Discussion:
[john-users] Output Cracked Passwords Only
Erik Winkler
2018-07-12 20:16:23 UTC
Permalink
Can john output the cracked passwords only from the .pot file? no username, hash, etc.

The problem I have is some of the cracked passwords have a “:” in them and this makes parsing the standard —show output miss hundreds of passwords based on the colon delimiter.

Thanks,
Erik
Rich Rumble
2018-07-13 01:48:18 UTC
Permalink
Post by Erik Winkler
Can john output the cracked passwords only from the .pot file? no username, hash, etc.
The problem I have is some of the cracked passwords have a “:” in them and
this makes parsing the standard —show output miss hundreds of passwords
based on the colon delimiter.
Thanks,
Erik
It can be made to using a variety of tools, in linux "cut" is perfect to
pipe john output to...
./john -show passwords.txt |cut -d":" -f2
or
cat john.pot|cut -d":" -f2 (put in full path to john.pot)

if using windows (put in full path to john.pot in command below)
powershell "get-content john.pot | ForEach-Object {$_.split(':')[1]}

I'm not aware of a native way to output just the password.
There may be a way to use "stdout" and "loop" to do this, but I'm not sure
it's needed.
-rich
Solar Designer
2018-07-13 10:09:00 UTC
Permalink
Post by Erik Winkler
Can john output the cracked passwords only from the .pot file? no username, hash, etc.
I don't recall if jumbo possibly got a feature capable of this.
Post by Erik Winkler
The problem I have is some of the cracked passwords have a ???:??? in them and this makes parsing the standard ???show output miss hundreds of passwords based on the colon delimiter.
You need to use cut(1) like this:

./john --show passwd | cut -d: -f2-

Notice the extra trailing dash in the "-f2-". This way, everything
starting with field 2, and not just field 2 itself, is printed. This
will work for passwords containing a colon, but unfortunately it only
works right for our purpose when there are no further fields (such as
UID, GID, etc.) You can remove those extra fields from your input file
("passwd" in the above example) prior to the "--show":

cut -d: -f1,2 < passwd-many-fields > passwd-2-fields-only
./john --show passwd-2-fields-only | cut -d: -f2- > passwd-cracked-with-colons

This works because passwd-many-fields only contains hashes (not yet
cracked passwords) in the second field, which are supposed not to
contain colons.

There's also the "--field-separator-char" option to jumbo, but then
you'd potentially run into similar issues with that other character.

Alexander

Loading...