Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 17 Jan 2022 23:44:11 -0300
From: Rodrigo s <rodrigozanattasilva@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Grammar for dynamic function

Ha... I get...

I really try for hours to make it work. What I was doing wrong:

   - I read about the problem with $ in my Windows console. So I did
   this: -form=dynamic="sha512($u.$p.$s)" and NOT
   THIS -form="dynamic=sha512($u.$p.$s)"... PQP, VTNC (don't search this :)
   - Because this didn't work, I thought it was the hash format. And it
   was..

First a tip.. I really don't know how the hash format (to decrypt) was
made. Like, there is only one example that uses two salts and I see I need
to put something like "$salt1$$2salt2". Is this the correct way? A good
documentation help about it. (Or I just didn't find it?)

Your example really works well.. But I discovered it was IMPOSSIBLE for my
case work. The problem is: the salt ir really big, so:
'JRLuser:237....db17$TheSalt'    -> This work
'JRLuser:237....db17$TheSalt12345678901234567890123456'    -> This
doesn't.. (Salt is bigger than 32character)

I will never see it... So... the question is:
How to use Salt bigger than 32 characters? My salt is about 86 characters.

Then I tried this strategy:

   - john -test -format:"dynamic=sha512($u.$p.$s.$s.$s)"   (works)
      - This case mean the same salt 3 times or 3 different salt? Anyway
      can't input the hash (user:hash$salt1$salt2$salt3)
      - john -test -format:"dynamic=sha512($u.$p.$s.$s2)"    (works)
      - I got this error and didn't find it in any file: Error, trying to
      link to $dynamic_6000$ using ciphertext=$dynamic_6000$6....
      - Do I declare the  $dynamic_6000 in some place?
   - john -test -format:"dynamic=sha512($u.$p.$s.$s2.$s3)"    (don't)
      - There is no $s3

So... Or I can input a big salt or I divide it in 3 parts because of the 32
character limit.  Can someone give me the answer?

Is the 32 limit size for salt a bug?

Em seg., 17 de jan. de 2022 às 17:45, magnum <magnumripper@...hmail.com>
escreveu:

> On 2022-01-17 17:42, Rodrigo s wrote:
> > What I am trying to do is this function:
> > *sha512($u.$p.$s)*
>
> The easy way is to use the "dynamic ad-hoc" (or dynamic compiler) format
> because you can use that literal formula you wrote above, like this:
>
> $ ./john -test -format:'dynamic=sha512($u.$p.$s)'
> Benchmarking: dynamic=sha512($u.$p.$s) [256/256 AVX2 4x]... DONE
> Many salts:     5278K c/s real, 5278K c/s virtual
> Only one salt:  4710K c/s real, 4710K c/s virtual
>
> Please note that you need hyphens around the formula so your shell
> doesn't act up with the dollar signs.
>
> The input format is:
>
> user:<hex hash>$<salt>
>
> So here's a hash with username "JRLuser", salt "TheSalt" and a password
> of "magnum":
>
> echo > test.in
>  'JRLuser:23750433e3685f544c02884cd622570f3d73b359be7dc5d9d5e87c3e394fc53f16dfad34d02680f24d99036aba63014be1343fe60e5391d8366d7be7b432db17$TheSalt'
>
> $ ./john -format:'dynamic=sha512($u.$p.$s)' test.in
> Using default input encoding: UTF-8
> Loaded 1 password hash (dynamic=sha512($u.$p.$s) [256/256 AVX2 4x])
> Warning: no OpenMP support for this hash type, consider --fork=16
> Proceeding with single, rules:Single
> Press 'q' or Ctrl-C to abort, almost any other key for status
> Almost done: Processing the remaining buffered candidate passwords, if any.
> Proceeding with wordlist:./password.lst
> magnum           (JRLuser)
> 1g 0:00:00:00 DONE 2/3 (2022-01-17 21:39) 100.0g/s 2137Kp/s 2137Kc/s
> 2137KC/s 123456..Geronimo
> No remaining hashes
> Use the "--show --format=dynamic=sha512($u.$p.$s)" options to display
> all of the cracked passwords reliably
> Session completed.
>
>
> In case you need/want to put the salt in hex, use HEX$ like this:
>
> user:<hex hash>$HEX$<hex salt>
>
> Hope this helps.
>
> magnum
>
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.