Password hashes - John

Tags: #<Tag:0x00007f8a14b372c0> #<Tag:0x00007f8a14b371f8> #<Tag:0x00007f8a14b37130> #<Tag:0x00007f8a14b37068> #<Tag:0x00007f8a14b36fa0>

Password hashes - John

Basic hash detection

  • if the hash starts by $1$. MD5 is used;
  • if the hash starts by $2$ or $2a$ , Blowfish is used;
  • if the hash starts by $5$ , SHA-256 is used;
  • if the hash starts by $6$ , SHA-512 is used.
victim:$1$85cZRprY$NnDQ0Er148bco25HyLzIM1:18190:0:99999:7:::

Example:

    λ ~/Source/ john shadow2 --format=md5crypt
    Using default input encoding: UTF-8
    Loaded 1 password hash (md5crypt, crypt(3) $1$ (and variants) [MD5 128/128 SSE4.1 4x5])
    Proceeding with single, rules:Single
    Press 'q' or Ctrl-C to abort, almost any other key for status
    victim1          (victim)
    1g 0:00:00:00 DONE 1/3 (2019-10-21 11:09) 100.0g/s 2000p/s 2000c/s 2000C/s victim..Victim0
    Use the "--show" option to display all of the cracked passwords reliably
    Session completed
    λ ~/Source/ john shadow2 --format=md5crypt --show
    victim:victim1:18190:0:99999:7:::

    1 password hash cracked, 0 left