0

The hash I am trying to break is 279412f945939ba78ce0758d3fd83daa, it's part of a task for learning John. I created a file hash.txt using: echo -n 279412f945939ba78ce0758d3fd83daa > hash.txt.

Then, I tried running hashid over it and it gave me md2, md5 and md4 and many more.

So I used, ./john --wordlist=rockyou.txt --format=raw-md4 hashfile.txt

John returned:

Using default input encoding: UTF-8
Loaded 1 password hash (Raw-MD4 [MD4 256/256 AVX2 8x3])
Warning: no OpenMP support for this hash type, consider --fork=2
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:00 DONE (2021-06-07 05:21) 0g/s 19124Kp/s 19124Kc/s 19124KC/s  
filimani..clarus
Session completed.

Now, when I do: ./john --show hash.txt or ./john --show --format=raw-md4 hash.txt it gives:

0 password hashes cracked, 1 left

Question: What is the meaning of that filimani..clarus? is it the password? why --show is not registering it?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Sohail
  • 101
  • 1
  • And what happens when you use another hash type, like MD5? You say you tried one. Did you try the others? – schroeder Jun 07 '21 at 06:58
  • @schroeder Thanks for responding! I am more interested in understanding what the output means when we get terms like `filimani..clarus` or `!!1GOOD..CLARUS` or some other variant with Clarus. I am also interested in knowing how to generally proceed when one has many options from `hashid` – Sohail Jun 07 '21 at 07:02
  • You check the common hash types first. – schroeder Jun 07 '21 at 07:04
  • Hint: make sure you set JTR to use MD4 (not MD5), and make sure you have 'Eternity22` in the wordlist that you provide it. – mti2935 Dec 04 '21 at 17:43

1 Answers1

0

You tried john with MD4, but that's not a common hash type. MD5 is much more common. My guess is that you didn't try that option for john.

filimani..clarus are the range of words from the wordlist that it is checking.

So, it didn't show the password because it couldn't find the hash 279412f945939ba78ce0758d3fd83daa in the wordlist you supplied.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • thanks for your time! The command `./john --show --format=raw-md5 hash.txt` shows `0 password hashes cracked, 1 left`. It was not 'change of conditions but the use of the command. I found out the problem. The hash was of type `raw-md4` and john was having trouble since the correct string was not in the rockyou.txt, the wordlist being used. – Sohail Jun 07 '21 at 10:58
  • The plaintext string of that hash is in the rockyou.txt list. I still think there are factors here that you are not fully explaining. – schroeder Jul 07 '21 at 07:19