Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120913150643.GA31273@openwall.com>
Date: Thu, 13 Sep 2012 19:06:43 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Help for JTR

On Thu, Sep 13, 2012 at 04:04:00PM +0200, Helmut Hullen wrote:
> Du meintest am 13.09.12:
> 
> >> "no passwords found in here" means that john did not get any results
> >> after completing the job. John says that 4 different hashes have
> >> been loaded in but after it completes, guesses = 0.
> 
> > How long did it run for?
> 
> On my machine (1,5 GHz) about 10 minutes (perhaps faster).

My question was addressed specifically to Jonathan, regarding his
incremental mode runs - to see if he has possibly run through the whole
US-ASCII printable LM keyspace (would take some days on one CPU core) or
not.  Your 10-minute run must be for a different cracking mode or
settings, or for a different password hash (one that actually got
cracked).

> >> The hash input to john is as follows:
> >> adm:1003:f5ed24301452410f0f802f643692aaef:3c4ac740fc1ecbee5da191a14f
> >> 0cdc29:::
> 
> Neither "jtr" nor "ophcrack" recognized any password for this line.

We need to know if these are the actual hashes Jonathan is trying to
crack, or if he modified them for posting to the list.  If they're real,
then at this point I am pretty certain that something went wrong with
how they were extracted from the system.  It could be inconsistent SAM
vs. SYSTEM files, it could be a bug in the tool used.

Jonathan, if you can, please use one of the PWDUMP tools on the running
system as opposed to processing SAM and SYSTEM files.

The LM hash above corresponds to some unrealistically strong password,
if it does correspond to any password at all.

Alexander

P.S. "Help for JTR" is a really bad choice for message Subject, given
that the message is posted to a JtR-specific list anyway.  Let's try to
avoid such non-informative Subjects on future occasions.  For this
topic, a better Subject would have been e.g. "Windows password hashes".

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.