces of info grabbed from the LDIF file. I'm not a developer, otherwise I would have read the source code.

An /etc/password line looks like this:

Guest:x:1001:1001:guest:/home/Guest:/bin/bash

The first field is the login name field (used in single mode).

The second field used to be the password hash, until the hashes were
moved to /etc/shadow. This is the field where john expects to find the
hash. You can use john's unshadow to combine /etc/passwd and /etc/shadow
into a file which can be used by john.

The 3rd field is the user id field. You can use it in john's --users=
option. But you can as well use the login name(s) for --users=.

The 4th field is the group id field. (Modern distros often create a new
group id for each user. Years ago, all regular users used to be in the
same group. You can use this field in john's --groups= option.

The 5th field is the "full name" or "GECOS" field, it will be used for
--single. The GECOS field might contain names or descriptions with
multiple words, i.e. "Frank Dittrich", "Anonymous NFS User", etc.

John will split that contents into individual words and also use
combinations of these words and login name etc. in single mode.

Core john will split the contents at these ASCII characters into words:

/*
 * Word separator characters for ldr_split_words(), used on GECOS fields.
 */
#define issep \
        "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~\177"

The jumbo version adds some encoding-specific non-ascii characters to
the list of separator characters.

The 6th field is the user's home directory name, it will also be used in
single mode.
The last field is the user's shell.

Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.