Thanks Steve.. for getting me.. Rather what I wanted was What kinda format of the passwd file does John Expect? Ok as you said..."it would probably be prudent to read it." , I will do that.. :) Regards, Nikhil > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx]On Behalf Of Steve Phillips > Sent: Tuesday, January 25, 2005 1:15 AM > To: General Red Hat Linux discussion list > Subject: Re: decrypting htpasswd > > > On Mon, 24 Jan 2005, Benjamin J. Weiss wrote: > > > Mulley, Nikhil wrote: > > > >> [I am not talking abt Cracking..] This is however to say > that I ensure my > >> security and warn others abt their security as well.. > >> as earlier said ..the password file has two fields... > >> Username:Password > >> the password is in DES (hashed)Encryption format.. > >> so I think there is a way to Rip it with John... > >> > > 1) If you intentionally acquired this file without the > permission of the > > server's owner, you have violated federal law. > > 2) If you accidentally acquired this file and then attempt > to crack the > > password, you have violated federal law. > > Except that the world is not the USA and there are still many > countries > where this is entirely legal, or does not fall under > "federal" law. While > his originating IP appears to be in Calafornia, he may > actually be on the > other side of the world. > > Morally your arguments hold up but claiming this on an international > mailing list is a little silly. > > > If you truly came upon this file accidentally and you want > to warn the owners > > about their security, simply give them a copy of the file > you captured and > > then delete it. > > > > I work for a state law-enforcement agency. If you wish > assistance in > > contacting the server owners, please contact me off-list. > > There are actually rather legitimate reasons for wanting to crack a > password file. this may be the only record of a password used by a > previous employee who has locked other records with the same > password but > the hash is in a more secure form *shrug* who knows. > > To answer the original question - generally John the ripper > requires the > password files to be in a specific format (when I last used > it it was unix > password file format) which means that you may need to move > the hash into > a pseudo password type file and tell john the ripper to try > cracking it. > The information you require is all in the John the Ripper > documentation, > it would probably be prudent to read it. > > It would also be a good idea to get a dictionary list > together (google if > you dont have one) which john can use against the hash whcih > may speed > things up significantly if the password is based on a > dictionary word. > Otherwise be prepared for a long wait, typically an 8 character DES > encrypted password with numbers, punctuation and upper/lower > case letters > will take around 3-6 months to crack (higher end PC's > obviously will do > this slightly faster) > > HTH, > > -- > Steve. > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
