I’m using John to generate some word lists and I’m trying to figure out the most optimized way to do the next step. What I want to do is add ever possible 3 digit number to a set where the first digit of the number is not the same as the first digit in the set
+ 213 = 123ABC213 OK
+ 131 = 123ABC131 REJECT
I see rules that reject unless a string includes, but not a comparison function like this.
I could make the whole list and prune it after with a python script, but it would be way bigger than needed.
Good morning all,
I tried to use john the ripper on the sample : ecryptfs_sample_metadata.tar (password is ‘openwall’)
witch i downolad here: https://openwall.info/wiki/john/sample-non-hashes
The passeword is openwall.
If i try
sudo john ecryptfs_sample_metadata.tar --progress-every=10 --mask='openwal?l'
The result is:
Warning: detected hash type "mysql", but the string is also recognized as "oracle" Use the "--format=oracle" option to force loading these as that type instead Warning: detected hash type "mysql", but the string is also recognized as "pix-md5" Use the "--format=pix-md5" option to force loading these as that type instead Using default input encoding: UTF-8 Loaded 1 password hash (mysql, MySQL pre-4.1 [32/64]) Warning: no OpenMP support for this hash type, consider --fork=4 Press 'q' or Ctrl-C to abort, almost any other key for status 0g 0:00:00:00 0g/s 185.7p/s 185.7c/s 185.7C/s openwala..openwalq Session completed
If i try show i have the result:
0 password hashes cracked, 1 left
I try to ad
with the same result.
Does anyone have an idea why the password is not cracked?
Title says it all, I can’t tell if John is just crashing or “gives up” on cracking the hash. First I start off by creating an md5 hash out of a word I KNOW is on the rockyou.txt wordlist:
echo -n 'password' | md5sum > testhash
After removing the hyphen at the end of the test hash file:
Now I attempt to crack the md5 hash using the following John the Ripper command:
john --format=raw-md5 --wordlist= /usr/share/wordlists/rockyou.txt testhash
I get the output:
Loaded 1 password hash (Raw-MD5 [MD5 256/256 AVX2 8*3]) No password hashes left to crack (see FAQ)
Then I run:
john --show testhash
0 password hashes cracked, 2 left
Sorry if I’m doing something terribly wrong, but I’m at a loss here. I’m assuming it’s something wrong with how my installation of John on Kali Linux is handling the wordlist. Thank you in advance!
First things first, I’m a newbie so, bear with me…
I created a word list with a combination of a possible password for a certain user using Crunch (it’s the dictionary output) and need to use John The Ripper to sort through all the possible combinations in the wordlist created for the password and display it, alongside the hash and also need to add the –format=nt option, since the hash came from a Windows system. The hash is saved on another file and is in the correct format. However, I’m having trouble with this, can’t seem to figure this out and, for better understanding, here are the screenshots of what I did:
Jonh The Ripper
Can you tell me what I’m doing wrong? What am I missing?
I am currently working on a crypto challenge. Here I need to brute force a password. It’s SHA512 and the salt is given. But for some reason I can’t load the salt + hash into JTR because it’s complaining about the salt.
This is the salt + hash:
And I am trying to start the brute-force like so:
john --subformat=dynamic_81 --incremental=Alnum --min-length=5 --max-length=5 hash
dynamic_81 = SHA512($ salt.$ password)
If I remove the dashes from the salt, then it will load the hash. But the dashes are part of the salt so I can’t just remove them…
Does anyone know if I need to convert the salt somehow for JTR to accept it?
My question has two parts, How can I get JTR to use my AMD GPU and Does anyone have any idea how to install the AMD drivers in Kali? To start been trying with Hashcat, JTR and Pyrit no luck with anything on Hashcat except the Opencl in Kali, Pyrit I’ll just leave it there. System Hp 6300 Pro SFF OS Kali Linux 2019.03 CPU Intel i7 3700 Kali is on a Seagate Barracuda SSD 500 GB Storage and back up all in same computer Seagate Gaming Firecuda Hybrid 2 TB Hitachi HDD 2 TB 24 GB Corsair Vengance RAM AMD RX 560 GPU 4 GB Drivers Most current AMD Driver Most Current Intel Opencl I tried Rocm to start researched found out reason it wasn’t working is it isn’t compatible with Polaris 21 that’s in GPU. I edited the permissions in the Ubuntu driver and it halfway installed there’s a lot that’s not there that way. Found a lot of tutorials on how to install in Kali the road block is install the AMD drivers then AMD SDK. AMD doesn’t have the SDK anymore but I found it on GIT, but I can’t do anything until I get the drivers to install. I can’t get any of the programs I mentioned to work with it in Ubuntu or Windows. In Windows Hashcat accepts the GPU but not the Opencl. In Ubuntu it’s a wash even though the drivers work in Ubuntu. The reason for Kali is JTR will use all eight threads it wont on Windows and wont use the GPU on Windows either. So Kali and JTR are my best shot. Any ideas would be fantastic in two months I haven’t got even one reply on Kali Forums, so if you can fix it your the Ninja.
I’m trying to crack some MD5 hashes given in OWASP’s BWA on their DVWA site. I was able to use John the Ripper and the very first time it worked fine and it showed the reversed hashes using the code:
john --format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt hash.txt
However, whenever I try to do it again for the exact same file, it gives back the following:
Using default input encoding: UTF-8 Loaded 6 password hashes with no different salts (Raw-MD5 [MD5 128/128 XOP 4x2]) Remaining 1 password hash Press 'q' or Ctrl-C to abort, almost any other key for status 0g 0:00:00:01 DONE (2017-02-22 17:31) 0g/s 8746Kp/s 8746Kc/s 8746KC/s ..*7¡Vamos! Session completed
i have ssh private key and i transform it with ssh2john. Then i do crack with
john --wordilist=/usr/share/wordlists/rockyou.txt file.txt but the tool return me
No password hashes loaded (see FAQ)
The output of ssh2john (and input of john) is
Why? Help me
Is it possible to make John the Ripper output example hashes for a given hash type given by the
This is possible using Hashcat, but currently I look in John the Ripper’s source code for example hashes, which is rather slow.
I know that John the ripper incremental mode does a brute force like attack in all possible combinations given that you choose the charset and the length of the password. What order does JTR use when trying the passwords? It doesn’t seem to use alphabetical order?