Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <53E11A46.8050304@jorgk.com>
Date: Tue, 05 Aug 2014 19:54:14 +0200
From: Jörg Knobloch <jorgk@...gk.com>
To: john-users@...ts.openwall.com
Subject: Problem running John on Windows when trying to crack sha512 encrypted
 /etc/shadow from Linux

I am trying to run John on Windows since my Windows PC is more powerful 
than me Linux PC.

This is the hash I want to crack as a first experiment:
root:$6$irSkguJ9$QhY91Upy8ynBsQHZ8rB2RgXOGzH1bPCssJMVrv1dgXU1Ek7CqRhfp3.oRaX/GB3k6/wcl2nYtOmeQG3bie1Qo/:16286:0:99999:7:::
The password for root (which is "root"), so not a great secret.

On Linux I run "john /etc/shadow" and it happily reports the password 
after a while.

On Windows running john.exe from either john179w2.zip, john179j5w.zip or 
john-1.8.0-Win-32.zip I get:
"No password hashes loaded (see FAQ)".

I'm so sorry, it's a beginners question and you say so in the FAQ, but 
sadly you don't give a clear answer. Let's see:

A: Your password file taken from a Unix-like system might be shadowed.
No, I'm using /etc/shadow and on Linux it works fine.

A: All of the password hashes found in the file might be already cracked
No.

A: With PWDUMP-format files, ...
Doesn't apply.

A: If you're using the "--format" option, try dropping it.
No, not using it.

A: Your password hash or cipher type(s) might not be supported by John, 
or at least by the version and build of John that you're using.
Maybe. I've used three different Windows binaries, all give the same error.

Nowhere does it say which cipher types are supported. The Windows 1.79 
"Jumbo version" says:
--format=NAME             force hash type NAME: des/bsdi/md5/bf/afs/lm/
dynamic_n/bfegg/dmd5/dominosec/epi/hdaa/ipb2/krb4/
krb5/mschapv2/mysql-fast/mysql/netlm/netlmv2/netntlm/
netntlmv2/nethalflm/md5ns/nt/phps/po/xsha/crc32/
hmac-md5/lotus5/md4-gen/mediawiki/mscash/mscash2/
mskrb5/mssql/mssql05/mysql-sha1/nsldap/nt2/oracle11/
oracle/phpass-md5/pix-md5/pkzip/raw-md4/raw-md5thick/
raw-md5/raw-sha1/raw-sha/raw-md5u/salted-sha1/sapb/
sapg/sha1-gen/raw-sha224/raw-sha256/raw-sha384/
raw-sha512/xsha512/hmailserver/sybasease/trip/ssh/pdf/

The Windows 1.8 version says:
--format=NAME              force hash type NAME: 
descrypt/bsdicrypt/md5crypt/
                            bcrypt/LM/AFS/tripcode/dummy

The Linux 1.8 versions says:
--format=NAME              force hash type NAME: 
descrypt/bsdicrypt/md5crypt/
                            bcrypt/LM/AFS/tripcode/dummy/crypt

Maybe "crypt" includes the sha512 stuff, which is therefore not 
available on Windows.

A: John only loads properly formatted text files directly.
I'm using the /etc/shadow file or the "unshadowed" (combined with 
/etc/passwd). On Linux both work, on Windows none.

A: The file you're trying to run John on might in fact not be a password 
file at all.
Well, it is.

A: Your command line syntax might be wrong, resulting in John trying to 
load a wrong file.
What can be wrong in "john.exe file.txt"?

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.