magnumripper
commented
10 years ago --prot ?
Closed frank-dittrich closed 10 years ago
magnumripper
commented
10 years ago --prot ?
frank-dittrich
commented
10 years ago s/prot/pot/
magnumripper
commented
10 years ago The --passthru option was added for things like --device=N iirc, but things like --fork should selectively be muted from it. For example, we can't use --test or --show with --fork but some other passthru options are wanted (we'd want --device to be passed to both of them).
jfoug
commented
10 years ago Should --fork (and other 'semi' passthru flags) simply be added as options to test suite, so that proper logic can be added. The --passthru has always been a cludge (and working one, but still a cludge).
magnumripper
commented
10 years ago Yeah why not. Easier to handle it correctly then.
jfoug
commented
10 years ago $ ../run/john -form=dynamic_0 -show -pot=./tst.pot dynamic_0_tst.in | tail -1 1502 password hashes cracked, 0 left
$ wc tst.pot 1500 1639 84430 tst.pot
So are we SURE we want to use the --show flag of JtR. --show has ALWAYS been something I have hated. The way we have so many formats with aliases, and all other stuff such as encodings, show IMHO has been by far, very unreliable. The .pot file should be viewed as THE source of information.
Yes, this probably is a bug. dynamic_0 show 1502, others do not
NOTE, I do have a version of jtrts.pl which is using -show for the first run and .pot re-run count obtaining. BUT I do not think it is going to be better than using the tail line of the run. It may be the 'only' way to do it for fork, but I am not sure the logic is right all the time. Yes, IF we can get --show to be 100% correct and have it dupe remove, then it may be fine. But I do not think JtR is to that level.
jfoug
commented
10 years ago Found the 1502 problem. Problem is in jtr_ts.
$ wc dynamic_0_tst.in 1503 1655 119955 dynamic_0_tst.in
There are others which are 'too' large.
So I will look at getting the code changed to use the last line of the --show command.
jfoug
commented
10 years ago u17-dynamic_0:$dynamic_0$53cadcb4234fd06d9b19d924d796dbb2:17:0:pass÷ord:: u18-dynamic_0:$dynamic_0$cb803b67f0eb50ad7a88d4d320633e1a:18:0:dffffffffffff:: u18-dynamic_0:$dynamic_0$CB803b67f0eb50ad7a88d4d320633e1a:18:0:dffffffffffff:: u18-dynamic_0:$dynamic_0$cB803b67f0eb50ad7a88d4d320633e1a:18:0:dffffffffffff:: u19-dynamic_0:$dynamic_0$526d97331e687c6ec620bec0a4e5b617:19:0:ôåst::
So it looks like there is something wrong with cannonical stuff in dyna. there are 3 u18 records, all the same, except for case of the hash. This is a bug 'somewhere', I just have to find it.
I am pretty sure the 3 u18's were done specifically to make SURE that only 1500 passwords were found. But why --show is giving 1502 and not 1500 is where the problem lies.
magnumripper
commented
10 years ago So that is a good reason for using --show, you found a bug. We should do both. In the --fork case you just need to unique the .pot file to see how many was cracked when disregarding dupes.
magnumripper
commented
10 years ago ...but we should ONLY unique the pot file when we detect --fork or MPI. Otherwise we might hide bugs.
jfoug
commented
10 years ago Here is the failures with 'current' jtrts.pl switching to using the --show. I will continue to see where the issue lies, but I bet these are similar problems.
$ ./jtrts.pl -q -no-prelims
-------------------------------------------------------------------------------
- JtR-TestSuite (jtrts). Version 1.12.14, June 30, 2014. By, Jim Fougeron & others
- Testing: John the Ripper password cracker, version 1.8.0.2-bleeding-jumbo [cygwin 64-bit SSSE3-autoconf]
--------------------------------------------------------------------------------
form=dynamic_0 guesses: 1502 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=dynamic_71 guesses: 1502 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=crc32_dups guesses: 50 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=crc32_dups2 guesses: 50 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=crc32_dups_read_file guesses: 50 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=crc32_dups2_read_file guesses: 50 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
mscash: One or more hashes rejected due to salt length limitation[PASSED]
mscash: One or more hashes rejected due to salt length limitation[PASSED]
form=lm guesses: 3000 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=pwdump_lm guesses: 2760 0:00:00:00 DONE : Expected count(s) (986) [!!!FAILED!!!]
form=net-md5 (dyna) guesses: 0 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=net-sha1 (dyna) guesses: 0 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=rawsha0 guesses: 1500 0:00:00:00 DONE : Expected count(s) (1464) [!!!FAILED!!!]In the --fork case you just need to unique the .pot file to see how many was cracked when disregarding dupes.
Lol, so now 3 methods, NOTE, the --show itself does slow down the TS. Another spawn of JtR and wc will even more slow. BUt I think you are right. We should test them both.
NOTE, the LM and CRC32 are different cases. crc32 is fmt_not_exact. LM is split. But not rawsha0 is now 1500, not 1464. I am not sure what is up with that, or why it was reduced before.
magnumripper
commented
10 years ago If we (always) output it as show/pot, eg. 1502/1500 it will be a hint when debugging stuff (not just now but also for future problems with specific formats).
Hmm, so jtrts.dat may need to store separate expected numbers for show/pot as well... as in 3000,1500 for LM.
jfoug
commented
10 years ago Hmm, so jtrts.dat may need to store separate expected numbers for show/pot as well... as in 3000,1500 for LM.
Yup. For formats like that (with multi partials). Also for fmt_not_exact (like crc), where -show gives 50 while pot gives 1500.
Note, I will have to redo what I did yesterday. I was working on an older tower the gf got free from work. I had to re-install the OS, things were totally smashed, and I could not install her VPN software correctly on it. The changes were not huge, they should be pretty quick to put back into it today, once I get this box fully operations. I think it is working better now. But it is a complete OS rebuild (and spent most of the night getting update patches installed).
jfoug
commented
10 years ago How about this format? I think if -show is correct, (i.e. matches guesses), then it will be muted.
$ ./jtrts.pl -no-prelims dynamic_0
-------------------------------------------------------------------------------
- JtR-TestSuite (jtrts). Version 1.12.14, June 30, 2014. By, Jim Fougeron & others
- Testing: John the Ripper password cracker, version 1.8.0.2-bleeding-jumbo [cygwin 64-bit SSSE3-autoconf]
--------------------------------------------------------------------------------
John Jumbo build detected.
1502 1500
form=dynamic_0 guesses: 1500 -show=1502 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
.pot CHK:dynamic_0 guesses: 1500 0:00:00:00 DONE [PASSED]
1500 1500
form=dynamic_0-raw guesses: 1500 0:00:00:00 DONE [PASSED]
.pot CHK:dynamic_0-raw guesses: 1500 0:00:00:00 DONE [PASSED]
Some tests had Errors. Performed 2 tests.1 errors
Time used was 1 secondsI think I will handle LM by adding a (3000) to the expected count, and CRC32 by adding (1500), vs adding an extra column for -show values.
jfoug
commented
10 years ago Here is my first stab at it. So far, I have only put -show logic on the crack side, not in the .pot re-read logic.
$ Session aborted
./jtrts.pl -no-prelims -q
-------------------------------------------------------------------------------
- JtR-TestSuite (jtrts). Version 1.12.14, June 30, 2014. By, Jim Fougeron & others
- Testing: John the Ripper password cracker, version 1.8.0.2-bleeding-jumbo [cygwin 64-bit SSSE3-autoconf]
--------------------------------------------------------------------------------
form=dynamic_0 guesses: 1500 -show=1502 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=dynamic_71 guesses: 1500 -show=1502 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=crc32_dups guesses: 1500 -show= 50 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=crc32_dups2 guesses: 1500 -show= 50 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=crc32_dups_read_file guesses: 1500 -show= 50 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=crc32_dups2_read_file guesses: 1500 -show= 50 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
mscash: One or more hashes rejected due to salt length limitation
form=lm guesses: 1500 -show=3000 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=pwdump_lm guesses: 986 -show=2760 0:00:00:00 DONE : Expected count(s) (986) [!!!FAILED!!!]
form=net-md5 (dyna) guesses: 1500 -show= 0 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=net-sha1 (dyna) guesses: 1500 -show= 0 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=rawsha0 guesses: 1464 -show=1500 0:00:00:00 DONE : Expected count(s) (1464) [!!!FAILED!!!]
Warning: SAP-F/G format should always be UTF-8.
Convert your input files to UTF-8 and use --input-encoding=utf8
Some tests had Errors. Performed 289 tests.11 errors
Time used was 1297 secondsI think I can handle crc32 and LM easily, by adding extra optional values for -show. dyna_0 exposed bug in jtr.
jfoug
commented
10 years ago It looks like dyna_0 and dyna_71 are -show=1502 by design. There are 3 different users that share the same password. That password was put in with different case, to test that dyan would only load/find 1500 hashes (which there are 1500 unique). This multi found hash however, does show on -show numbers. So for these 2, I will add a (-show1502) since that is valid. The others were pretty easy. The one I have questions over, and still need to track down, is SHA0. Show is listing 1500, but loader finds 1464. If that is the case, I need to find the dupes, and re-gen the file without them, to get it to 1500.
jfoug
commented
10 years ago 8186c75
This should work in fork mode, mpi mode and 'normal' mode (I think).
Please test this. I have no way to fork test.
magnumripper
commented
10 years ago I should still just use -passthru=-fork=4, right? I see some problems (more details soon).
magnumripper
commented
10 years ago Here's my (OSX x86-64) full -q without fork, for a baseline. What are the -show=0 supposed to mean? Maybe they need force format?
$ ./jtrts.pl -noprel -q
-------------------------------------------------------------------------------
- JtR-TestSuite (jtrts). Version 1.12.14, June 30, 2014. By, Jim Fougeron & others
- Testing: John the Ripper password cracker, version 1.8.0.2-bleeding-jumbo [darwin13.4.0 64-bit AVX-autoconf]
--------------------------------------------------------------------------------
mscash: One or more hashes rejected due to salt length limitation
form=net-md5 (dyna) guesses: 1500 -show= 0 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=net-sha1 (dyna) guesses: 1500 -show= 0 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=raw-sha guesses: 1464 -show=1500 0:00:00:00 DONE : Expected count(s) (1464) [!!!FAILED!!!]
Warning: SAP-F/G format should always be UTF-8.
Convert your input files to UTF-8 and use --input-encoding=utf8
Some tests had Errors. Performed 289 tests.3 errors
Time used was 915 secondsI also see the SHA0 problem as expected.
magnumripper
commented
10 years ago OK, -fork seems fine except it doesn't regard the show count as "expected count".
$ ./jtrts.pl -noprel -q -pass=--fork=4
-------------------------------------------------------------------------------
- JtR-TestSuite (jtrts). Version 1.12.14, June 30, 2014. By, Jim Fougeron & others
- Testing: John the Ripper password cracker, version 1.8.0.2-bleeding-jumbo [darwin13.4.0 64-bit AVX-autoconf]
--------------------------------------------------------------------------------
form=dynamic_19 guesses: 1503 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=dynamic_20 guesses: 2597 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=dynamic_29-raw-utf8 guesses: 1535 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=dynamic_29-utf8 guesses: 1535 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=dynamic_29-sapf-utf8 guesses: 1436 -show=1416 0:00:00:00 DONE : Expected count(s) (1416)(1500) [!!!FAILED!!!]
form=dynamic_33-NT-utf8 guesses: 1535 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=dynamic_33-sapf-utf8 guesses: 1438 -show=1416 0:00:00:00 DONE : Expected count(s) (1416)(1500) [!!!FAILED!!!]
form=dynamic_39 guesses: 1503 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=dynamic_40 guesses: 1502 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=raw-md5u-raw-utf8 guesses: 1535 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=raw-md5u-utf8 guesses: 1535 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=raw-md5u-sapf-utf8 guesses: 1440 -show=1416 0:00:00:00 DONE : Expected count(s) (1416)(1500) [!!!FAILED!!!]
form=descrypt guesses: 1625 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
.pot CHK:descrypt guesses: 1539 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=descrypt guesses: 1542 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
.pot CHK:descrypt guesses: 1516 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=pixMD5 guesses: 1503 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=raw-md5u-utf8 guesses: 1535 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=hmac-sha1 guesses: 1602 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=hmac-sha224 guesses: 1602 -show=1500 0:00:00:01 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=hmac-sha256 guesses: 1602 -show=1500 0:00:00:02 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=dragonfly3-64 guesses: 1602 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=dragonfly4-64 guesses: 1602 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=crc32_dups_dupe_rem guesses: 100 -show= 50 0:00:00:00 DONE : Expected count(s) (50) [!!!FAILED!!!]
form=crc32_dups2_dupe_rem guesses: 100 -show= 50 0:00:00:00 DONE : Expected count(s) (50) [!!!FAILED!!!]
mscash: One or more hashes rejected due to salt length limitation
form=lm guesses: 1503 -show=3000 0:00:00:00 DONE : Expected count(s) (1500)(-show3000) [!!!FAILED!!!]
form=pwdump_lm guesses: 1177 -show=2760 0:00:00:00 DONE : Expected count(s) (986)(-show2760) [!!!FAILED!!!]
form=hmacMD5 guesses: 1602 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=rakp guesses: 1602 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=BFegg guesses: 1502 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
.pot CHK:BFegg guesses: 1501 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=MSSql guesses: 1552 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=MSSql-8859-1 guesses: 1552 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=MSSql-8859-1-gen guesses: 1508 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=oracle guesses: 1602 -show=1500 0:00:00:01 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=netlm-l0phtcrack guesses: 1462 -show=1351 0:00:00:00 DONE : Expected count(s) (1351) [!!!FAILED!!!]
form=net-md5 (dyna) guesses: 1502 -show= 0 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=net-sha1 (dyna) guesses: 1502 -show= 0 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=net-md5 guesses: 1501 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=net-sha1 guesses: 1502 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=lotus5 guesses: 1503 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=epi guesses: 1602 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=raw-sha guesses: 1470 -show=1500 0:00:00:00 DONE : Expected count(s) (1464) [!!!FAILED!!!]
form=mssql-utf8 guesses: 1281 -show=1229 0:00:00:00 DONE : Expected count(s) (1229) [!!!FAILED!!!]
form=mschapv2-utf8 guesses: 1469 -show=1442 0:00:00:00 DONE : Expected count(s) (1442)(1500) [!!!FAILED!!!]
form=mschapv2-naive-utf8 guesses: 1560 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=netlmv2-utf8 guesses: 1560 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=netntlm-utf8 guesses: 1468 -show=1442 0:00:00:00 DONE : Expected count(s) (1442)(1500) [!!!FAILED!!!]
form=netntlm(l0phtcrack)-utf8 guesses: 1469 -show=1442 0:00:00:00 DONE : Expected count(s) (1442)(1500) [!!!FAILED!!!]
form=netntlm-naive-utf8 guesses: 1560 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=netntlm-naive(l0phtcrack)-ut guesses: 1560 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=netntlmv2-utf8 guesses: 1560 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=NT-utf8 guesses: 1535 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=NTv2-utf8 guesses: 1535 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=NT-raw-utf8 guesses: 1535 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=NTv2-raw-utf8 guesses: 1535 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=mscash-utf8 guesses: 1559 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=mssql05-utf8 guesses: 1533 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=oracle-utf8 guesses: 1591 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=raw-md5u-utf8 guesses: 1535 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=raw-md5u-raw-utf8 guesses: 1535 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=dynamic_29-raw-utf8 guesses: 1535 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=mssql-koi8r-gen guesses: 1504 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
Warning: SAP-F/G format should always be UTF-8.
Convert your input files to UTF-8 and use --input-encoding=utf8
form=SAP F/G guesses: 6888 -show=6794 0:00:00:00 DONE : Expected count(s) (6794) [!!!FAILED!!!]
form=sapB guesses: 1550 -show=1500 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
Some tests had Errors. Performed 289 tests.62 errors 3 errors reprocessing the .POT files
Time used was 989 secondsIn all most cases, the -show count matches the expected yet they are regarded as failed.
jfoug
commented
10 years ago Try again with this: 3ad0d9f
I changed the logic. I think the ( || ( && )) was wrong, and needed to be ( && && )
NOTE, this will not fix the 'most' issue. We may have to deal with things one by one on some cases.
As for the the -show=0, I have not had a chance to dig in yet. But you are seeing same behavior I see (sha0, net-sha, net-md5)
magnumripper
commented
10 years ago Yep, most are fine now.
$ ./jtrts.pl -noprel -q -pass=--fork=4
-------------------------------------------------------------------------------
- JtR-TestSuite (jtrts). Version 1.12.14, June 30, 2014. By, Jim Fougeron & others
- Testing: John the Ripper password cracker, version 1.8.0.2-bleeding-jumbo [darwin13.4.0 64-bit AVX-autoconf]
--------------------------------------------------------------------------------
.pot CHK:descrypt guesses: 1565 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
.pot CHK:descrypt guesses: 1516 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
mscash: One or more hashes rejected due to salt length limitation
form=net-md5 (dyna) guesses: 1501 -show= 0 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=net-sha1 (dyna) guesses: 1503 -show= 0 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=raw-sha guesses: 1470 -show=1500 0:00:00:00 DONE : Expected count(s) (1464) [!!!FAILED!!!]
Warning: SAP-F/G format should always be UTF-8.
Convert your input files to UTF-8 and use --input-encoding=utf8
Some tests had Errors. Performed 289 tests.3 errors 2 errors reprocessing the .POT files
Time used was 993 secondsThe DEScrypt pot checks are correct if (manually) using -show.
magnumripper
commented
10 years ago $ ../run/john -pot=./tst.pot dynamic_39_tst.in -show | tail
u1492-dynamic_39:Swordfish__18:1492:0:Swordfish__18::
u1493-dynamic_39:swordfish__18:1493:0:swordfish__18::
u1494-dynamic_39:limiey__18:1494:0:limiey__18::
u1495-dynamic_39:asdfasfga__18:1495:0:asdfasfga__18::
u1496-dynamic_39:flasjkdfw__18:1496:0:flasjkdfw__18::
u1497-dynamic_39:%72haba*(__18:1497:0:%72haba*(__18::
u1498-dynamic_39:start123__18:1498:0:start123__18::
u1499-dynamic_39:start1__18:1499:0:start1__18::
1500 password hashes cracked, 0 leftI can't see what is special with net-sha1 and net-md5. They are fine but show up as zero. Why them?
magnumripper
commented
10 years ago diff --git a/jtrts.pl b/jtrts.pl
index 27b69ab..0db6aa2 100755
--- a/jtrts.pl
+++ b/jtrts.pl
@@ -623,7 +623,15 @@ sub process {
my $cmdshow = "$JOHN_EXE -show -pot=$pot $ar[6] -form=$ar[7]";
#if ($ar[8] eq 'Y') { $cmdshow = "$cmdshow -form=$ar[7]"; }
#if ($ar[9] ne 'X') { $cmdshow = "$cmdshow $ar[9]"; }
+
+ ScreenOutVV("Execute john: $cmdshow\n");
+
my $cmd_show_data2 = `$cmdshow`;
+
+ # ok, now show stderr, if asked to.
+ if ($show_stderr == 1) { print $cmd_show_data2; }
+ ScreenOutVV("\n\nCmd_show_data2 = \n$cmd_show_data2\n\n");
+
my @cmd_show_lines = split(/\n/, $cmd_show_data2);
my $cmd_show_line = $cmd_show_lines[scalar (@cmd_show_lines) - 1];
my @orig_show_words = split(/\s/, $cmd_show_line);Select output:
Execute john: ../run/john -show -pot=./tst.pot dynamic_39_tst.in -form=net-md5
Cmd_show_data2 =
0 password hashes cracked, 0 leftThis is the problem: If using -show without a format or with -form:dynamic_39 we get 1500 cracked. But if we use -show -form=net-md5 we get "0 cracked out of 0". So this is some prepare/valid/split problem with these thin formats.
magnumripper
commented
10 years ago That patch above is committed as eeec46a
jfoug
commented
10 years ago The DEScrypt pot checks are correct if (manually) using -show.
-show was not added to .pot check. Looks like it will be needed there also. I was thinking it would not be, but my thinking was wrong.
jfoug
commented
10 years ago This is the problem: If using -show without a format or with -form:dynamic_39 we get 1500 cracked. But if we use -show -form=net-md5 we get "0 cracked out of 0". So this is some prepare/valid/split problem with these thin formats.
These 2 were those 1/2 thin formats (i.e. they dynamically use thick or thin depending upon needs). Obviously I have done something wrong in the formats.
jfoug
commented
10 years ago $ head tst.pot
$dynamic_39$4cdfb72a90ac15c7cd3aebe837bbeb69$oxy0Pte8t4TcguqQRJOOXUQoemNv7xPIL7SdE9Y1B2pUNAfRKaFceL75whfz:t00nv1ll3
$dynamic_39$a21fd6ab5e544af826dd949e7e10e961$jK3P45QDw6zZEunYCPakXwh9aODieL626tlrAeYBjv2s0hidUCkzVeSI9do9:1
$dynamic_39$748dce7e2da7c944132b71b4636126cf$vJgCGwjpcZUnK1RdcDT60olbpNdKBrbo7Oo3EJ1tCwjIYB2AkmeowcY1xNUY:Bert&Ernie```
$dynamic_39$c1659bfa8765fa051eeaba6a5b985bed$B6fX0yGaYlpVSLs967vBdkiWtqw4yYHOKYDQdQeaEU9xFES8B8htaUQxzx2m:password
$dynamic_39$e4f57dd91babe56dd6b216061c6ac24a$BYbAFrNb2iANz1OLHCCKkVlQs9ys6UQ8wBMrfk0CXKVh1oTqwywE8ZpT1FQT:test
$dynamic_39$cf683d4787ca2185bf2b78fbfb0ead49$PufNIJxerUsINflj8aUkw4681YORlQdhNM6MCayNOMVzeN8whWwP1srCOySV:letM▒inHmm, base-64 output ????
jfoug
commented
10 years ago The first run of these formats in TS is not using the thin format. They are simply using dynamic. Dynamic does not hex encode the salts, so things do not match. So when -show code adds the -format=net-md5, it is then using the thin format, and that fails in valid.
I just have to make valid work for dyna_39 also. Simple fix.
jfoug
commented
10 years ago new-md5 and net-sha1 were fixed in bleed-jumbo (and will also be fixed here, in the .dat file). They were NOT using the thin formats UNTIL we did the -show. Now I had to fix the 2 formats. I will change the .dat so that the 2nd runs use the thin format (simple add the 'Y' forced format)
94bf702 is the version of jumbo that fixes this.
jfoug
commented
10 years ago There was a 2nd jumbo patch to get things working for those 2 formats. 5cf1570
Now the TS has been updated to force the format for this dyna test 9956538
jfoug
commented
10 years ago Please test again with -fork. I have added -show to the .pot check in fd417d8
net-sha1 and net-md5 should also be fixed. I still have not looked into raw-sha0
magnumripper
commented
10 years ago $ ./jtrts.pl -noprel -pass=--fork=4 net-md5 net-sha1 descrypt
-------------------------------------------------------------------------------
- JtR-TestSuite (jtrts). Version 1.12.14, June 30, 2014. By, Jim Fougeron & others
- Testing: John the Ripper password cracker, version 1.8.0.2-bleeding-jumbo_omp [darwin13.4.0 64-bit AVX-autoconf]
--------------------------------------------------------------------------------
John Jumbo build detected.
form=descrypt guesses: 1625 0:00:00:00 DONE [PASSED]
.pot CHK:descrypt guesses: 1563 0:00:00:00 DONE [PASSED]
form=descrypt guesses: 1542 0:00:00:00 DONE [PASSED]
.pot CHK:descrypt guesses: 1515 0:00:00:00 DONE [PASSED]
form=net-md5 (dyna) guesses: 1503 0:00:00:00 DONE [PASSED]
.pot CHK:net-md5 (dyna) guesses: 1500 0:00:00:00 DONE [PASSED]
form=net-sha1 (dyna) guesses: 1503 0:00:00:00 DONE [PASSED]
.pot CHK:net-sha1 (dyna) guesses: 1500 0:00:00:00 DONE [PASSED]
form=net-md5 guesses: 1503 0:00:00:00 DONE [PASSED]
.pot CHK:net-md5 guesses: 1500 0:00:00:00 DONE [PASSED]
form=net-sha1 guesses: 1503 0:00:00:00 DONE [PASSED]
.pot CHK:net-sha1 guesses: 1500 0:00:00:00 DONE [PASSED]
All tests passed without error. Performed 6 tests. Time used was 9 seconds:+1:
jfoug
commented
10 years ago raw-sha0 problem (dupes) fixed: 08034fe
I think if we get -fork testing properly (and MPI), that we can close this issue.
NOTE, we might want to open another issue about passing possibly -passthru items over to the -show run (i.e. opencl, or other, I think). But this thread is not the right place for that, IMHO.
jfoug
commented
10 years ago lol, I show the crypt count, even it if does not match. I guess that is ok, as long as you know that it is simply a side effect of fork, and THAT -show has validated that exactly 1500 of the hashes were properly cracked.
magnumripper
commented
10 years ago I see new problems now. This is after all recent salt cleaning fixes though...
$ LWS=64 GWS=256 ./jtrts.pl -nop -q --pass="-fork=4 -dev=cpu"
-------------------------------------------------------------------------------
- JtR-TestSuite (jtrts). Version 1.12.14, June 30, 2014. By, Jim Fougeron & others
- Testing: John the Ripper password cracker, version 1.8.0.2-bleeding-jumbo [darwin13.4.0 64-bit AVX-autoconf]
--------------------------------------------------------------------------------
mscash: One or more hashes rejected due to salt length limitation
mscash: One or more hashes rejected due to salt length limitation[PASSED]
form=Netscreen_MD5 guesses: 0 -show= 0 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
form=BFegg guesses: 0 -show= 0 0:00:00:00 DONE : Expected count(s) (1500) [!!!FAILED!!!]
sh: line 1: 28916 Segmentation fault: 11 ../run/john -ses=./tst -fork=4 -dev=cpu -pot=./tst.pot netntlm_tst.in --wordlist=pw.dic 2>&1 > /dev/null
form=netntlm guesses: 0 -show= 0 unk unk : Expected count(s) (1500) [!!!FAILED!!!]
sh: line 1: 28921 Segmentation fault: 11 ../run/john -ses=./tst -fork=4 -dev=cpu -pot=./tst.pot l0phtcrack_tst.in --wordlist=pw.dic -form=netntlm 2>&1 > /dev/null
form=netntlm-l0phtcrack guesses: 0 -show= 0 unk unk : Expected count(s) (1500) [!!!FAILED!!!]
sh: line 1: 28924 Segmentation fault: 11 ../run/john -ses=./tst -fork=4 -dev=cpu -pot=./tst.pot netntlm_tst.in --wordlist=pw.dic 2>&1 > /dev/null
form=netntlm-naive guesses: 0 -show= 0 unk unk : Expected count(s) (1500) [!!!FAILED!!!]
sh: line 1: 29017 Segmentation fault: 11 ../run/john -ses=./tst -fork=4 -dev=cpu -pot=./tst.pot net-md5_tst.in --wordlist=pw.dic 2>&1 > /dev/null
form=net-md5 guesses: 0 -show= 0 unk unk : Expected count(s) (1500) [!!!FAILED!!!]
sh: line 1: 29020 Segmentation fault: 11 ../run/john -ses=./tst -fork=4 -dev=cpu -pot=./tst.pot net-sha1_tst.in --wordlist=pw.dic 2>&1 > /dev/null
form=net-sha1 guesses: 0 -show= 0 unk unk : Expected count(s) (1500) [!!!FAILED!!!]
sh: line 1: 29023 Segmentation fault: 11 ../run/john -ses=./tst -fork=4 -dev=cpu -pot=./tst.pot mschapv2_tst.in --wordlist=pw.dic -form=mschapv2 2>&1 > /dev/null
form=mschapv2 guesses: 0 -show= 0 unk unk : Expected count(s) (1500) [!!!FAILED!!!]
sh: line 1: 29240 Segmentation fault: 11 ../run/john -ses=./tst -fork=4 -dev=cpu -pot=./tst.pot mschapv2_tst_utf8.in --wordlist=pw-utf8.dic -form=mschapv2 -enc=utf8 2>&1 > /dev/null
form=mschapv2-utf8 guesses: 0 -show= 0 unk unk : Expected count(s) (1442)(1500) [!!!FAILED!!!]
sh: line 1: 29274 Segmentation fault: 11 ../run/john -ses=./tst -fork=4 -dev=cpu -pot=./tst.pot netntlm_tst_utf8.in --wordlist=pw-utf8.dic -form=netntlm -enc=utf8 2>&1 > /dev/null
form=netntlm-utf8 guesses: 0 -show= 0 unk unk : Expected count(s) (1442)(1500) [!!!FAILED!!!]
sh: line 1: 29281 Segmentation fault: 11 ../run/john -ses=./tst -fork=4 -dev=cpu -pot=./tst.pot l0phtcrack_tst_utf8.in --wordlist=pw-utf8.dic -form=netntlm -enc=utf8 2>&1 > /dev/null
form=netntlm(l0phtcrack)-utf8 guesses: 0 -show= 0 unk unk : Expected count(s) (1442)(1500) [!!!FAILED!!!]
sh: line 1: 29499 Segmentation fault: 11 ../run/john -ses=./tst -fork=4 -dev=cpu -pot=./tst.pot mschapv2_tst_koi8r.in --wordlist=pw-koi8r.dic -form=mschapv2 -enc=koi8r 2>&1 > /dev/null
form=mschapv2-koi8r guesses: 0 -show= 0 unk unk : Expected count(s) (1500) [!!!FAILED!!!]
sh: line 1: 29535 Segmentation fault: 11 ../run/john -ses=./tst -fork=4 -dev=cpu -pot=./tst.pot netntlm_tst_koi8r.in --wordlist=pw-koi8r.dic -form=netntlm -enc=koi8r 2>&1 > /dev/null
form=netntlm-koi8r guesses: 0 -show= 0 unk unk : Expected count(s) (1500) [!!!FAILED!!!]
sh: line 1: 29539 Segmentation fault: 11 ../run/john -ses=./tst -fork=4 -dev=cpu -pot=./tst.pot l0phtcrack_tst_koi8r.in --wordlist=pw-koi8r.dic -form=netntlm -enc=koi8r 2>&1 > /dev/null
form=netntlm(l0phtcrack)-koi8r guesses: 0 -show= 0 unk unk : Expected count(s) (1500) [!!!FAILED!!!]
Warning: SAP-F/G format should always be UTF-8.
Convert your input files to UTF-8 and use --input-encoding=utf8
Warning: SAP-F/G format should always be UTF-8. 0:00:00:00 DONE [PASSED]
Convert your input files to UTF-8 and use --input-encoding=utf8
Some tests had Errors. Performed 289 tests.14 errors
Time used was 553 secondsNone of the above problems are seen when not using -fork. That is very odd, it really should not matter.
magnumripper
commented
10 years ago This is VERY odd:
$ ../run/john -ses=./tst -dev=cpu -pot=./tst.pot ns_tst.in --wordlist=pw.dic
Loaded 1500 password hashes with 1484 different salts (md5ns, Netscreen [MD5 32/64])
(cracks all)
$ ../run/john -ses=./tst -fork=4 -dev=cpu -pot=./tst.pot ns_tst.in --wordlist=pw.dic
Warning: excessive partial hash collisions detected
Loaded 1500 password hashes with 1484 different salts (md5ns, Netscreen [MD5 32/64])
(cracks none)I bet the new self-test thrashes something. But why only under -fork ?
magnumripper
commented
10 years ago OK this has nothing to do with recent changes and it has nothing to do with TS. It's a very weird bug, opening a new issue for it. https://github.com/magnumripper/JohnTheRipper/issues/755
TS is fine. Closing.
Even with the recent changes to make -passthru --fork work, there are many "FAILED" tests, because the same password might get cracked more than once. This occurs if the word list contains words that are to long for the format, but after truncation produce a valid password.
The result is something like this:
So, instead of reading the guesses from the status lines (one per process), jtrts should call
and get the number of cracked paswords from the --show status line.