19 Oct 2009 20:44
Joomla and JTR
Hi Is JTR able to crack Joomla hashes ? I use patched JTR with http://openwall.info/wiki/john/patches for example : 36302dcd47193e2c6dbc3cfc6f70e11d:KPAvp1xf0bQJppoU = azerty Regards, W.A.
20 Oct 2009 04:18
Re: Joomla and JTR
From: "websiteaccess" <websiteaccess@...> > Is JTR able to crack Joomla hashes ? > > I use patched JTR with http://openwall.info/wiki/john/patches > > for example : 36302dcd47193e2c6dbc3cfc6f70e11d:KPAvp1xf0bQJppoU = > azerty I receievd this query off list, and replied, but I am not sure if websiteaccess@... is a person, or if a reply works. In the message I received was the comment: > I try to use your contribution to JTR (john-1.7.3.1-all-5-md5_gen-2). so I will assume that the generic md5 is built. If that is the case, then the proper line for the input file is: user:md5_gen(1)36302dcd47193e2c6dbc3cfc6f70e11d$KPAvp1xf0bQJppoU For all md5-gen, you will need the md5_gen(x) signature. Then, a $ is used to separate the hash from the salt, since they are needed to be in one unit, and if a ':' was used, john through it's normal behavior would split that into some other user gecos field. Once the file is of that format, john will 'auto' detect and process. Jim.(Continue reading)
20 Oct 2009 14:25
Re: Joomla and JTR
Am 2009-10-19 um 20:44 schrieb websiteaccess: > Is JTR able to crack Joomla hashes ? Yes, with JimF's "Generic MD5 module" included (http://openwall.info/wiki/john/patches ), it is: mysql -u root -D "joomla_DB" -B -N -e "SELECT CONCAT(username, ':', 'md5_gen(1)', SUBSTRING(password, 1, INSTR(password, ':') - 1), '\$', SUBSTRING(password, INSTR(password, ':') + 1)) FROM jos_users WHERE INSTR(password, ':') ORDER BY id ASC;" > joomla-hashes && ./john joomla-hashes # Loaded NNN password hashes with NNN different salts ( md5($p. $s) (joomla) [md5-gen 64x1]) Bon courage. SL
20 Oct 2009 19:19
looking for already compiled JTR with patches
Hi I spent lot of time to compile JTR 1.7.3.1 with the following patches for my Imac Core2Duo Intel (os X.6) /john-1.7.3.1-all-5.diff.gz | patch -p1 -Z /john-1.7.3.1-all-5-fast-rawMD5-SSE2-1.diff.gz | patch -p1 -Z /john-1.7.3.1-all-5-phpass-3.diff.gz | patch -p1 -Z /john-1.7.3.1-all-5-several-performance-updates-1.diff.gz | patch -p1 -Z /john-1.7.3.1-all-5-numerous_options_and_bugfixes-1.diff.gz | patch -p1 -Z Finally, all is ok now. All works fine. Now, I want compile source with all patches previous + "Generic MD5 module for 1.7.3.1-jumbo-5". I can't get success, I follow the notice "Patching Prerequisites: phpass-3, raw-MD5-SSE2-1 and the 'several performance updates' patches to be install prior to this patch", but it doesn't work , I get tons error while patching then compiling. Is someone can patch 1.7.3.1 in the right order with the following patches : john-1.7.3.1-all-5.diff.gz | patch -p1 -Z john-1.7.3.1-all-5-fast-rawMD5-SSE2-1.diff.gz | patch -p1 -Z john-1.7.3.1-all-5-phpass-3.diff.gz | patch -p1 -Z john-1.7.3.1-all-5-several-performance-updates-1.diff.gz | patch -p1 -Z john-1.7.3.1-all-5-numerous_options_and_bugfixes-1.diff.gz | patch -p1 -Z +(Continue reading)
20 Oct 2009 22:25
Re: Joomla and JTR
On Tue, 20 Oct 2009 14:25:06 +0200, SL wrote: > Am 2009-10-19 um 20:44 schrieb websiteaccess: >> Is JTR able to crack Joomla hashes ? > > Yes, with JimF's "Generic MD5 module" included > (http://openwall.info/wiki/john/patches), it is: > > mysql -u root -D "joomla_DB" -B -N -e "SELECT CONCAT(username, ':', > 'md5_gen(1)', SUBSTRING(password, 1, INSTR(password, ':') - 1), '\$', > SUBSTRING(password, INSTR(password, ':') + 1)) FROM jos_users WHERE > INSTR(password, ':') ORDER BY id ASC;" > joomla-hashes && ./john > joomla-hashes > > # Loaded NNN password hashes with NNN different salts ( > md5($p.$s) (joomla) [md5-gen 64x1]) > > Bon courage. > SL > > I try to patch JTR 1.7.3.1 with "Generic MD5 module", but I get errors during compilation, EVEN with "phpass-3, raw-MD5-SSE2-1 and the 'several performance updates'" patched before. may be it doesn't works with Imac os X.6 core2duo intel. Thanks, W.A.(Continue reading)
21 Oct 2009 13:56
Re: looking for already compiled JTR with patches
Am 2009-10-20 um 19:19 schrieb websiteaccess:
> I want compile source with all patches previous + "Generic MD5
> module for 1.7.3.1-jumbo-5".
> I can't get success, I follow the notice "Patching Prerequisites:
> phpass-3, raw-MD5-SSE2-1 and the 'several performance updates' patches
> to be install prior to this patch", but it doesn't work , I get tons
> error while patching then compiling.
You can not just "patch & compile" the Generic MD5 module, as it has
(minor) conflicts with the previous patches.
Pay attention to the ".rej" files, they show you what to edit manually
before you can compile. It's not that much, you should be done in
under 10 minutes.
You just do "cd src", as you would to compile, then you do:
ls *.rej | while read file; do open -e "${file}"; open -e "$
{file/.rej/}"; done
This should open all the files that you need to edit, along with all
files that instruct you what to edit, in TextEdit. Look for "+" and
"-" signs at the beginning of each line. The numbers between "***" and
"****" resp. "---" and "----" are line numbers of the context that
needs to be changed.
After that, you can compile (make clean macosx-x86-64 || make clean
macosx-x86-sse2 || make clean macosx-universal).
Amitiés
(Continue reading)
23 Oct 2009 16:12
Incremental check with specific rule
Hi, I'm new to JtR and can't find out how to solve the following problem: I want to check passwords with the length of 8 or 9 chars. The passwords are all alpha-numeric. I know there is a password rule enforcing to use at least 1 upper, 1 lower and 1 numeric sign. How can I tell JtR only to test passwords meeting these requirements? The hashes I have are lotus5 hashes. Any help is welcome. Regards Joerg
23 Oct 2009 17:14
Re: Joomla and JTR
It took a bit of work applying JimF's patches manually, but I was able to create a version of JTR 1.7.3.4 for Intel and PowerPC with all the available patches applied (jumbo, PHP, MD5 generic, etc). You can get it at http://www.macunix.net/JTR/. This is truly an EXPERIMENTAL binary release, so I would like to know how it works for you and other MacOS X users out there. Erik > > I try to patch JTR 1.7.3.1 with "Generic MD5 module", but I get errors > during compilation, EVEN with "phpass-3, raw-MD5-SSE2-1 and the > 'several performance updates'" patched before. > > may be it doesn't works with Imac os X.6 core2duo intel. > > Thanks, > > W.A. > >
24 Oct 2009 02:43
wordlist generation
What is the recommended/preferrable method to convert an arbitrary text file (SQL dump, con-'cat'-enated HTML files, Wikipedia XML export, not a precompiled dictionary) into a (reasonably usable) john wordlist? cat $textfile | tr -s -c "[:alpha:]\-ÄÖÜäöüß" "\n" | ./unique wordlist.lst kind of works, but I wonder if there are better ways?
24 Oct 2009 21:26
Re: Joomla and JTR
On Fri, 23 Oct 2009 11:14:19 -0400, Erik Winkler wrote: > It took a bit of work applying JimF's patches manually, but I was > able to create a version of JTR 1.7.3.4 for Intel and PowerPC with > all the available patches applied (jumbo, PHP, MD5 generic, etc). > You can get it at http://www.macunix.net/JTR/. This is truly an > EXPERIMENTAL binary release, so I would like to know how it works for > you and other MacOS X users out there. > > Erik I was away from my computer... I'm back. Thank you very much !!! :) W.A.
RSS Feed