Installation under Ubuntu 18.04.4 LTS about johnny HOT 37 CLOSED

I'm not sure anyone tested Johnny with John as a snap. @solardiz any idea if that is the case?

Probably it is - I doubt anyone has tested this combination before.

@shinnok If you have time, can you please start working on getting Johnny into the main bleeding-jumbo tree (and built along with John if the corresponding build dependencies are found by configure)? Then I'd expect @claudioandre-br's next update of the Snap packages to include Johnny as a standard feature.

python: can't open file '/snap/bin/hccap2john.py': [Errno 2] No such file or directory

Apparently, this program is to be invoked as john-the-ripper.hccap2john in the Snap package.

from johnny.

I managed to make it run using the graphical interface of Qt, however now I get this error:

Conversion failed
python: can't open file '/snap/bin/hccap2john.py': [Errno 2] No such file or directory

from johnny.

Hi,

Did you install John via Snapcraft? I'm not sure anyone tested Johnny with John as a snap. @solardiz any idea if that is the case?

from johnny.

I installed it using snap as it was a suggestion at some website. But I don't mind installing it in another way as long as you can give me instructions for dummies because I am a new user to Linux.

from johnny.

• hccap2john is a binary (so, it is exported as the public alias john-the-ripper.hccap2john )
• hccapx2john.py is a python file (BTW: note the X). The snap package is NOT a python snap (or a lua snap). So, the snap itself can't run python code.

If the user has python, lua, perl, ..., installed, he/she can run all these scripts (interpreted code). E.g.:

$ /snap/john-the-ripper/current/run/hccapx2john.py 
usage: hccapx2john.py [-h] [-nc NC] [--no-mp] hccapx
hccapx2john.py: error: too few arguments

from johnny.

Even when the file john is at /snap/john-the-ripper/current/run/john is there it doesn't see it.

from johnny.

Even when the file john is at /snap/john-the-ripper/current/run/john is there it doesn't see it.

Are you saying johnny can't run john binary? Even when you set JtR location properly? I don't know why:

$JOHN is ok in the snap.

System-wide exec: /snap/john-the-ripper/current/run
System-wide home: /snap/john-the-ripper/current/run
Private home: ~/.john
OMP fallback binary: john-sse2-non-omp
$JOHN is /snap/john-the-ripper/current/run/

from johnny.

ClaudioAndre could you please give me some step by step instructions for dummies? So we can troubleshoot this. Thanks

from johnny.

from johnny.

About johnny? I afraid I'm not the best person to do that.

from johnny.

Yes. Who should I ask then? I've been trying to use Hashcat gui as well but I couldn't make it to work

from johnny.

Yes. Who should I ask then? I've been trying to use Hashcat gui as well but I couldn't make it to work

@shinnok, @solardiz? Are you guys able to help? Should @lw3eov use john-users? I agree that 2john tools will fail. But, why john itself is failing? I can't understand.

@lw3eov: Have you tested the snap? Is it working properly?

from johnny.

@lw3eov: Can you start your cracking session using the snap in the CLI?

• To start cracking and to be sure the snap package is working properly.

from johnny.

Even when the file john is at /snap/john-the-ripper/current/run/john is there it doesn't see it.

Ops, on a second thought, this is wrong. You MUST access the snap binaries using their aliases. So, you have to use:

• john OR
• john-the-ripper

If anyone says path is mandatory inside johnny, you will need to link to the aliases in /snap/bin/. NEVER to the binary itself.

from johnny.

do you mean if this works:?

m@m-desktop:/snap/john-the-ripper/current/run$ sudo python hccapx2john.py /home/m/Downloads/john-1.9.0-jumbo-1/24229_1585779530.hccapx > /home/m/Downloads/crackme

it genrates a 0 byte the file crackme

but if I run from this folder:

m@m-desktop:~/Downloads/john-1.9.0-jumbo-1/run$ python hccapx2john.py 24229_1585779530.hccapx > miarchivo

it generates a 43 bytes crackme file

and then:

m@m-desktop:~/Downloads/john-1.9.0-jumbo-1/run$ john miarchivo
2020/04/03 12:14:53.074312 system_key.go:126: cannot determine nfs usage in generateSystemKey: cannot parse /etc/fstab: expected between 3 and 6 fields, found 7
Warning: detected hash type "wpapsk", but the string is also recognized as "wpapsk-pmk"
Use the "--format=wpapsk-pmk" option to force loading these as that type instead
Using default input encoding: UTF-8
Loaded 66 password hashes with 33 different salts (wpapsk, WPA/WPA2/PMF/PMKID PSK [PBKDF2-SHA1 128/128 XOP 4x2])
Cost 1 (key version [0:PMKID 1:WPA 2:WPA2 3:802.11w]) is 2 for all loaded hashes
Will run 8 OpenMP threads
Note: Minimum length forced to 2 by format
Proceeding with single, rules:Single
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:06 10.88% 1/3 (ETA: 12:15:48) 0g/s 9010p/s 9010c/s 18020C/s fibertel4ghz4..fibertel26
Session aborted

from johnny.

I wrote /snap/bin/john-the-ripper in the path at johnnny and it is not giving me the error anymore! thanks

from johnny.

however I am not finding many tutorials/documentation on how to crack wpa/wpa2, when I open the file I get what you can see in the image, should I leave all checked? why so many rows? If I click on start new attack it looks like nothing happens, the cores of my processor are idle and the start new attack button is still available while pause is greyed out

from johnny.

m@m-desktop:/snap/john-the-ripper/current/run$ sudo python hccapx2john.py /home/m/Downloads/john-1.9.0-jumbo-1/24229_1585779530.hccapx > /home/m/Downloads/crackme

it genrates a 0 byte the file crackme

The command above should work. BTW: sudo is not necessary. I tested it here:

claudio@HP-Notebook:/snap/john-the-ripper/current/run$ python hccapx2john.py
usage: hccapx2john.py [-h] [-nc NC] [--no-mp] hccapx
hccapx2john.py: error: too few arguments

from johnny.

Looking at the output below, I would say everything is ok in your machine. You are cracking your WPA stuff.

m@m-desktop:~/Downloads/john-1.9.0-jumbo-1/run$ john miarchivo
2020/04/03 12:14:53.074312 system_key.go:126: cannot determine nfs usage in generateSystemKey: cannot parse /etc/fstab: expected between 3 and 6 fields, found 7
Warning: detected hash type "wpapsk", but the string is also recognized as "wpapsk-pmk"
Use the "--format=wpapsk-pmk" option to force loading these as that type instead
Using default input encoding: UTF-8

Loaded 66 password hashes with 33 different salts (wpapsk, WPA/WPA2/PMF/PMKID PSK [PBKDF2-SHA1 128/128 XOP 4x2])
Cost 1 (key version [0:PMKID 1:WPA 2:WPA2 3:802.11w]) is 2 for all loaded hashes
Will run 8 OpenMP threads
Note: Minimum length forced to 2 by format
Proceeding with single, rules:Single
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:06 10.88% 1/3 (ETA: 12:15:48) 0g/s 9010p/s 9010c/s 18020C/s fibertel4ghz4..fibertel26
Session aborted

Do you have any hint about the password?

from johnny.

That is when I run John in terminal but not when I run Johnny (GUI). I know the password for this file, it is 0142082734, that is why I choosed it for testing the software. I am still lost with Johnny (GUI). Any video tutorials somewhere? I can't find them! Thanks

from johnny.

To assure everything is ok with JtR snap, you can run something like this:

john miarchivo --mask=?d --min-len=10 --max-len=10

If you can't wait, something like this:

john miarchivo --mask=0142082?d?d?d

from johnny.

$john miarchivo --mask=0142082?d?d?d
2020/04/04 18:16:07.646840 system_key.go:126: cannot determine nfs usage in generateSystemKey: cannot parse /etc/fstab: expected between 3 and 6 fields, found 7
Warning: detected hash type "wpapsk", but the string is also recognized as "wpapsk-pmk"
Use the "--format=wpapsk-pmk" option to force loading these as that type instead
Using default input encoding: UTF-8
Loaded 33 password hashes with 33 different salts (wpapsk, WPA/WPA2/PMF/PMKID PSK [PBKDF2-SHA1 128/128 XOP 4x2])
Cost 1 (key version [0:PMKID 1:WPA 2:WPA2 3:802.11w]) is 2 for all loaded hashes
Will run 8 OpenMP threads
Note: Minimum length forced to 2 by format
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:00 N/A 0g/s 7692p/s 253846c/s 253846C/s 0142082654..0142082777
Session completed

from johnny.

It seems it is working.

1. Loaded 66 password hashes with 33 different salts (wpapsk, WPA/WPA2/PMF/PMKID PSK [PBKDF2-SHA1 128/128 XOP 4x2])

Versus

2. Loaded 33 password hashes with 33 different salts (wpapsk, WPA/WPA2/PMF/PMKID PSK [PBKDF2-SHA1 128/128 XOP 4x2])

Run john --show miarchivo to see cracked hashes.

If you disagree, please, submit a bug report in https://github.com/magnumripper/JohnTheRipper/. Please share the file 24229_1585779530.hccapx in the OP.

from johnny.

$ john --show miarchivo
2020/04/04 19:37:17.183686 system_key.go:126: cannot determine nfs usage in generateSystemKey: cannot parse /etc/fstab: expected between 3 and 6 fields, found 7
0 password hashes cracked, 66 left

from johnny.

Please open a bug report for JtR and share the file 24229_1585779530.hccapx in the OP.

from johnny.

At https://github.com/shinnok/johnny/ ?

from johnny.

At https://github.com/shinnok/johnny/ ?

No, at https://github.com/magnumripper/JohnTheRipper/

from johnny.

Posted

from johnny.

OK, now that I sorted (I think) JtR, let's continue with this discussion about Johnny. /snap/bin/john-the-ripper is in settings and it is saying: Detected John the Ripper 1.9.0-jumbo-1 OMP [linux-gnu 64-bit x86_64 XOP AC]
I loaded sniff.in and it shows up user, hash, formats, GECOS.
At options: Current hash format: Default () I cannot see anything detected as other times.
mask: 01420?d?d?d?d?d
I click on start new attack, on logs I can see this:
[19:21:21] /snap/bin/john-the-ripper --mask=01420?d?d?d?d?d --session=/home/m/.john/sessions/04-05-20-19-21-21 /home/m/Desktop/sniff.in
system_key.go:126: cannot determine nfs usage in generateSystemKey: cannot parse /etc/fstab: expected between 3 and 6 fields, found 7
Warning: detected hash type "wpapsk", but the string is also recognized as "wpapsk-pmk"
Use the "--format=wpapsk-pmk" option to force loading these as that type instead
Using default input encoding: UTF-8
open: /home/m/.john/sessions/04-05-20-19-21-21.log: Permission denied

from johnny.

@lw3eov I've read the backlog here and at @magnumripper's fork. The discussion is too confusing. It would be best if you did not use Johnny (the GUI) with snap John the Ripper (the command-line tools) for the moment, since it has not been tested in that combination yet.

from johnny.

This thread explains why I had a feeling the other day there was some history I was missing in openwall/john#4243 😆

@shinnok it's about time we throw Johnny into the main tree! It will burst into a bunch of user issues but hey, we're on lockdown anyway so why not.

from johnny.

BTW, I'd love to move to github.com/openwall and lose some of my divine powers to Solar

from johnny.

@shinnok In that case please help me to install JtR without using snap so I can use it with Johnny, as all the guides I've found did not work for me

from johnny.

@lw3eov what I can recommend is to follow these steps:

1. Install JtR Jumbo command-line tool using:
   https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/doc/INSTALL-UBUNTU
2. Install Johnny GUI using the instructions here:
   https://github.com/shinnok/johnny/blob/master/INSTALL
3. Use hccap2john.py manually to load the WPA hashes into John:
   https://openwall.info/wiki/john/WPA-PSK
   A quick primer on using John:
   https://www.openwall.com/john/doc/
4. Use the GUI then if you find it working and more convenient. You still might learn more by using John at the command line.

The INSTALL readme file for Johnny also gives the overall strategy you should use for proceeding. Let us know if you stumble on any steps then, with precise error details and steps taken.

For help on how to use John on a more general level, please do your best to research on the web beforehand and use the john-users mailing list where other experienced users might help you.

from johnny.

@shinnok EXCELLENT! Instructions at point 1 worked. Then I tried the Johnny GUI I have installed already, with /home/m/src/john/run/john as the location of the executable, I loaded a .in file I had already and it gave me this in the log which I think it shows everything is working, however: where is the found password?

[11:19:07] /home/m/src/john/run/john --mask=0142082?d?d?d
--session=/home/m/.john/sessions/04-07-20-11-19-07 /home/m/src/john/run/sssn.in
Warning: detected hash type "wpapsk", but the string is also recognized as "wpapsk-pmk"
Use the "--format=wpapsk-pmk" option to force loading these as that type instead
Loaded 1 password hash (wpapsk, WPA/WPA2/PMF/PMKID PSK [PBKDF2-SHA1 128/128 XOP 4x2])
Using default input encoding: UTF-8
Will run 8 OpenMP threads
Note: Minimum length forced to 8 by format
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:00 N/A 0g/s 7142p/s 7142c/s 7142C/s 0142082654
..0142082777

Session completed.

from johnny.

If the plain-text has indeed been found then it should show up when doing:
john --show /home/m/src/john/run/sssn.in

See more examples of how to use john CLI here:
https://www.openwall.com/john/doc/EXAMPLES.shtml

In Johnny, it should show up in the Password column.

from johnny.

I'm marking this ticket resolved as the original issue has been addressed. If you encounter further issues please feel free to open another one.

from johnny.