Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 13 Dec 2018 23:11:05 +0100
From: Solar Designer <>
Subject: Re: question - hash extraction from .cap tcpdump files

On Thu, Dec 13, 2018 at 9:23 AM JohnyKrekan <> wrote:
> Hello, I want to ask whether you could recommend an utility which would
> allow me to extract hashes (and plain passwords as well) so I could later
> use those hashes with John for testing their security.

Here are some scripts included with JtR jumbo that appear to have pcap
processing functionality:

$ fgrep -rwl pcap run

Further, starts with a note listing other programs (not
scripts, so only available after you build JtR from source):

"Note: This program does not have the functionality of wpapcap2john,
SIPdump, eapmd5tojohn, and vncpcap2john programs which are included with
JtR Jumbo."

On Thu, Dec 13, 2018 at 11:07:06AM -0500, Rich Rumble wrote:
> John can do this already when you provide the pcap's for traffic: VNC, WiFi
> (PSK), EIGRP, HSRP, IKE-PSK, Gadu-Gadu, Kerberos, SSH and others:

SSH doesn't belong on that list: we only support cracking of its private
key passphrases.

> As far as plain-passwords you probably want to look at sniffing them with a
> filter applied to tcpdump/wireshark which is beyond the scope of this list.
> A qucik search turned up some useful results

There's also the now ancient dsniff, which was good, but I imagine you
might have difficulty getting it to build on a modern system:


Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.