Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 6 Apr 2020 12:26:14 +0200
From: Solar Designer <>
Subject: Re: Getting error while using john command

On Sun, Apr 05, 2020 at 08:27:48AM +0530, Namita Diwedi wrote:
>  I tried running commands as described by you.It started and since 9 days i
> am running it continuously but no result so far.
> Can you please tell if i miss something or it generally takes this much time

This is normal.  It might as well run essentially forever, unless your
password is weak and gets cracked.  Here's the relevant FAQ entry:

Q: I am running John for 10 days and it is still not finished?!
Q: How long should I expect John to run?
A: It primarily depends on the cracking mode(s) and on your password
files (in particular, the type of hashes and the number of different
salts, if applicable).  Most importantly, you should note that the
"incremental" mode, which a default John run (with no command line
options) proceeds with after being done with the quicker checks, is not
supposed to terminate in a reasonable time.  It is up to you to decide
how long you're going to let it run, then consider any uncracked
passwords strong enough.  "Single crack" mode runs typically take from
under a second to one day (depending on the type and number of password
hashes).  Wordlist mode runs may also be quick (under a second) for
tiny wordlists and fast hashes or they may take multiple days with large
wordlists, with word mangling rules, and with slow hash types and
substantial numbers of different salts.  The status line John reports
whenever you hit a key includes a progress indicator (percent complete)
for "single crack" and wordlist modes.  With no cracking mode requested
explicitly, John will start with "single crack" mode (pass 1), then
proceed with wordlist mode (pass 2), and finally with "incremental" mode
(pass 3).  The pass numbers are reported on the status line, too.  It is
reasonable to let John reach "incremental" mode (pass 3) and run that
for a while (some days).  You will notice that John's success rate (the
number of passwords cracked per hour or per day) will be dropping
rapidly.  When you determine that the success rate is low enough, you
interrupt John.

In your case, you'll want to recall whatever you hopefully can about the
password, and focus the attack accordingly.  For example:

john --session=mymask1 --mask=IKnowThis?d?d?d[.!] backup.txt

You'll also want to run through some leaked password lists, such as:

john --session=rock1 -w=rockyou.txt backup.txt

where you download rockyou.txt.bz2 (and "bzip2 -d" it) from here:

> Attaching log file for your reference.

I don't have RAR handy, so I didn't check this.  Next time, please just
copy-paste a few lines from your terminal into the message.  Most
importantly, showing the commands you ran, the "Loaded ..." line, and a
current status line (which appears upon a keypress).


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.