Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <943556a00605121417h778d32caha95a50d285f449b9@mail.gmail.com>
Date: Fri, 12 May 2006 14:17:00 -0700
From: "Arvind Sood" <asood74@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: John seems to exit without error

SD,

Please ignore the dumb-ass Question Number 3 - I just read the RULES section
of the documentation !

Arvind


On 12/05/06, Arvind Sood <asood74@...il.com> wrote:
>
> Thank you Solar Designer,
>
> I did as you suggested - and lo and behold -it loaded more hashes... which
> led to this follow-up problem.
>
> but first, here is what I did ...
>
> 1- Emptied the contents of ./john.pot using a text editor and then did a
> "rm -rf john.pot~" (the pot~ showed up when I emptied the .pot file).
>
>
> 2- Deleted all instances of the .log and .rec files for all my sessions.
>
> 3- issued the command and got the output as shown here
>
> [sooda@...alhost run]$ ./john --format=nt
> --wordlist=../pwdfiles/lm_cracked.txt --rules --session=ntcrack_1
> ../pwdfiles/pwoutput.txt
>
> Loaded 13 password hashes with no different salts (NT MD4 [TridgeMD4])
> gr8hack          (Administrator)
> password         (DCuser)
> guesses: 2  time: 0:00:00:00 100%  c/s: 17666  trying: Passwording
>
> [sooda@...alhost run]$ cat ../pwdfiles/lm_cracked.txt
> GR8HACK
> PA55W0RD!
> PASSWORD#1
> PASSWORD#1
> PASSWORD
> BENTLEY#1
> PASSWORD#1
> 123PASSWORD321
> NO PASSWORD
> PASSWORD
> PASSWORD
> PASSWORD
> PASSWORD
> PASSWORD
> PASSWORD
> PASSWORD#1
> PASSWORD
> SN0WDAY
> PASSWORD
> 890ILER???????
> NO PASSWORD
>
> 37 password hashes cracked, 8 left
> [sooda@...alhost run]$
>
>
> Here are the questions
>
> 1- why did john exit after cracking two passwords only? there were many
> more entries in the lm_cracked.txt file. Should john not have cracked the
> password set to PA55WORD! for instance?
>
> 2- Since there was nothing in the .pot file this time - why did john
> exit/finish so early?
>
> 3- Does john --rules, check for only upper vs. lowercase? or even a
> combination of cases? for example if we have
>  a password set as "BenTLeY" -
>  will --rules try only "bentley" or "BENTLEY"
>  conclude the password is neither "BENTLEY" nor "bentley" and exit
> or
>  will it continue to try various combinations of cases for each character
> (Bentley, BENtley etc.)?
> .. apologies if that was a dumb-ass question, but I am still learning :-)
>
> 4- I never noticed it till now, but John loads only unique hashes. I had
> 25 user accounts only  13 unique passwords (hence 13 unique hashes). when
> parsing the file john loaded only the 13 unique entities .... that is so
> cool !!
>
> As always, I am indebted to you for the instruction and support
>
>
> Kind regards,
> Arvind
>
>
>
>
> On 12/05/06, Solar Designer <solar@...nwall.com> wrote:
> >
> > On Fri, May 12, 2006 at 01:38:33PM -0400, Arvind Sood wrote:
> > > - Notice that john immediately returns me to a $ prompt. Also - why
> > did it
> > > load 11 hashes? There are many more accounts .....
> > >
> > > [ sooda@...alhost run]$ ./john --wordlist=../pwdfiles/lm_cracked.txt
> > --rules
> > > --format=nt --session=ntcrack ../pwdfiles/pwoutput.txt
> > > Loaded 11 password hashes with no different salts (NT MD4 [TridgeMD4])
> > > guesses: 0  time: 0:00:00:00 100%  c/s: 34100  trying: Passwording
> > > [sooda@...alhost run]$
> >
> > > Why does John only load 11 hashes?
> >
> > John does not waste time cracking the hashes which are already in
> > john.pot.  In the log file, you should see two separate lines like:
> >
> > 0:00:00:00 Loaded a total of <many> password hashes with no different
> > salts
> > 0:00:00:00 Remaining 11 password hashes with no different salts
> >
> > If you want to have it crack those hashes again - since you're just
> > testing - you need to move the existing john.pot out of the way.
> >
> > > Why does it immediately return me to a $ prompt?
> >
> > That's because there's not much work for it to do - you give it the
> > passwords and it only needs to check for upper vs. lower case.  In your
> > example, it only had to compute NTLM hashes 34,100 times - this can be
> > done in under a second. :-)
> >
> > > - it did not do that with the --format=LM switch.
> >
> > Indeed.  You actually had it crack passwords for you in that run.
> >
> > > Why does john not show up in the ps -ef?
> >
> > That's because it really completes its work and terminates in under a
> > second.  It does not "background" itself or something.
> >
> > --
> > Alexander Peslyak <solar at openwall.com>
> > GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D
> > 3598
> > http://www.openwall.com - bringing security into open computing
> > environments
> >
> > Was I helpful?  Please give your feedback here:
> > http://rate.affero.net/solar
> >
> > --
> > To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and
> > reply
> > to the automated confirmation request that will be sent to you.
> >
> >
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.