Does john the ripper not support yescrypt?

Question

I'm learning about password attacks using john and am trying to use it for bruteforcing my shaddow file. I created a user called newuser with password stuff and then used

sudo unshadow /etc/passwd /etc/shadow > hashes

to join the passwd and shadow file in one file crackme.

I then tried using:

john -incremental -users:Terry crackme

But receive the following output:

Using default input encoding: UTF-8
No password hashes loaded (see FAQ)

the relevant portion of the crackme file is shown below:

newuser:$y$j9T$cIqS49coTGpKdScHGJeJC1$HLpGKzz.S9NKV1vKN1fjneWHsjrBfdpx3SG7TcjX.n2:1002:1002::/home/newuser:/bin/sh

According to my research, the first 2 characters after

newuser:

ie. $y indicates that these passwords are shaddowed using yescrypt. I tried searching the supported formats using

 john --list=formats | grep "yescrypt"

and it is not showing as supported. Could this be the reason?

epp · Answer 1 · 2021-11-16T19:26:14.737

Starting from Debian 11 / bullseye yescrypt is the default password hash so this will also work on recent builds of Debian derivative Kali Linux (kali-rolling):

sudo john /etc/shadow --format=crypt

which yields in the default login/pass (kali/kali) configuration the following:

Using default input encoding: UTF-8
Loaded 1 password hash (crypt, generic crypt(3) [?/64])
Cost 1 (algorithm [1:descrypt 2:md5crypt 3:sunmd5 4:bcrypt 5:sha256crypt 6:sha512crypt]) is 0 for all loaded hashes
Cost 2 (algorithm specific iterations) is 1 for all loaded hashes
Will run 6 OpenMP threads
Proceeding with single, rules:Single
Press 'q' or Ctrl-C to abort, almost any other key for status
kali             (kali)
1g 0:00:00:00 DONE 1/3 (2021-11-16 14:01) 2.702g/s 259.4p/s 259.4c/s 259.4C/s kali..kali999994
Use the "--show" option to display all of the cracked passwords reliably
Session completed

What's the specific question in this case? – securityOrange Nov 16 '21 at 23:17 — securityOrange, Nov 16 '21 at 23:17

score 3 · Accepted Answer · answered Jul 27 '21 at 21:13

3

Today, John the Ripper only supports yescrypt indirectly, on systems that use libxcrypt, through JtR's general crypt format, which invokes the system's crypt functions. Arch Linux is one platform that supports libxcrypt.

answered Jul 27 '21 at 21:13

Royce Williams

9,128
1
31
55

Does john the ripper not support yescrypt?

2 Answers2

Related