Can’t open hash with John or Hashcat

I’m trying to open a hash with John and HashCat, but both don’t work?

NTLMv2 Response Captured from 192.168.1.1 DOMAIN: DEV29-APP01 USER: testuser LMHASH:Disabled LM_CLIENT_CHALLENGE:Disabled NTHASH:3045e74dac0653865d353e93e8c5ca8c  NT_CLIENT_CHALLENGE:0101000000000000c2af33072879d60195da2f228ded77b7000000000200120041004e004f004e0059004d004f00550053000100120041004e004f004e0059004d004f00550053000400120061006e006f006e0079006d006f00750073000300120061006e006f006e0079006d006f00750073000800300030000000000000000000000000200000feb33cee8c0f22d8b27a15278ee7fdfbb47b23655ada87d2da7b3a3b1db5450e0a00100000000000000000000000000000000000090038004d005300530051004c005300760063002f003100360038002e00360033002e003100310031002e003100300036003a0031003400330033000000000000000000 

Manually rewritten to:

testuser::DEV29-APP01:3045e74dac0653865d353e93e8c5ca8c:0101000000000000c2af33072879d60195da2f228ded77b7000000000200120041004e004f004e0059004d004f00550053000100120041004e004f004e0059004d004f00550053000400120061006e006f006e0079006d006f00750073000300120061006e006f006e0079006d006f00750073000800300030000000000000000000000000200000feb33cee8c0f22d8b27a15278ee7fdfbb47b23655ada87d2da7b3a3b1db5450e0a00100000000000000000000000000000000000090038004d005300530051004c005300760063002f003100360038002e00360033002e003100310031002e003100300036003a0031003400330033000000000000000000  me>hashcat -m 5600 -a 3 testuser.txt --force Hashfile 'testuser.txt' on line 1 (testus...31003400330033000000000000000000): Separator unmatched No hashes loaded.  me>john --format=netntlmv2 testuser.txt Using default input encoding: UTF-8 No password hashes loaded (see FAQ) me>john --show --format=netntlmv2 testuser.txt 0 password hashes cracked, 0 left 

What am I missing?

How to apply custom filters for John The Ripper when cracking RAR3 archive password?

My problem is that I’m trying to crack RAR file with is encrypted with RAR3 encryption. Decided to try with John The Ripper. Here are clues I have from my friend.

  1. Max password length is 8
  2. Only capital letters or digits

And I need now filter to make John crack the password without trying to check small lowercase letters. On hashcat it’s easy to do but program do not support $ RAR3$ *1 type of hashes.

Use John the Ripper to break Password Protected Zip

I installed kali linux, that comes with John the ripper. I have a password-protected zip file. I’m pretty sure the password is complex. I first convert the zip into a hash:

sudo zip2john FILE_LOCATION > zippedzip.txt 

It took around 20 seconds to run that command.

I got this output: enter image description here Then I try running john on it:

sudo john --format=zip ZIPPEDZIP.TXT_LOCATION 

However I keep getting an error:

Using default input encoding: UTF-8 No password hashes loaded (see FAQ) 

I’m pretty new to John the ripper, but didn’t I already load in a hash?

I then took a look at the FAQ but that confused me.

So next I tried to just run a wordlist through the hash

I used the following wordlist: https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10-million-password-list-top-100000.txt

So I ran this: enter image description here

So after trying both methods, I’m not really sure how to crack this zip.

John The Ripper and PBKDF2-HMAC-SHA1

I am trying to hash a list of passwords with PBKDF2-HMAC-SHA1 and then crack them using John. However, John does not recognise the hashes and I get a No Hashes Found error. It works with SHA256, but I need PBKDF2-HMAC-SHA1. I have looked everywhere and have exhausted all my options. What is the correct format of PBKDF2-HMAC-SHA1 that is recognised by John and will let me crack it? Thanks in advance!

John The Ripper ‘No password hashes loaded'(see FAQ)

I am trying to learn John. I’ve been through the FAQ and this tutorial, but am stuck.

I have made a RAR4 password hash. It’s super simple. The password is ‘test’. I now want to use a tool to crack it.

I’ve saved it to a file "test.txt".It has:

Red dead redemption.rar:$  RAR3$  *1*de613099dc859cfd*00000000*16*0*1*b52125c28c4fc60a1c00f313d0fb68ca*33:1::Red dead redemption.torrent  

When running the following command, I get ‘No password hashes loaded’

What should I do to get this working please?

Command: john.exe test.txt 

John the Ripper: Cannot extract hash from PDF because Python keeps opening?

I’m having a really strange issue. I’m attempting to extract a hash from a user-password encrypted .pdf with John the Ripper’s pdf2john tool, but every time I run the command:

c:\...\run\pdf2john.pl mypdf.pdf 

My Python IDE (Visual Studio Code) opens up the pdf2john.pl file and the following appears in the command line:

[main 2020-06-18T10:02:06.775Z] update#setState idle (node:15044) Electron: Loading non context-aware native modules in the renderer process is deprecated and will stop working at some point in the future, please see https://github.com/electron/electron/issues/18397 for more information [main 2020-06-18T10:02:36.776Z] update#setState checking for updates [main 2020-06-18T10:02:36.934Z] update#setState downloading 

Any ideas on how to stop my IDE from opening up and having the command actually work as expected? The latest version of Perl is installed on my machine.

“john –format=md5” caused “Unknown ciphertext format name requested” error

  • This is known md5 hash for Kioptrix: Level 1.1 (#2)

Linux unshadow file

wolf@linux:~$   cat md5hash.txt  root:$  1$  FTpMLT88$  VdzDQTTcksukSKMLRSVlc.:0:0:root:/root:/bin/bash john:$  1$  wk7kHI5I$  2kNTw6ncQQCecJ.5b8xTL1:500:500::/home/john:/bin/bash harold:$  1$  7d.sVxgm$  3MYWsHDv0F/LP.mjL9lp/1:501:501::/home/harold:/bin/bash wolf@linux:~$    

md5hash only

wolf@linux:~$   cat md5hash_only.txt  $  1$  FTpMLT88$  VdzDQTTcksukSKMLRSVlc. $  1$  wk7kHI5I$  2kNTw6ncQQCecJ.5b8xTL1 $  1$  7d.sVxgm$  3MYWsHDv0F/LP.mjL9lp/1 wolf@linux:~$    

Since I know that these are md5 format, I used --format=md5 option in john.

Unfortunately, I’m getting Unknown ciphertext format name requested error.

wolf@linux:~$   john --format=md5 md5hash.txt  Unknown ciphertext format name requested wolf@linux:~$     wolf@linux:~$   john --format=md5 md5hash_only.txt  Unknown ciphertext format name requested wolf@linux:~$    

I’ve verified that the format is similar with pentestmonkey cheat-sheet

Any idea what’s wrong here?

John the Ripper / Hashcat rule, reject candidate if char at position X is the same as character at position Y

I’m using John to generate some word lists and I’m trying to figure out the most optimized way to do the next step. What I want to do is add ever possible 3 digit number to a set where the first digit of the number is not the same as the first digit in the set

Set example 123ABC

to add

+ 213 = 123ABC213 OK

+ 131 = 123ABC131 REJECT

I see rules that reject unless a string includes, but not a comparison function like this.

I could make the whole list and prune it after with a python script, but it would be way bigger than needed.

Thank you!

John the ripper – ecryptfs – sample not cracked: 0 password hashes cracked

Good morning all,

I tried to use john the ripper on the sample : ecryptfs_sample_metadata.tar (password is ‘openwall’)

witch i downolad here: https://openwall.info/wiki/john/sample-non-hashes

The passeword is openwall.

If i try

sudo john ecryptfs_sample_metadata.tar --progress-every=10 --mask='openwal?l' 

The result is:

Warning: detected hash type "mysql", but the string is also recognized as "oracle" Use the "--format=oracle" option to force loading these as that type instead Warning: detected hash type "mysql", but the string is also recognized as "pix-md5" Use the "--format=pix-md5" option to force loading these as that type instead Using default input encoding: UTF-8 Loaded 1 password hash (mysql, MySQL pre-4.1 [32/64]) Warning: no OpenMP support for this hash type, consider --fork=4 Press 'q' or Ctrl-C to abort, almost any other key for status 0g 0:00:00:00  0g/s 185.7p/s 185.7c/s 185.7C/s openwala..openwalq Session completed 

If i try show i have the result:

0 password hashes cracked, 1 left 

I try to ad

--format=oracle  

or

--format=pix-md5  

with the same result.

Does anyone have an idea why the password is not cracked?