Hash Types for John the Ripper

Saturday, January 14, 2012

Rob Fuller

D8853ae281be8cfdfa18ab73608e8c3f

Pentest Monkey is a great resource for a lot of things. One of which is this:

I used it, plus a bit of bash fu to try to figure out some hashes that I was trying to crack.

Step 1: Create file of supported hash types. For me, that was simple I just threw the following in 'supported_types.txt' in the same directory as John.

    DES
    BSDI
    MD5
    BF
    AFS
    LM
    NT
    XSHA
    PO
    raw-MD5
    MD5-gen
    IPB2
    raw-sha1
    md5a
    hmac-md5
    phpass-md5
    KRB5
    bfegg
    nsldap
    ssha
    openssha
    oracle
    oracle11
    MYSQL
    mysql-sha1
    mscash
    lotus5
    DOMINOSEC
    NETLM
    NETNTLM
    NETLMv2
    NETNTLMv2
    NETHALFLM
    mssql
    mssql05
    epi
    phps
    mysql-fast
    pix-md5
    sapG
    sapB
    md5ns
    HDAA

Then it's as simple as issuing:

cat supported_types.txt | xargs -t -I type ./john --pot=unknownhash.pot --wordlist=shortlist.txt --format=type hashfile.txt

That will essentially try each of the types on the hash file. It's important to use a wordlist, and probably a small one initially because if you don't, John will not finish once it gets to the first hash type that it accepts, which may not actually be correct.

You can take this a step further and create a hash mangler script that takes a clean hash and adds the few prefixes and suffixes that are common on Pentest Monkey's list to get the most odds at John picking it up.

Cross-posted from Room 362

Possibly Related Articles:
21844
Network->General
Information Security
cracking Hacking Penetration Testing Hash Network Security Word Lists John the Ripper Pentesting Pentest Monkey Rob Fuller
Post Rating I Like this!
Default-avatar
Carlson lson From so many days, I am searching for the person who writes best essays writing tips and best online writing services for good education. Now I got the write blog which provides halpful information for me in writing services. This blog is given very interesting and also provides services for our education life. Thank you so much to this blog.
1422964912
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.