cracklord icon indicating copy to clipboard operation
cracklord copied to clipboard

Published 20 hours ago verified publisher icon jmmcatee

John's data not appearing

Open roo7break opened this issue 9 years ago • 12 comments

Hi, While running a job with JTR, the application is not able to pick up the status as its trying to find the .rec file. For some reason this file is not created in the right location and is also deleted automatically (somehow). This causes the resourced to return exit status 1 as its not able to find task with UUID (error 0093) even though the folder with the the UUID exists and there is a pot file with the cracked passwords.

roo7break avatar Sep 15 '15 12:09 roo7break

@jmmcatee - Any thoughts on this one?

emperorcow avatar Oct 10 '15 15:10 emperorcow

If you are referring to the time left to crack, then that is a bug I'm not sure how to fix at the moment. It might require us to drop Windows support because of how John handles Stdin. If you are talking about any status information, then it is likely an issue with the default john.ini file. I need to complete some testing on john and update the documentation.

jmmcatee avatar Oct 18 '15 07:10 jmmcatee

Is this still an issue for you @roo7break ?

jmmcatee avatar May 01 '16 20:05 jmmcatee

I can confirm that this issue is still present. John jobs do not present stats while the job is running, nor do they display successfully recovered plaintext in the web interface once the job is complete. I can view the .pot file in the job's directory and confirm that john has cracked some of the hashes. I can also see the status of the job as it's running in my resourced.log.

stumblebot avatar May 12 '16 21:05 stumblebot

So there were a few things wrong here. One is that there was a bug in the John status code. Basically if you are only cracking one hash, then once you find it the job stops. This then breaks the command that checks status, so the hash was never checked. The latest commit (a8c4692d19678aee67a0f42a5f5da7469772b424) should fix this. Additionally, status information should be work assuming you made some very poorly documented changes to the john.conf file. More information these changes can be found in the new tutorial John Tutorial. I will add them below for convienience.

The next step is to change the john.conf file that is used with one that will allow Cracklord to get status information from John.

  • Change Idle to Y
  • Change Save to 15
  • Change LogCrackedPasswords to Y

If those changes are made and you are running the latest code, then this should now work. Please note that John takes about 1-2 minutes to start display ETA, so that will not appear right away but my tests found it did come up after a bit. Please test and send me feedback.

Thanks!

jmmcatee avatar May 19 '16 05:05 jmmcatee

In my tests, I can't show the ETA and progress with John the ripper. If I execute "john --status=example.rec" the output is similar to

StatusMatch=[0g 0:00:08:30 0g/s 11531p/s 11531c/s 11531C/s 0 0:00:08:30 11531 C/s]

But if I execute directly the command, the output is similar to:

Loaded 1 password hash (md5crypt, crypt(3) $1$ [MD5 128/128 SSE4.1 12x]) Will run 2 OpenMP threads Press 'q' or Ctrl-C to abort, almost any other key for status 0g 0:00:00:26 0.00% (ETA: 2018-06-19 03:36) 0g/s 26988p/s 26988c/s 26988C/s Verdant..Verism

I tested in Windows and Ubuntu.

klingsor83 avatar May 30 '16 13:05 klingsor83

The status will not show up in Windows. For Ubuntu can you confirm you made the necessary changes to the John.conf file? Also how long did the crack run? On May 30, 2016 9:36 AM, "klingsor83" [email protected] wrote:

In my tests, I can't show the ETA and progress with John the ripper. If I execute "john --status=example.rec" the output is similar to

StatusMatch=[0g 0:00:08:30 0g/s 11531p/s 11531c/s 11531C/s 0 0:00:08:30 11531 C/s]

But if I execute directly the command, the output is similar to:

Loaded 1 password hash (md5crypt, crypt(3) $1$ [MD5 128/128 SSE4.1 12x]) Will run 2 OpenMP threads Press 'q' or Ctrl-C to abort, almost any other key for status 0g 0:00:00:26 0.00% (ETA: 2018-06-19 03:36) 0g/s 26988p/s 26988c/s 26988C/s Verdant..Verism

I tested in Windows and Ubuntu.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jmmcatee/cracklord/issues/83#issuecomment-222494309, or mute the thread https://github.com/notifications/unsubscribe/AAoUHHYZeWEVDln30MqG6DIXO639BFhwks5qGufugaJpZM4F9k43 .

jmmcatee avatar May 30 '16 14:05 jmmcatee

Yes. I installed the deb with the version 1.0-beta-29-gc5e2878_amd64.deb. Also, I recompiled John 1.8.0-jumbo-1 following your setup tutorial and I changed the john.conf with the values you indicated in the tutorial.

For testing, I used a simple md5-crypt: $1$364e1d82$hlPgM93BJY/PpJbJ/fdJT/ (plaint text is fr1endly).

With these changes, in the time to completion field I only see the message "Not Available".

klingsor83 avatar Jun 01 '16 15:06 klingsor83

Do you see "StatusStdout" in your logs? If your logs are set to debug then this should have the actual stdout of the john status call. I can see if you have some edge case for our parsing logic.

jmmcatee avatar Jun 01 '16 16:06 jmmcatee

Here are my logs:

2016-06-01 17:24:04.141983754 +0200 CEST debug Gathering task status task=b9112e36-cab6-4a4e-8aa5-ff3a276fb622 2016-06-01 17:24:04.224136581 +0200 CEST debug Stdout status return of john call StatusStdout=0g 0:00:11:45 0g/s 42101p/s 42101c/s 42101C/s

2016-06-01 17:24:04.224536766 +0200 CEST debug Regex match of john status call StatusMatch=[0g 0:00:11:45 0g/s 42101p/s 42101c/s 42101C/s 0 0:00:11:45 42101 C/s] 2016-06-01 17:24:04.224799975 +0200 CEST debug Speed calculated. mag=1 speed=42101

klingsor83 avatar Jun 02 '16 06:06 klingsor83

So the John output does not have an ETA there. Are you sure you are using the same john.conf file for both? Cracklord runs as a different user. If you 'su' into cracklord and execute John, does it give you the same output as if you run it as your own user? On Jun 2, 2016 2:40 AM, "klingsor83" [email protected] wrote:

Here are my logs:

2016-06-01 17:24:04.141983754 +0200 CEST debug Gathering task status task=b9112e36-cab6-4a4e-8aa5-ff3a276fb622 2016-06-01 17:24:04.224136581 +0200 CEST debug Stdout status return of john call StatusStdout=0g 0:00:11:45 0g/s 42101p/s 42101c/s 42101C/s

2016-06-01 17:24:04.224536766 +0200 CEST debug Regex match of john status call StatusMatch=[0g 0:00:11:45 0g/s 42101p/s 42101c/s 42101C/s 0 0:00:11:45 42101 C/s] 2016-06-01 17:24:04.224799975 +0200 CEST debug Speed calculated. mag=1 speed=42101

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jmmcatee/cracklord/issues/83#issuecomment-223208345, or mute the thread https://github.com/notifications/unsubscribe/AAoUHKTZpaf1hnP6fzxWBSD5EiHqidzwks5qHnrbgaJpZM4F9k43 .

jmmcatee avatar Jun 02 '16 11:06 jmmcatee

I created the user cracklord and if I execute the same command that the app.., I can get the ETA. This is the example:

cracklord@dev-92-2-crk:/var/cracklord/87e35388-5c3f-4317-9489-e19577a8f7ea$ /usr/bin/jtr/john --format=md5crypt --session=87e35388-5c3f-4317-9489-e19577a8f7ea --pot=87e35388-5c3f-4317-9489-e19577a8f7ea.pot --wordlist=/mnt/dicts/languages/english/english.txt --rules=all /var/cracklord/87e35388-5c3f-4317-9489-e19577a8f7ea/hashes.txt Loaded 1 password hash (md5crypt, crypt(3) $1$ [MD5 128/128 SSE4.1 12x]) Will run 2 OpenMP threads Press 'q' or Ctrl-C to abort, almost any other key for status 0g 0:00:00:05 0g/s 3455p/s 3455c/s 3455C/s ascript..ashlar's 0g 0:00:00:10 0.00% (ETA: 2029-11-27 06:43) 0g/s 6171p/s 6171c/s 6171C/s cotillion..cottonizes 0g 0:00:00:12 0.00% (ETA: 2029-05-26 01:15) 0g/s 6478p/s 6478c/s 6478C/s diorthosis..diphthonged

klingsor83 avatar Jun 02 '16 12:06 klingsor83