gmane.comp.security.openwall.john.user

md5(md5$pass).$salt)

2013-05-19T16:05:59

Hi

 I use JTR latest compiled "macosx-x86-64" (Mac OS X 10.5+, Xcode 3.0+, 
x86-64 with SSE2 (best))

 I'm not sure JTRid able to handle hash with long salt (see below)

  hash = af26237e6ff340a0c8176f754ab8d7a5      salt = 
wxcbHtMBqv,Pv*6.=)B$B`AR8FpME< at >

I tried 

$dynamic_1007$af26237e6ff340a0c8176f754ab8d7a5
wxcbHtMBqv,Pv*6.=)B$B`AR8FpME< at >
$dynamic_1007$af26237e6ff340a0c8176f754ab8d7a5$wxcbHtMBqv,Pv*6.=)B$B`AR8FpME< at >
$dynamic_1007$af26237e6ff340a0c8176f754ab8d7a5:wxcbHtMBqv,Pv*6.=)B$B`AR8FpME< at >

But each time I get 

 iMac-de-xxx:run xxxxxx$ ./john -w:dic.txt hashlist.txt 
-field-separator-char=" "
using field sep char '' (0x09)
No password hashes loaded (see FAQ)

Any idea ?

 Thanks,

invitation to john-users team for PHDays Hash Runner contest 23-24 May

Aleksey Cherepanov — 2013-05-19T12:02:04

John-users team will participate in PHDays Hash Runner contest again
(http://phdays.com/program/contests/#16299 ). The contest "will last
through the forum days", so I guess exact time is 23 May 2013 00:00
+0400 - 24 May 2013 23:59 +0400.

The team uses a server to collaborate during the contest. So every
user needs an user account there to participate. Ask me for that if
you want to participate as part of john-users team and you do not have
the account.

Everyone is welcome to participate! Though there are some limitation:
- you should have some basic skills or want to get them on your own
very fast before the contest. One intention of the contest is learning
so even with minimal skill you are appreciated to participate.
- we discourage usage of non-free software. If you want to participate
then forget about non-free crackers. Use only John the Ripper if in
doubt.

So if you want to participate send me a private mail with:
- preferred user name,
- public ssh key (get new key with 'ssh-keygen' command, read more on
internet about that).

Thanks!

Make issues with make clean macosx-x86-64-native

Kyle Gray — 2013-05-16T22:52:01

Hello,

I just downloaded the latest bleeding jumbo and I'm getting an error when attempting to make clean macosx-x86-64-native.

I've followed the instructions:

  1. Install Homebrew
  2. Install Homebrew's openssl and gcc
  3. From your base "john" directory:
cp -avi src/osx_as_wrapper.sh /usr/local/bin/as
  4. Link whatever gcc version you got from Homebrew to just "gcc" in the
     /usr/local/bin directory. This example is for gcc-4.7:
        ln -s gcc-4.7 /usr/local/bin/gcc
  5. Make sure /usr/local/bin preceeds /usr/bin in your $PATH

And all seems good.

When I run make clean macosx-x86-64-native, I get the following errors:

gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer -I/usr/local/include   -DHAVE_GMP -DHAVE_KRB5    -DHAVE_CRYPT -march=native -Wno-deprecated-declarations -funroll-loops gladman_pwd2key.c
/var/folders/n8/phvcf3kn2_356yp_fn9280qw0000gn/T//ccLd9HBH.s:40:2: error: invalid instruction mnemonic 'vcvttsd2siq'
        vcvttsd2siq     %xmm3, %rsi
        ^~~~~~~~~~~
make[1]: *** [gladman_pwd2key.o] Error 1
make: *** [macosx-x86-64-native] Error 2

If necessary, here's the full log: 

https://gist.github.com/noxferatu/eb09857f58fe6ef090c9/raw

Thanks for any help

Cracking "Correct Horse Battery Staple" in JtR

Matt Weir — 2013-05-09T17:57:25

I was wondering if there was a built in way to crack "random word"
passwords in JtR. For example Diceware generated passwords, or
http://xkcd.com/936/

In the past I've used a custom script combined with JtR's -stdin option to
combine words from a dictionary but it would be nice if there was a
ruleset, (I'm not sure if the Memory access rules could accomplish this),
or an external mode that could do this.

Thanks,
Matt

JtR and SSH keys

Andrey Korolyov — 2013-05-04T11:11:00

Hello,

Is there planned work to include cracking ability on
password-protected ssh keys? Patch from here
http://marc.info/?l=john-dev&m=130613756016683&w=2 seems to not
recognizing even its own test keys, if applied to the 1.7.9.

issues with mpirun

T E — 2013-05-02T18:29:35

This is my first posting to this mailing list. Hi everyone! 


I do have some issues with mpirun to run JohnTheRipper on multiple cores. I have a cpu with 8 cores, and atm I'm mainly interested in cracking raw-md5 passwords.
My system runs an ubuntu 12.04, and I tested the most recent JTR versions 1.7.9 jumbo 5 and jumbo 7. I modified the Makefile in the src-folder in such a way that those lines necessary for mpi and omp are uncommented:

## For experimental MPI_Abort support, add -DJOHN_MPI_ABORT too.
CC = mpicc -DHAVE_MPI
MPIOBJ = john-mpi.o

OMPFLAGS =
# gcc with OpenMP
OMPFLAGS = -fopenmp
OMPFLAGS = -fopenmp -msse2

I compile with the flag "linux-x86-64", and there are no errors at compile-time. 

OMP works fine, as the results of the test-benchmarking indicate. However, as raw-md5 doesn't seem to be supported by OMP by now, I tried to start  john using mpirun:

mpirun -n 4 ./john hash.txt

(mpirun --version
mpirun (Open MPI) 1.4.3

Report bugs to http://www.open-mpi.org/community/help/)


This is described at http://blog.thireus.com/john-the-ripped-steak-and-french-fries-with-salt-and-pepper-sauce-for-hungry-password-crackers

However, in my case it is not possible to start multiple threads:

Loaded 2 password hashes with no different salts (Raw MD5 [128/128 SSE2 intrinsics 12x])
Remaining 1 password hashes with no different salts
Loaded 2 password hashes with no different salts (Raw MD5 [128/128 SSE2 intrinsics 12x])
Loaded 2 password hashes with no different salts (Raw MD5 [128/128 SSE2 intrinsics 12x])
Loaded 2 password hashes with no different salts (Raw MD5 [128/128 SSE2 intrinsics 12x])
Remaining 1 password hashes with no different salts
Remaining 1 password hashes with no different salts
Remaining 1 password hashes with no different salts
Node 0< at >pc: Crash recovery file is locked: ./john.rec
Node 0< at >pc: Crash recovery file is locked: ./john.rec
Node 0< at >pc: Crash recovery file is locked: ./john.rec


Same happens when I start a benchmark-testing:
mpirun -n 4 ./john --test

Traditional DES [128/128 BS SSE2-16]... Benchmarking: Traditional DES [128/128 BS SSE2-16]... Benchmarking: Traditional DES [128mpirun: killing job...nchmarking: Traditional DES [128/128 BS SSE2-16]...

Unfortunately,every testcase starts 4 times.

Does anyone has an idea why I have these issues with mpirun & john?


Thanks in advance!
Tobias

ssha cpu format

Rich Rumble — 2013-04-19T20:31:55

Hmm I've just read it, ssha-256 and 512 are part of Crypt so Cygwin isn't
going to support it. I thought it was a open-cl format only but I think
from the search I just did that Salted SHA Ldap hashes won't work on
cygwin. Can someone confirm that for me, maybe I was missing a library, but
I don't think so :)
-rich

l33t rules improvement

Guth — 2013-04-16T09:02:17

Hi,

While playing with wordlist, I realized that the default l33t rules in
john.conf are missing "frequent" patterns, mostly:

i -> 1
t -> 7

others (lower priority):
s -> 5
b -> 8
g -> 9

Here is my dirty/incomplete patch (for i->1 only), I'm not used to rules
reading/writing, so please advise/correct (add t->7, ... ?)
It's not extensively tested, so it should probably improved:

-[:c] l /[aeilos] s\0\p[43110$] (?\p1[za] \p1[:c]
-[:c] l /a /[eilos] sa4 s\0\p[3110$] (?\p1[za] \p1[:c]
-[:c] l /e /[ilos] se3 s\0\p[110$] (?\p1[za] \p1[:c]
-[:c] l /i /[los] se1 s\0\p[10$] (?\p1[za] \p1[:c]
-[:c] l /l /[os] sl1 s\0\p[0$] (?\p1[za] \p1[:c]
-[:c] l /o /s so0 ss$ (?\p1[za] \p1[:c]
-[:c] l /a /e /[ilos] sa4 se3 s\0\p[110$] (?\p1[za] \p1[:c]
-[:c] l /a /e /[los] sa4 se3 s\0\p[10$] (?\p1[za] \p1[:c]
-[:c] l /a /i /[los] sa4 sl1 s\0\p[0$] (?\p1[za] \p1[:c]
-[:c] l /a /l /[os] sa4 sl1 s\0\p[0$] (?\p1[za] \p1[:c]
-[:c] l /a /o /s sa4 so0 ss$ (?\p1[za] \p1[:c]
-[:c] l /e /i /[los] se3 sl1 s\0\p[0$] (?\p1[za] \p1[:c]
-[:c] l /e /l /[os] se3 sl1 s\0\p[0$] (?\p1[za] \p1[:c]
-[:c] l /[eil] /o /s s\0\p[311] so0 ss$ (?\p1[za] \p1[:c]
-[:c] l /a /e /i /[los] sa4 se3 sl1 s\0\p[0$] (?\p1[za] \p1[:c]
-[:c] l /a /e /l /[os] sa4 se3 sl1 s\0\p[0$] (?\p1[za] \p1[:c]
-[:c] l /a /[eil] /o /s sa4 s\0\p[311] so0 ss$ (?\p1[za] \p1[:c]
-[:c] l /e /i /l /o /s se3 sl1 so0 ss$ (?\p1[za] \p1[:c]
-[:c] l /e /l /o /s se3 sl1 so0 ss$ (?\p1[za] \p1[:c]
-[:c] l /a /e /i /l /o /s sa4 se3 sl1 so0 ss$ (?\p1[za] \p1[:c]

Regards.

Cisco ACS username: hash or crypt or.... and de-encoding?

Leif Sawyer — 2013-04-12T17:38:38

I looked through the archives but didn't see anything related...

For Cisco ACS 5, in the CLI administration, a "repository" is defined for the system
to pull or push backups and patches.

Part of the repo definition is an optional username and password (for ftp, say),
and is defined thusly:

ACS(config)# repository test-ftp
ACS(config-repository)# user TestUser password plain abc123

which looks like this afterward:

ACS(config)# do sho run | include TestUser
user Testuser password hash 0c5eadecc96d64ebe2b9e1d3b636d6053e3898bb

I noted that Cisco calls it a 'hash' -- but since it needs to be cleartext for the ftp process to use it,
wouldn't this be a misnomer?

In any case, here's a handful of different passwords and hashes, in case somebody can
do something with it:
--------
Cisco ACS 5.3 repository passwords:

! user password password plain password
user password password hash e047fabda9d3659e8d95a73223324f85149e394f
!
! user test password plain test
user test password hash 97dc37c94236ec1b4c56871c2e482cbd6f56bd33
!
! user abc123 password plain abc123
user abc123 password hash 0c5eadecc96d64ebe2b9e1d3b636d6053e3898bb
!
! user longestpwalla password plain aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
user longestpwalla password hash 9d0bd5a5c623b5d05e8b9f882ddf3873eab1460e
!
! user shortpwalla password plain a
user shortpwalla password hash 9d6afb513cd6b08be15f600545bba0496fd4efd5
!
! user eightzeros password plain 00000000
user eightzeros password hash 1614fab9117559699c1a6589a9b462871e9ccb30
!
! user sevenzeroandone password plain 00000001
user sevenzeroandone password hash 26ffcd3488ee3799629db606d5927bf73cf6a0bf

Problem with keepass2john and KeePass 2.x kdbx

Jeroen — 2013-04-12T16:29:08

Hi list,

I've encountered a problem using keepass2john and a KeePass 2.x kdbx. This
is what I tried:

- Download portable KeePass, version used is 2.20.1 (KeePassLibC 1.24, KDBX
XML 2.20.1) and start it.
- Create a new database, master password = 'test, save and exit.
- Download (git clone) and compile the latest JtR from
<https://github.com/magnumripper/JohnTheRipper>.
- "./keepass2john NewDatabase.kdbx".

An error message is shown:
"! NewDatabase.kdbx : parsing failed, please open a bug if target is valid
KeepPass database."

I think that it's easy to reproduce the problem using the steps above.
However just to make sure I've attached the kbdx I've created. If additional
information is required please let me know! Thanks.


Cheers,

Jeroen

What am I doing wrong?

Sandra Schlichting — 2013-04-06T01:06:43

Hello all =)

I have installed John 1.7.9 on my Fedora Linux from their repository.

If I do

    echo "onu:c231df9a8f34cee959cbc6bcca4a9286" > /tmp/hashs
    echo "tdc:f5ba7db80ba2d7d7b650119d52fcd8d0" >> /tmp/hashs
    john --format=MD5 --show /tmp/hashs

then I get

    0 password hashes cracked, 0 left

right away.

Can anyont see that I am doing wrong?

Lots of love,
Sandra

1Password agilekc2john.py

Kevin Miller — 2013-04-03T18:39:06

Hi Dhiru,

Thanks for the prompt reply.

I've zipped up the contents of the whole application from my iPhone and added in
some sample data.

The master password is "charlie" without quotations.

http://dl.dropbox.com/u/80259133/1Password-iphone.zip

Regards
Kevin

1Password agilekc2john.py

Kevin Miller — 2013-04-03T17:12:59

It seems the mobile version of 1Password (iPhone) stores it's keychain
differently in encryptionKeys.js than it's desktop cousin.

Output.

./agilekc2john.py 1Password.agilekeychain
error while opening the keychain, Incorrect padding

I created a 1Password account on the Windows version and was able to extract and
recover the password.

De-duping NT ruleset

Rich Rumble — 2013-03-31T00:02:59

I ran a small test on "NT" using a simple set of letters:
aaaaaaaaaaaaA
AaAaAaAaAaAaa
aaaaa
AAAAA

That produced 16448 cadidates, and half are repeats, it should be 8224
unique cadidates. I changed NT to be like this instead (below), and it only
produces 8224 like I believe it's supposed to. I'm do understand why, and
using all A's of different cases may be "tricking" it into producing those
dupes because those strings are in fact duplicates of each other, aaaa and
AAAA. I was able to reduce the duplicates to what I believe the proper
amount is by using the reject unless N characters long.
[List.Rules:NT_Length]
_1 T0Q
_2 T1QT[z0]
_3 T2QT[z0]T[z1]
_4 T3QT[z0]T[z1]T[z2]
_5 T4QT[z0]T[z1]T[z2]T[z3]
_6 T5QT[z0]T[z1]T[z2]T[z3]T[z4]
_7 T6QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]
_8 T7QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]
_9 T8QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]
_A T9QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]
_B TAQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]
_C TBQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]
_D TCQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]T[zB]
_E TDQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]T[zB]T[zC]

When I use loop or other wordlists I know they have duplicates that only
vary because of case, and so
passWORD and
PASSword using the rules above should only produce the 256 possible instead
of the 511 that NT does.
-rich

Pipe/Stdin rule to append/prefix

Rich Rumble — 2013-03-27T15:39:06

As an experiment, I'm curious... perhaps this is a feature request at the
same time.
I've tried using -pipe to append -i=digits to the second instance of john
words from a wordlist. I'd like pipe to support appending/prefixing stdin,
but I suppose first that pipe and wordlist would not be mutually
exclusive/duplicate's...

john -i=5digits -stdout | john -pipe -w=wordlist.txt  -rules=prefix
hashes.txt

121988password
12100password
220123password
2password
121100password
121101password
121987password
222password
22285password
etc..

Perhaps it's not even the best use of john, if it can be done in a oneliner
or a few lines of something else I'm all for it.
I'd love to have rules that can use incremental as prefixing/suffixing
(within reasonable limits)

[List.Rules:prefix]
A0 {inc=digits,5}
A0 {inc=alnum,4} excuse the bad pseudo code examples, but assume that
digits and alnum refer to the standard digits/alnum.chr files.

Those are some of my ideas, again they might be better implemented
elsewhere, and then piped into JtR I'm not sure.
-rich

Case Toggling

Rich Rumble — 2013-03-19T15:21:44

I'm curious why I'd use the "NT" rule as opposed to "t" ?

TDQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]T[zB]T[zC]
vs
t <D >4

Shouldn't that do the same thing (with the added reject of less than 4).
Does the "NT" toggler, for 13 character passwords for example, does that
rule (TDQT...) only apply to words that are 13 or greater, or perhaps only
words that are 13 characters? Is the "TN" length aware? Would a 4 character
password be processed by the NT rule more than once?
I should also ask is less/greater than behavior literal, e.g. <4 is "3 or
less" and >4 is "5 or more"?
-rich

opencl

Chris Mulligan — 2013-03-17T00:09:38

I'm attempting to recover the password for a 1Password agile keychain file. After working with sftp and ukasz on #openwall, I'm having an opencl issue. I'm on OS X 10.8.3, on a mid-2010 Macbook pro (i5 and Geforce GT 330M).  

Using the git repository, master/HEAD c9b88eeabf5775e3872582bab91de41dcd066c3a.  I'm compiling with "make clean macosx-x86-64-opencl"

When I try to decrypt the sample hash in gilekeychain_fmt_plug.c (copied into openwall.hash) I get the following error immediately.


Kotai:JohnTheRipper chmullig$ ./run/john --format=agilekeychain-opencl --rules=WordlistOnly --wordlist=wl.txt openwall.hash
OpenCL platform 0: Apple, 2 device(s).
Device 1: GeForce GT 330M
Build log: <program source>:15:10: fatal error: 'opencl_device_info.h' file not found
#include "opencl_device_info.h"
         ^

Error -11 building kernel. DEVICE_INFO=130
OpenCL error (CL_BUILD_PROGRAM_FAILURE) in file (common-opencl.c) at line (209) - (clBuildProgram failed.)


Thanks,
Chris

help with Johnny GUI for OSX

Pass Words — 2013-03-14T21:17:15

Hi,

I read some of theFAQ, but I am rather clueless when it comes to the terminal window.  I just purchased John the Ripper

and downloaded Johnny for OSX.   Can someone explain how to get Johnny running?

I tried typing johnny in the terminal but that didn't work.  what shows is my user name$. I Also tried /johnny

I have John pro folder and Johnnie folder in my user directory.

If someone could explain it like they are talking to their Mother, I might be helpful to get Johnny working.

I'm running OSX 10.5.8  I imagine once I get Johnny running it will be straightforward to add  a password list

 and run it on a rar file. 

Thanks,

[question] How to crack a specific ssh key pass

Thomas Fétiveau — 2013-03-07T09:44:36

Hi !

I've just discovered john and I am trying to retreive a pass for one of 
my ssh private key.

I've tried the incremental modes but there are limited to 1 to 8 length 
passwords.

The password I'm searching for has between 10 and 16 chars and is 
composed only of these characters: [a-z][0-1-3-5-6] (actually, even 
less, I'm sure there is no 'w', 'x', 'y' nor 'z' letters).

I've read that searching in incremental modes for more than 8 characters 
doesn't make sense because it would take too long.

But is it still true with the range of characters I have ? ie: about 28 
different chars

If it would still make sense, what should I do to make john searching 
for this password ? (I'm running it under windows)

On a side note: I'm running under a multi-core multi-threaded win 7 64 
bit and the john-opm.exe doesn't use more thread nor core nor CPU usage 
than john.exe (the both use just about 12,5% of my overall CPU capacity).

Thanks in advance
Tom

example odf cracking password

danjde — 2013-03-06T23:07:55

Hi friends,
i would like to recover a lost password from my old odf (Openoffice) file.

I've installed Jumbo version, and run the "odf2john.py".

but don't understand how pass the "odf2john.py" output to john.

could you give me a simple example?

many thanks!

Davide
italy

SSHA512

buawig — 2013-03-05T23:42:19

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

I followed the previous AIX SSHA512 discussion [1] and wanted to add
an additional info that [2] does also use (some kind of) SSHA512 (and
I would find it nice if john would support it).

thanks!

[1] http://www.openwall.com/lists/john-users/2013/02/08/8
[2] http://docs.oracle.com/cd/E20295_01/html/821-1216/whatsnew7.html
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJRNoLbAAoJEJeRHQyF0ukMWC8P/39VwApzx5G5ZuOZoaimshgp
Y+kEE7/D6G17Bol7ktlnJ2jDwBX5nNqDlFC4rg9uTITTcG2KdEMkxyXp5yWW3l+V
btg5QWonX15dGI4uu6hy1d0kcHK6slEoMm2nvsc8Y4n6gSOlp4X2HozzvKC8LSPZ
wcEGgu890ZbCoHwivsFCS/caQABuM6AIexr9eFpKPDwiZeOyOtYfuq0f9C+9Z2Xe
iycBAHGziSQpT3PBx6ztA7X38iUzfRs2/Te3wX/hGvFeEJW1Chvuq78OMa91ZOMX
eup7zGLOK6r9XrdlyIEAO0UYzt9y3PKfKlhc29uZnIJyjLAjDFmPNWV00wyVk5cS
EmfXKaljTRirRyp/8GUv5OM5w1vvOwYbSEv4tvIOmjx/waO61tm3GLl+XT5crPiw
p4c9U5KOSE/90mHDuqx/8+5X76DwqldLLGl7L8iEGFRKNGXD1mD4xBpoW42fDL53
rKt3ECOpIbbADooZTZZgRgCIjVOyrnpQP0ohUvvlipvZrzOEXE8QuJJsZ2JwXH0b
srSirs1L9TAO6/1F9nO5c36v0uDMzWld3rRbqJQJ3Ed9+erQTfFbGvtGbm0Zpq1y
j5Y7dqrViXbrMu4ipnNDjOCy4OrgyYVRt5q2vtJG42lI5uxuHu0behHyxdXxaekR
tZK2e6Lp5KIRZWmaLgyA
=D097
-----END PGP SIGNATURE-----