Date: Mon, 6 Apr 2020 12:26:14 +0200 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Getting error while using john command On Sun, Apr 05, 2020 at 08:27:48AM +0530, Namita Diwedi wrote: > I tried running commands as described by you.It started and since 9 days i > am running it continuously but no result so far. > Can you please tell if i miss something or it generally takes this much time This is normal. It might as well run essentially forever, unless your password is weak and gets cracked. Here's the relevant FAQ entry: Q: I am running John for 10 days and it is still not finished?! Q: How long should I expect John to run? A: It primarily depends on the cracking mode(s) and on your password files (in particular, the type of hashes and the number of different salts, if applicable). Most importantly, you should note that the "incremental" mode, which a default John run (with no command line options) proceeds with after being done with the quicker checks, is not supposed to terminate in a reasonable time. It is up to you to decide how long you're going to let it run, then consider any uncracked passwords strong enough. "Single crack" mode runs typically take from under a second to one day (depending on the type and number of password hashes). Wordlist mode runs may also be quick (under a second) for tiny wordlists and fast hashes or they may take multiple days with large wordlists, with word mangling rules, and with slow hash types and substantial numbers of different salts. The status line John reports whenever you hit a key includes a progress indicator (percent complete) for "single crack" and wordlist modes. With no cracking mode requested explicitly, John will start with "single crack" mode (pass 1), then proceed with wordlist mode (pass 2), and finally with "incremental" mode (pass 3). The pass numbers are reported on the status line, too. It is reasonable to let John reach "incremental" mode (pass 3) and run that for a while (some days). You will notice that John's success rate (the number of passwords cracked per hour or per day) will be dropping rapidly. When you determine that the success rate is low enough, you interrupt John. In your case, you'll want to recall whatever you hopefully can about the password, and focus the attack accordingly. For example: john --session=mymask1 --mask=IKnowThis?d?d?d[.!] backup.txt You'll also want to run through some leaked password lists, such as: john --session=rock1 -w=rockyou.txt backup.txt where you download rockyou.txt.bz2 (and "bzip2 -d" it) from here: https://wiki.skullsecurity.org/Passwords > Attaching log file for your reference. I don't have RAR handy, so I didn't check this. Next time, please just copy-paste a few lines from your terminal into the message. Most importantly, showing the commands you ran, the "Loaded ..." line, and a current status line (which appears upon a keypress). Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.