[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <012301cc6975$9a3fe2f0$cebfa8d0$@net>
Date: Fri, 2 Sep 2011 08:38:30 -0500
From: "jfoug" <jfoug@....net>
To: <john-users@...ts.openwall.com>
Subject: RE: False positives on zip (aes256)
You will have to hand edit the john.pot file (or remove it), if you restart.
Any of the lines containing this '/zip/hackme.zip' hash, will cause john to
not search for that hash, the next time it starts.
I have added this as a 'wish list' item. So if we do have formats which end
up outputting false ++ (and we cannot 'fix' them), then an option like this
will do just what you are seeing be performed with your hard coded change.
Jim.
>-----Original Message-----
>From: estenole lists [mailto:estenole.lists@...il.com]
>Sent: Friday, September 02, 2011 6:54 AM
>To: john-users@...ts.openwall.com
>Subject: Re: [john-users] False positives on zip (aes256)
>
>Hello all,
>
>fully functional, at least for my specific needs .-)
>(1fh8 was added serveral time to the wordlist for testing)
>
># usr/src/john-1.7.8-jumbo-5/src# ../run/./john
>--wordlist=/zip/listado-john.txt /zip/hachme-hash.txt
>Loaded 1 password hash (zip [32/64])
>1fh8 (/zip/hackme.zip)
>1fh8 (/zip/hackme.zip)
>1fh8 (/zip/hackme.zip)
>guesses: 3 time: 0:00:02:03 0.75% (ETA: Fri Sep 2 18:18:11 2011) c/s:
>239 trying: 10rM - 10sZ
>1fh8 (/zip/hackme.zip)
>guesses: 4 time: 0:00:04:06 1.51% (ETA: Fri Sep 2 18:16:23 2011) c/s:
>240 trying: 1jm0 - 1jnl
>1pf) (/zip/hackme.zip)
>guesses: 5 time: 0:00:06:08 2.24% (ETA: Fri Sep 2 18:18:39 2011) c/s:
>238 trying: 1u3M - 1u4Z
>
>
>Thank you !
>
>2011/9/2 estenole lists <estenole.lists@...il.com>
>
>>
>> Hello,
>>
>> seems like the problem was on ldr_remove_hash(crk_db, salt, pw) inside
>> crk_process_guess .-)))
>>
>>
>> static int crk_process_guess(struct db_salt *salt, struct db_password
>*pw,
>> int index)
>> {
>> int dupe;
>> char *key;
>>
>> dupe = !memcmp(&crk_timestamps[index], &status.crypts,
>> sizeof(int64));
>> crk_timestamps[index] = status.crypts;
>>
>> key = crk_methods.get_key(index);
>>
>> log_guess(crk_db->options->flags & DB_LOGIN ? pw->login : "?",
>> dupe ? NULL : pw->source, key,
>> crk_db->options->field_sep_char);
>>
>> crk_db->guess_count++;
>> status.guess_count++;
>>
>> if (crk_guesses && !dupe) {
>> strnfcpy(crk_guesses->ptr, key,
>> crk_params.plaintext_length);
>> crk_guesses->ptr += crk_params.plaintext_length;
>> crk_guesses->count++;
>> }
>>
>> /*ldr_remove_hash(crk_db, salt, pw);*/
>>
>> if (!crk_db->salts)
>> return 1;
>>
>> crk_init_salt();
>>
>> return 0;
>> }
>>
>>
>> Thank you
>>
>>
>>
>> 2011/9/2 estenole lists <estenole.lists@...il.com>
>>
>>>
>>> Hello,
>>>
>>> ive tried it without suceess, it stops on the first key it finds. Ive
>been
>>> makeing some tests
>>> and seems like i should modify the function crk_process_gues called
>from
>>> cracker.c. My C
>>> knowledge is limited, but that function make some changes that affect
>the
>>> rest of the bufferered
>>> keys os any other value.
>>>
>>>
>>> if (crk_methods.cmp_exact(pw->source, index)) {
>>> if (crk_process_guess(salt, pw,
>index))
>>> -> return 1;
>>> else
>>> break;
>>> }
>>>
>>> } while ((pw = pw->next));
>>>
>>>
>>> Ive tried some modifications, but after crk_process_gues the program
>>> exits. I tried to modify some
>>> calls before but i ended on a Segmen segfault errors.
>>>
>>> Ill let you know if im able to get it working.
>>>
>>> Thank you !
>>>
>>>
>>>
>>>
>>> 2011/9/1 jfoug <jfoug@....net>
>>>
>>>> You will have to 'change' the zip format source file to do this.
>Change
>>>> the
>>>> cmp_exact to this (NOTE I have not tested, just coding in the email)
>>>>
>>>> static int cmp_exact(char *source, int index)
>>>> {
>>>> static int cnt=0;
>>>> if (++cnt < 13) // we have to 'pass' the self tests.
>>>> return has_been_cracked[index];
>>>> cnt = 20; // to make sure we do not 'wrap' cnt past the end
>of a
>>>> 2^31 number to a negative number
>>>> if (has_been_cracked[index]) {
>>>> fprintf(stderr, "\nPossible pass: %s Hash=%s\n\n",
>>>> saved_key[index], source);
>>>> log_event("++ Possible pass: [%s]",
>saved_key[index]);
>>>> }
>>>> return 0;
>>>> }
>>>>
>>>> Then you can see them show up on the screen output, and also in the
>>>> john.log
>>>> file. These can then be tested after the run.
>>>>
>>>> NOTE, this method will cause john to NEVER find the password. It
>simply
>>>> informs you in output that a possible password was seen. The right
>one
>>>> will
>>>> be output, along with any false positives.
>>>>
>>>> Jim.
>>>>
>>>> >From: estenole lists [mailto:estenole.lists@...il.com]
>>>> >
>>>> >Hello all,
>>>> >
>>>> >im using the latest John the Ripper
>>>> >1.7.8-jumbo-5<http://www.openwall.com/john/g/john-1.7.8-jumbo-
>5.tar.gz>
>>>> >version
>>>> >for trying to get the key of a zip encrypted
>>>> >with aes256 bit. I allready know that actuallty false positives are
>>>> >common
>>>> >at this time.
>>>> >
>>>> >THe problem is tha when processing the wordlist john stops as soon
>as a
>>>> >key
>>>> >is found, but at the moment
>>>> >none on them works, what i want to achieve is to force john to try
>with
>>>> >the
>>>> >full wordlist while printing
>>>> >the keys found so i can try them when finished. Could find any
>option or
>>>> >configuration to do so, do you
>>>> >know id theres such a possiblity ?
>>>> >
>>>> >Thank you
>>>>
>>>>
>>>
>>
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
