Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <99983377-0f8c18d093d4d8aae52c230c9ca3dd06@pmq4v.m5r2.onet>
Date: Sat, 18 Jul 2015 01:05:35 +0200
From: rysic <rysic@...pl>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: Re: Re: Re:  Re: restore difficult zip password

OK! So, let me try to make small test:

I configured my john to gues max 4 length passwords:

[Incremental:Custom]
File = $JOHN/custom.chr
MinLen = 0
MaxLen = 4

# The theoretical CharCount is 211, we've got 196.
[Incremental:UTF8]
File = $JOHN/utf8.chr
MinLen = 0
MaxLen = 4
CharCount = 196

# This is CP1252, a super-set of ISO-8859-1.
# The theoretical CharCount is 219, we've got 203.
[Incremental:Latin1]
File = $JOHN/latin1.chr
MinLen = 0
MaxLen = 4
CharCount = 203

[Incremental:ASCII]
File = $JOHN/ascii.chr
MinLen = 0
MaxLen = 4
CharCount = 95

[Incremental:LM_ASCII]
File = $JOHN/lm_ascii.chr
MinLen = 0
MaxLen = 4
CharCount = 69

# This is CP858 (CP850 + Euro sign, superset of CP437).
# The theoretical CharCount is 209 minus lowercase, we've got 132.
[Incremental:LanMan]
File = $JOHN/lanman.chr
MinLen = 0
MaxLen = 4
CharCount = 132

# This is alnum (upper & lower case) as well as space.
[Incremental:Alnumspace]
File = $JOHN/alnumspace.chr
MinLen = 1
MaxLen = 4
CharCount = 63

[Incremental:Alnum]
File = $JOHN/alnum.chr
MinLen = 1
MaxLen = 4
CharCount = 62

[Incremental:Alpha]
File = $JOHN/alpha.chr
MinLen = 1
MaxLen = 4
CharCount = 52

[Incremental:LowerNum]
File = $JOHN/lowernum.chr
MinLen = 1
MaxLen = 4
CharCount = 36

[Incremental:UpperNum]
File = $JOHN/uppernum.chr
MinLen = 1
MaxLen = 4
CharCount = 36

[Incremental:LowerSpace]
File = $JOHN/lowerspace.chr
MinLen = 1
MaxLen = 4
CharCount = 27

[Incremental:Lower]
File = $JOHN/lower.chr
MinLen = 1
MaxLen = 4
CharCount = 26

[Incremental:Upper]
File = $JOHN/upper.chr
MinLen = 1
MaxLen = 4
CharCount = 26

[Incremental:Digits]
File = $JOHN/digits.chr
MinLen = 1
MaxLen = 4
CharCount = 10

Right?

And then I'm creating encrypted zip file (password is "asd") 

linux-kq4w:/home/kamil/john-1.8.0-jumbo-1/run # zip --encrypt test6.zip ../../Pobrane/john-1.8.0-jumbo-1.tar.gz 
Enter password: 
Verify password: 
  adding: ../../Pobrane/john-1.8.0-jumbo-1.tar.gz (deflated 45%)

generating hash file:
linux-kq4w:/home/kamil/john-1.8.0-jumbo-1/run # ./zip2john test6.zip > test6.h
ver 14  efh 5455  efh 7875  test6.zip->../../Pobrane/john-1.8.0-jumbo-1.tar.gz PKZIP Encr: 2b chk, TS_chk, cmplen=32762705, decmplen=59392000, crc=9FEB9743

And try to crack it:
linux-kq4w:/home/kamil/john-1.8.0-jumbo-1/run # ./john test6.h
Loaded 1 password hash (PKZIP [32/64])
Will run 4 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:08 DONE 3/3 (2015-07-18 00:46) 0g/s 9175Kp/s 9175Kc/s 9175KC/s |C%|..||||
Session completed
linux-kq4w:/home/kamil/john-1.8.0-jumbo-1/run # ./john --show
Password files required, but none specified
linux-kq4w:/home/kamil/john-1.8.0-jumbo-1/run # ./john --show test6.h
0 password hashes cracked, 1 left
linux-kq4w:/home/kamil/john-1.8.0-jumbo-1/run # ./john -stdout test6.h
Invalid options combination or duplicate option: "-stdout"
linux-kq4w:/home/kamil/john-1.8.0-jumbo-1/run # ./john -inc=utf8 test6.h
Loaded 1 password hash (PKZIP [32/64])
Will run 4 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:19 9.56% (ETA: 00:53:02) 0g/s 7093Kp/s 7093Kc/s 7093KC/s .9�t..;T�b
0g 0:00:00:49 30.88% (ETA: 00:52:22) 0g/s 9161Kp/s 9161Kc/s 9161KC/s {��2..ظ�3
0g 0:00:01:41 67.88% (ETA: 00:52:11) 0g/s 9969Kp/s 9969Kc/s 9969KC/s B+/�..B�~�
0g 0:00:02:03 84.56% (ETA: 00:52:09) 0g/s 10116Kp/s 10116Kc/s 10116KC/s �QG�..����
0g 0:00:02:18 95.66% (ETA: 00:52:08) 0g/s 10209Kp/s 10209Kc/s 10209KC/s .H:�...���
0g 0:00:02:25 DONE (2015-07-18 00:52) 0g/s 10200Kp/s 10200Kc/s 10200KC/s 애�..����
Session completed
linux-kq4w:/home/kamil/john-1.8.0-jumbo-1/run # ./john --show test6.h
0 password hashes cracked, 1 left
linux-kq4w:/home/kamil/john-1.8.0-jumbo-1/run # ./john -inc=ASCII test6.h
Loaded 1 password hash (PKZIP [32/64])
Will run 4 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:01 13.77% (ETA: 00:52:37) 0g/s 5697Kp/s 5697Kc/s 5697KC/s Vo6z..Vl35
0g 0:00:00:04 51.61% (ETA: 00:52:37) 0g/s 8513Kp/s 8513Kc/s 8513KC/s )Pv..\A`
0g 0:00:00:06 77.60% (ETA: 00:52:37) 0g/s 9138Kp/s 9138Kc/s 9138KC/s `EtR..`fE.
0g 0:00:00:08 DONE (2015-07-18 00:52) 0g/s 9218Kp/s 9218Kc/s 9218KC/s |C%|..||||
Session completed
linux-kq4w:/home/kamil/john-1.8.0-jumbo-1/run # 


"asd" password have to be included in ASCII and utf8 charlist, righ? Than why test is not working?

You wrote about -stdout. I saw that in documentation but it is not working:

linux-kq4w:/home/kamil/john-1.8.0-jumbo-1/run # ./john -stdout test6.h
Invalid options combination or duplicate option: "-stdout"


Kamil


W dniu 2015-07-18 00:36:51 użytkownik magnum <john.magnum@...hmail.com> napisał:
> On 2015-07-17 23:51, rysic wrote:
> > You are right, --node is well defined, but I can't find in
> > documentation how NFS share can benefit?
> 
> It's not documented a lot but for example, Jumbo has a feature called 
> "pot sync". If one process cracks a hash, the other processes will see 
> that and stop wasting time on it. In case of salts (especially unique 
> ones) this is a major benefit: When half the salts are cracked, speed 
> will be twice as fast.
> 
> > In configuration file there are few Incremental sections (if I
> > understand well by default john is using all of them), but is john
> > mixing this charlists? I mean if I have few charlists - LATIN,
> > UpperNum, custom then he is making one big list of chars and is using
> > it for brute force? And Min/MaxLen in this sections mean that maximum
> > x characters will be taken from charlist, but if I have this:
> >
> > [Incremental:ASCII]
> > File = $JOHN/ascii.chr
> > MinLen = 0
> > MaxLen = 13
> > CharCount = 95
> >
> > [Incremental:LM_ASCII]
> > File = $JOHN/lm_ascii.chr
> > MinLen = 0
> > MaxLen = 7
> > CharCount = 69
> >
> >
> > then it means tha john will try first combinatios of 0-13 characters
> > from ASCII and then he will try 0-7 combinations from LM_ASCII? If
> > yes, then if I have password combined of chars from two charlists
> > then john will not find it? Am I right?
> 
> No, only one section is used. For LM hashes and a few others, the 
> LM_ASCII section is used. For other formats, the ASCII one is used. This 
> can be tweaked in john.conf, including using the UTF8 section when 
> applicable.
> 
> You can force use of whatever section you want using eg. -inc=utf8 or 
> -inc=custom (if you built a custom.chr file). Try it out using -stdout 
> and watch the difference.
> 
> magnum
> 
> 

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.