Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 17 Jun 2019 16:24:10 -0500
From: Adam Lininger <>
Subject: Re: Using cracked non-ascii passwords in a wordlist

Thank you. That may right there accomplish what I wanted more simply than
my bash scripting. I'm currently using bleeding-jumbo, but from a bit prior
to 1.9.0. I will be sure to update and play with it.


On Mon, Jun 17, 2019 at 3:50 PM Matt Weir <> wrote:

> I'm sure there are better options, but if you are using the bleeding-jumbo
> version of JtR:
> You can use JtR's '--loopback' option combined with '--stdout' and
> '--rules=none' to pipe the results to a file. This strips the hash info
> from the raw .pot files, and does deduplication so you don't end up with a
> million entries of '123456'.
> Example below to put everything into a file called 'new_wordlist.txt'
> (Note, I'm not at my computer so there may be a typo):
> ./john --loopback --stdout --rules=none > new_wordlist.txt
> I'm not sure if '--loopback' has been added to the official 1.9.0-jumbo-1
> version JtR, and I'm pretty sure it's not in core. So if you have an error
> and are not using magnumripper's version above that's probably the cause.
> Also, if you don't want to create a new wordlist, you can use the
> 'loopback' option to generate guesses directly from a .pot file. It works
> like a normal '--wordlist' option and you can apply other mangling rules to
> it. That's why I included the '--rules=none' option above, so that way you
> don't apply any rules when creating a 'clean' wordlist from your previous
> cracks.
> Cheers,
> Matt
> On Mon, Jun 17, 2019 at 3:55 PM Adam Lininger <>
> wrote:
> > All,
> > I'm trying to work at getting an efficient way to feed previously cracked
> > hashes back in to a wordlist for future use. I'm using the 2015 Crack Me
> if
> > you Can competition hashes for this effort.
> >
> > One such hash, shown below, was cracked using non-ascii characters. From
> > the output of `john --show | less`:
> >
> > f63e00ed861b130f0ac9ddd040ecf63a:<C8><CB>Ke<C9>
> >
> > As you can see, there are non-ascii characters in the resulting hash.
> > However, putting the actual non-ascii characters in to a wordlist is
> > ineffective at cracking the same hash on a fresh machine.
> >
> > Is there any way to make john output cracks in a more cannonical format?
> > Alternatively, can I input non-ascii wordlists in a more cannonical
> format?
> >
> > Adam
> >

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.