Post by Solar DesignerPost by Royce WilliamsI'm working on a Hashkiller Rosetta Stone (a list of upload formats
supported by Hashkiller, and how to use those modes in hashcat, john, and
MDXfind.)
https://gist.github.com/roycewilliams/28a9e940e7cd37268ceeac4962bda757
Any help/tips appreciated. I don't know the underlying algorithm of many
product-specific formats, so I'm almost certainly missing some obvious ones.
It'd help if you list example hashes, preferably all for a fixed
password like "password", so that you don't need to list the
corresponding different plaintext passwords as well.
It would also help if you would use another syntax for those "generic"
algorithms.
Currenntly, it is unclear whether MD5-MD5SALTMD5PASS means
md5(md5(salt).md5(pass)) or not.
Post by Solar DesignerJtR supports command-line dynamic formats now (and has been for a couple
of years, due to work by Jim), so most if not all of your "unsupported"s
are actually supported at least in this way.
Yes, you can combine several basic hash functions, use password and/or
sewveral salts, even constant expressions, etc.
Check doc/DYNAMIC*,especially doc/DYNAMIC_COMPILER_FORMATS.md.
Post by Solar DesignerThose command-line dynamics typically allow for a higher password
length, too. For example, when experimenting with Update 2 from
https://haveibeenpwned.com/Passwords I found that "--external=Repeats"
cracks plenty of passwords of lengths up to 109 (and I've just tested
that it cracks 110 too, but not 111 - as expected) with
"--format=dynamic='sha1($p)'", whereas "--format=raw-sha1" only goes up
to length 55 (also as expected).
But the dynamic_* formats are usually somewhat faster than the
dynamic='<expression>'.
Post by Solar DesignerPost by Royce WilliamsMy future ambition is to expand this concept to be a Rosetta Stone for the
superset of all formats supported by any known product. Small steps first.
:)
Cool. With JtR's command-line dynamics, its list of supported formats
is sort of "infinite", though. ;-)
You even get basic bash completion support for the dynamic-formats:
$ ./john --format=dynamic=[tab][tab]
lists these possible completions:
$ ./john --format=dynamic=
gost\( haval192_5\( md2\( sha1_64\( skein224\(
haval128_3\( haval224_3\( md4\( sha224\( skein256\(
haval128_4\( haval224_4\( md5\( sha256\( skein384\(
haval128_5\( haval224_5\( panama\( sha384\( skein512\(
haval160_3\( haval256_3\( ripemd128\( sha3_224\( tiger\(
haval160_4\( haval256_4\( ripemd160\( sha3_256\( whirlpool\(
haval160_5\( haval256_5\( ripemd256\( sha3_384\(
haval192_3\( keccak_256\( ripemd320\( sha3_512\(
haval192_4\( keccak_512\( sha1\( sha512\(
The \ is needed unless you quote the expression. I'll see whether I
manage to support bash completion even for --format='dynamic= or
--format=dynamic'= etc. Then I can drop the backslashes.
If you quote the expression, it could look like this:
$ ../run/john -test -form:dynamic='sha1(md5(md4($p.$s).$s2))'
Benchmarking: dynamic=sha1(md5(md4($p.$s).$s2)) [128/128 AVX 4x1]... DONE
Many salts: 5243K c/s real, 5243K c/s virtual
Only one salt: 4813K c/s real, 4813K c/s virtual
($s is the first salt, $s2 a second salt in that example)
Frank