Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 6 Apr 2020 12:26:14 +0200
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Getting error while using john command

On Sun, Apr 05, 2020 at 08:27:48AM +0530, Namita Diwedi wrote:
>  I tried running commands as described by you.It started and since 9 days i
> am running it continuously but no result so far.
> Can you please tell if i miss something or it generally takes this much time

This is normal.  It might as well run essentially forever, unless your
password is weak and gets cracked.  Here's the relevant FAQ entry:

Q: I am running John for 10 days and it is still not finished?!
Q: How long should I expect John to run?
A: It primarily depends on the cracking mode(s) and on your password
files (in particular, the type of hashes and the number of different
salts, if applicable).  Most importantly, you should note that the
"incremental" mode, which a default John run (with no command line
options) proceeds with after being done with the quicker checks, is not
supposed to terminate in a reasonable time.  It is up to you to decide
how long you're going to let it run, then consider any uncracked
passwords strong enough.  "Single crack" mode runs typically take from
under a second to one day (depending on the type and number of password
hashes).  Wordlist mode runs may also be quick (under a second) for
tiny wordlists and fast hashes or they may take multiple days with large
wordlists, with word mangling rules, and with slow hash types and
substantial numbers of different salts.  The status line John reports
whenever you hit a key includes a progress indicator (percent complete)
for "single crack" and wordlist modes.  With no cracking mode requested
explicitly, John will start with "single crack" mode (pass 1), then
proceed with wordlist mode (pass 2), and finally with "incremental" mode
(pass 3).  The pass numbers are reported on the status line, too.  It is
reasonable to let John reach "incremental" mode (pass 3) and run that
for a while (some days).  You will notice that John's success rate (the
number of passwords cracked per hour or per day) will be dropping
rapidly.  When you determine that the success rate is low enough, you
interrupt John.

In your case, you'll want to recall whatever you hopefully can about the
password, and focus the attack accordingly.  For example:

john --session=mymask1 --mask=IKnowThis?d?d?d[.!] backup.txt

You'll also want to run through some leaked password lists, such as:

john --session=rock1 -w=rockyou.txt backup.txt

where you download rockyou.txt.bz2 (and "bzip2 -d" it) from here:

https://wiki.skullsecurity.org/Passwords

> Attaching log file for your reference.

I don't have RAR handy, so I didn't check this.  Next time, please just
copy-paste a few lines from your terminal into the message.  Most
importantly, showing the commands you ran, the "Loaded ..." line, and a
current status line (which appears upon a keypress).

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.