Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAH8erehXk-B68A=qFyOqB+7Cq08dugp5OA=ZsVZMeW0tJ6hC8Q@mail.gmail.com>
Date: Mon, 17 Jan 2022 23:58:09 -0300
From: Rodrigo s <rodrigozanattasilva@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Grammar for dynamic function

ha!!!

why not
john -test -format:"dynamic=sha512($s.$p.$u)" !!

Just change the user by salt... This is uggly, but works!

Em seg., 17 de jan. de 2022 às 23:44, Rodrigo s <
rodrigozanattasilva@...il.com> escreveu:

> Ha... I get...
>
> I really try for hours to make it work. What I was doing wrong:
>
>    - I read about the problem with $ in my Windows console. So I did
>    this: -form=dynamic="sha512($u.$p.$s)" and NOT
>    THIS -form="dynamic=sha512($u.$p.$s)"... PQP, VTNC (don't search this :)
>    - Because this didn't work, I thought it was the hash format. And it
>    was..
>
> First a tip.. I really don't know how the hash format (to decrypt) was
> made. Like, there is only one example that uses two salts and I see I need
> to put something like "$salt1$$2salt2". Is this the correct way? A good
> documentation help about it. (Or I just didn't find it?)
>
> Your example really works well.. But I discovered it was IMPOSSIBLE for my
> case work. The problem is: the salt ir really big, so:
> 'JRLuser:237....db17$TheSalt'    -> This work
> 'JRLuser:237....db17$TheSalt12345678901234567890123456'    -> This
> doesn't.. (Salt is bigger than 32character)
>
> I will never see it... So... the question is:
> How to use Salt bigger than 32 characters? My salt is about 86
> characters.
>
> Then I tried this strategy:
>
>    - john -test -format:"dynamic=sha512($u.$p.$s.$s.$s)"   (works)
>       - This case mean the same salt 3 times or 3 different salt? Anyway
>       can't input the hash (user:hash$salt1$salt2$salt3)
>       - john -test -format:"dynamic=sha512($u.$p.$s.$s2)"    (works)
>       - I got this error and didn't find it in any file: Error, trying to
>       link to $dynamic_6000$ using ciphertext=$dynamic_6000$6....
>       - Do I declare the  $dynamic_6000 in some place?
>    - john -test -format:"dynamic=sha512($u.$p.$s.$s2.$s3)"    (don't)
>       - There is no $s3
>
> So... Or I can input a big salt or I divide it in 3 parts because of the
> 32 character limit.  Can someone give me the answer?
>
> Is the 32 limit size for salt a bug?
>
> Em seg., 17 de jan. de 2022 às 17:45, magnum <magnumripper@...hmail.com>
> escreveu:
>
>> On 2022-01-17 17:42, Rodrigo s wrote:
>> > What I am trying to do is this function:
>> > *sha512($u.$p.$s)*
>>
>> The easy way is to use the "dynamic ad-hoc" (or dynamic compiler) format
>> because you can use that literal formula you wrote above, like this:
>>
>> $ ./john -test -format:'dynamic=sha512($u.$p.$s)'
>> Benchmarking: dynamic=sha512($u.$p.$s) [256/256 AVX2 4x]... DONE
>> Many salts:     5278K c/s real, 5278K c/s virtual
>> Only one salt:  4710K c/s real, 4710K c/s virtual
>>
>> Please note that you need hyphens around the formula so your shell
>> doesn't act up with the dollar signs.
>>
>> The input format is:
>>
>> user:<hex hash>$<salt>
>>
>> So here's a hash with username "JRLuser", salt "TheSalt" and a password
>> of "magnum":
>>
>> echo > test.in
>>  'JRLuser:23750433e3685f544c02884cd622570f3d73b359be7dc5d9d5e87c3e394fc53f16dfad34d02680f24d99036aba63014be1343fe60e5391d8366d7be7b432db17$TheSalt'
>>
>> $ ./john -format:'dynamic=sha512($u.$p.$s)' test.in
>> Using default input encoding: UTF-8
>> Loaded 1 password hash (dynamic=sha512($u.$p.$s) [256/256 AVX2 4x])
>> Warning: no OpenMP support for this hash type, consider --fork=16
>> Proceeding with single, rules:Single
>> Press 'q' or Ctrl-C to abort, almost any other key for status
>> Almost done: Processing the remaining buffered candidate passwords, if
>> any.
>> Proceeding with wordlist:./password.lst
>> magnum           (JRLuser)
>> 1g 0:00:00:00 DONE 2/3 (2022-01-17 21:39) 100.0g/s 2137Kp/s 2137Kc/s
>> 2137KC/s 123456..Geronimo
>> No remaining hashes
>> Use the "--show --format=dynamic=sha512($u.$p.$s)" options to display
>> all of the cracked passwords reliably
>> Session completed.
>>
>>
>> In case you need/want to put the salt in hex, use HEX$ like this:
>>
>> user:<hex hash>$HEX$<hex salt>
>>
>> Hope this helps.
>>
>> magnum
>>
>>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.