Date: Thu, 19 May 2016 06:46:29 -0400 From: Rich Rumble <richrumble@...il.com> To: john-users@...ts.openwall.com Subject: Re: JtR Jumbo 1.79 on Win7, md5hash matching does not work On Tue, May 17, 2016 at 12:17 PM, Michael Mckenna-Mattiaccio <mckennammj@...il.com> wrote: > Hello all, > > I have a folder containing .doc .xls .pdf .ppt .zip files that are > encrypted and I need to recover their passwords. I have a custom wordlist > that I know contains at least some correct passwords, but I never get a > single correct guess. > > The Windows binary doesn't ship with office2john but it does ship with > pdf2john and zip2john as you can see here https://paste.debian.net/686868/ Try the custom builds section of the John wiki: http://openwall.info/wiki/john/custom-builds The office2john requires python not PowerShell, I wrapped the py into an exe and included it in the custom build for windows users. A search of "office2john windows" turns up the same result https://www.google.com/search?q=office2john+windows&ie=utf-8&oe=utf-8 > So I used a random tool my company uses called Karen's Directory Printer. I > fed in the directory with all the files and selected the output of a .txt > file with just a list of all the md5hashes created by Karen's... > https://paste.debian.net/686908/ That program, after googling, give you an md5 checksum of the file, not the encryption of the file. > Here is some sample output from Johnny > https://paste.debian.net/hidden/4cf6b99d/ John thinks these are 11 different hash types HAVAL-128-4, lotus5, MD2, mdc2, mscash, mscash2, NT, Raw-MD5u, ripemd-128, Snefru-128, NT-old I don't think Karens tool is needed here. > I don't think the md5crypt script is included in the Windows binaries for > Jumbo 1.79 because when I try to run --format=md5crypt I get Unknown > ciphertext format name requested md5crypt appears to refer to FreeBSD hashes, thanks google https://www.google.com/search?q=md5crypt&ie=utf-8&oe=utf-8#q=md5crypt+%22john+the+ripper%22 The md5 checksum that Karens tool was outputting won't be of use to you. http://xinn.org/blog/choosing-the-right-encryption.html http://xinn.org/blog/password-security.html > How do I copy the md5 functionality from the github sources so it works in > JtR? Office formats are CRC16 (pst's), RC4 (old office) and SHA1+AES these days https://blogs.msdn.microsoft.com/david_leblanc/2008/12/04/new-improved-office-crypto/ Again the md5 checksum's aren't needed here. > Also, it doesn't seem to really be using the custom wordlist correctly. > Whenever I link to the custom wordlist, JtR runs quickly and with no > results. If I don't use Wordlist mode then at least JtR seems to be trying. > I even made a .bu of the default wordlist and put my custom wordlist in its > place in the JTr Jumbo folder and I'm still not seeing results. john.exe -w wordlist_here.txt -format=office hashes.txt (could also be old-office) That should do it (shouldn't need the format if only office hashes are in the file), I recommend using rules john.exe -w wordlist_here.txt hashes.txt -rules=jumbo > I have tried the *2john feature of Johnny but it doesn't seem to work well > for me. I was once able to get a pdf password out and removed the prefix > info for https://paste.debian.net/hidden/1eeeaffd/ but the feature is no > longer working, it just hangs on Conversion in progress..... I tried with a > pdf The following command in PowerShell doesn't get me any results either, > regardless of whether the output file exists at the time the command is > run: PS C:\Program Files (x86)\john179j5w\john179j5\run> .\office2john.py > C:\Users\tdmnyadmin\Desktop\Password_Cracking\SampleFiles\001\Doc3.doc > C:\Users\tdmnyadmin\Desktop\Password_Cracking\office.lst Again PS isn't going to run python scripts, they do look similar. > What's the correct command format for these *2john scripts? I can't find > that in the docs. We can try to do better, there are tutorials out there for many hash types http://xinn.org/blog/JtR-AD-Password-Auditing.html https://countuponsecurity.files.wordpress.com/2015/06/jtr-cheat-sheet.pdf -rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.