![]() |
|
Message-ID: <CAJ51W6uNt7R8SS7mn69epQvMjmRJz09xj3UVTf-Jzr2OnqSo0Q@mail.gmail.com> Date: Tue, 5 May 2020 12:36:51 +0200 From: MA40 <ardeinternet@...il.com> To: john-users@...ts.openwall.com Subject: Re: Session Archive. Where? Hi. I found it! Yes, I use Johnny, and indeed, it change the names and locations of the session files. With Johnny a hidden folder is created inside the user's folder, and inside it another folder with all the files with all the information of the sessions. The path is: "User/.john/sessions/" I'm interested to see what is saved in the session file in case I can get an idea of where the attack is going. For example, this is the content of a file from a session of mine: (Can someone briefly explain what each line means?) A greeting. MA40. ************************************************ ************************************************ REC4 6 --session=C:/Users/Administrator/.john/sessions/05-03-20-18-56-28 C:/Users/Administrator/Documents/hashes.txt --format=Bitcoin --input-encoding=UTF-8 --internal-codepage=UTF-8 145153 0 41a766 0 0 41a766 0 20d940 0 0 3 0 b9893ea 369 2 7 0 0 6 2 4 0 4 slt-v2 1dbc5ec782c719aaa214f0445cc2aab6 4 ************************************************ ************************************************ El lun., 4 may. 2020 a las 23:06, Solar Designer (<solar@...nwall.com>) escribió: > Hi, > > On Mon, May 04, 2020 at 08:12:42PM +0200, MA40 wrote: > > In the John the Ripper documentation it states that the session state is > > saved in the file "John's home directory/john.rec". > > > > I have John the Ripper installed in Windows in the directory > > "john-1.9.0-jumbo-1-win64" and, neither in that directory, nor in the > > "john-1.9.0-jumbo-1-win64/run/" there is no file named "john.rec". Could > it > > be called another way? > > For you, the file is supposed to be in john-1.9.0-jumbo-1-win64/run. If > you specified an alternative session name with "--session", that will be > the filename, with the ".rec" suffix added to it. > > Why are you looking for that file? Normally, you'd just use > "--restore", or alternatively the combination of "--session=NAME" > initially and "--restore=NAME" later, where "NAME" is a name of your > choice. On "--restore", JtR itself will look for the file in the same > directory where it put it. > > Oh, I now recall you had mentioned you use Johnny. I've never used > Johnny for real myself (beyond brief testing), but I suspect it might > override the session name or session file location by default. I hope > someone with Johnny experience will follow-up and let us all know. > > Alexander >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.