Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 19 May 2016 06:46:29 -0400
From: Rich Rumble <>
Subject: Re: JtR Jumbo 1.79 on Win7, md5hash matching does not work

On Tue, May 17, 2016 at 12:17 PM, Michael Mckenna-Mattiaccio
<> wrote:
> Hello all,
> I have a folder containing .doc .xls .pdf .ppt .zip files that are
> encrypted and I need to recover their passwords. I have a custom wordlist
> that I know contains at least some correct passwords, but I never get a
> single correct guess.
> The Windows binary doesn't ship with office2john but it does ship with
> pdf2john and zip2john as you can see here
Try the custom builds section of the John wiki:
The office2john requires python not PowerShell, I wrapped the py into
an exe and included it in the custom build for windows users.
A search of "office2john windows" turns up the same result
> So I used a random tool my company uses called Karen's Directory Printer. I
> fed in the directory with all the files and selected the output of a .txt
> file with just a list of all the md5hashes created by Karen's...
That program, after googling, give you an md5 checksum of the file,
not the encryption of the file.
> Here is some sample output from Johnny
John thinks these are 11 different hash types
HAVAL-128-4, lotus5, MD2, mdc2, mscash, mscash2, NT, Raw-MD5u,
ripemd-128, Snefru-128, NT-old
I don't think Karens tool is needed here.
> I don't think the md5crypt script is included in the Windows binaries for
> Jumbo 1.79 because when I try to run  --format=md5crypt  I get Unknown
> ciphertext format name requested
md5crypt appears to refer to FreeBSD hashes, thanks google
The md5 checksum that Karens tool was outputting won't be of use to you.
> How do I copy the md5 functionality from the github sources so it works in
> JtR?
Office formats are CRC16 (pst's), RC4 (old office) and SHA1+AES these days
Again the md5 checksum's aren't needed here.
> Also, it doesn't seem to really be using the custom wordlist correctly.
> Whenever I link to the custom wordlist, JtR runs quickly and with no
> results. If I don't use Wordlist mode then at least JtR seems to be trying.
> I even made a .bu of the default wordlist and put my custom wordlist in its
> place in the JTr Jumbo folder and I'm still not seeing results.
john.exe -w wordlist_here.txt -format=office hashes.txt    (could also
be old-office)
That should do it (shouldn't need the format if only office hashes are
in the file), I recommend using rules
john.exe -w wordlist_here.txt hashes.txt -rules=jumbo
> I have tried the *2john feature of Johnny but it doesn't seem to work well
> for me. I was once able to get a pdf password out and removed the prefix
> info for but the feature is no
> longer working, it just hangs on Conversion in progress..... I tried with a
> pdf The following command in PowerShell doesn't get me any results either,
> regardless of whether the output file exists at the time the command is
> run: PS C:\Program Files (x86)\john179j5w\john179j5\run> .\
> C:\Users\tdmnyadmin\Desktop\Password_Cracking\SampleFiles\001\Doc3.doc
> C:\Users\tdmnyadmin\Desktop\Password_Cracking\office.lst
Again PS isn't going to run python scripts, they do look similar.
> What's the correct command format for these *2john scripts? I can't find
> that in the docs.
We can try to do better, there are tutorials out there for many hash types

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.