Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <7bcc09ed18bbb47cc6367121be5c9a06@smtp.hushmail.com>
Date: Fri, 20 Apr 2012 23:53:50 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: Re: Extract the cracked pass from John.pot

On 04/20/2012 11:43 PM, jfoug wrote:
>>> $1$10407469$8SlB7veJpGYOpG.avnRgT.:7jeJCek5H3xi2
>>> $1$HVL$YkjOda0UYVfukIa.neSJd0:7jeJCek5H3xi2
>>> $1$PRN$PxPp5PQ7nz5kgpGmztuuj.:7jeJCek5H3xi2
>>>
>>> Ouchhhh !! so that mean they are no DES but Plain cracked Pass !!
>> that's right ?
>>
>> Well it does seem so but I am yet to confirm them (maybe later). That
>> would be a freaking b@...rd of a plaintext to crack for crypt-md5
>> though, you must have done something very right or you were extremely
>> lucky. Or something else :)
> 
> Looks like conversion of some uninitialized pointer or something.  NOTE, the
> 'pw' is exactly the same for every line.  Looks very busted to me.

Well he grep'ed for that very password so that in itself was not a
surprise. But you are absolutely right this is very fishy.

I just tried to confirm the MD5-crypt hashes using mkpasswd but it fails
because salt is expected to be 2 characters. Maybe this is a clue?

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.