Information Security Asked by Canine on December 22, 2020
I am trying to hash a list of passwords with PBKDF2-HMAC-SHA1 and then crack them using John. However, John does not recognise the hashes and I get a No Hashes Found error. It works with SHA256, but I need PBKDF2-HMAC-SHA1. I have looked everywhere and have exhausted all my options. What is the correct format of PBKDF2-HMAC-SHA1 that is recognised by John and will let me crack it? Thanks in advance!
It's definitely supported, and definitely one of these format names (one for CPU, and the other for GPU):
$ john --list=formats | tr ',' 'n' | grep PBKDF2 | grep SHA1
PBKDF2-HMAC-SHA1
PBKDF2-HMAC-SHA1-opencl
At this point, it sounds more likely that your method of generating PBKDF2-HMAC-SHA1 is the issue here. Have you tried your attack against a "known good" hash? One that's easy to grab and almost certain to work is the example that ships with John itself:
$ john --list=format-details --format=PBKDF2-HMAC-SHA1
PBKDF2-HMAC-SHA1 125 16 128 01020003 22 PBKDF2-SHA1 128/128 AVX 4x 0x107 20 192 iteration count 0 $pbkdf2-hmac-sha1$1000.fd11cde0.27de197171e6d49fc5f55c9ef06c0d8751cd7250
... which should be crackable by dropping it into a file and running john against it:
$ cat test.hash
$pbkdf2-hmac-sha1$1000.fd11cde0.27de197171e6d49fc5f55c9ef06c0d8751cd7250
$ cat wordlist.txt
3956
$ john --format=PBKDF2-HMAC-SHA1 --wordlist=wordlist.txt test.hash
-rwxr-xr-x 1 royce royce 24690360 Jun 16 14:50 /usr/local/src/sec/crack/john-latest/run/john
Using default input encoding: UTF-8
Loaded 1 password hash (PBKDF2-HMAC-SHA1 [PBKDF2-SHA1 128/128 AVX 4x])
Cost 1 (iteration count) is 1000 for all loaded hashes
Will run 4 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
Warning: Only 1 candidate left, minimum 16 needed for performance.
3956 (?)
1g 0:00:00:00 DONE (2020-07-25 05:40) 4.347g/s 4.347p/s 4.347c/s 4.347C/s 3956
Use the "--show --format=PBKDF2-HMAC-SHA1" options to display all of the cracked passwords reliably
Session completed.
One common error is that, if you're trying to crack the hash on the command line directly and not attacking hashes within a file, depending on your operating system and shell, the '$' has special meaning to the shell (variable substitution) and results in the hash being mangled. Putting the hashes in a file, or putting appropriate quotes around the hash, or escaping the dollar signs (usually with a backslash), will address this issue.
If that's not it, then it's most likely that there's something wrong with how your hashes are being generated.
Correct answer by Royce Williams on December 22, 2020
2 Asked on December 24, 2021
2 Asked on December 24, 2021
1 Asked on December 24, 2021
3 Asked on December 21, 2021 by user58446
1 Asked on December 19, 2021 by thelps
1 Asked on December 19, 2021 by j-tukes
11 Asked on December 17, 2021
2 Asked on December 17, 2021
1 Asked on December 15, 2021
1 Asked on December 15, 2021
compliance risk management software software engineering updates
1 Asked on December 15, 2021 by anon289837
6 Asked on December 12, 2021 by joel-gibson
1 Asked on December 12, 2021 by throwaway3201923
1 Asked on December 12, 2021
3 Asked on December 10, 2021
1 Asked on December 10, 2021
1 Asked on December 10, 2021 by a-security-researcher
0 Asked on December 10, 2021 by a-huzaifa
Get help from others!
Recent Answers
Recent Questions
© 2023 AnswerBun.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP