This wiki page is meant to be populated with sample password hash encoding strings and the corresponding plaintext passwords, as well as with info on the hash types. Relevant file formats (such as /etc/passwd, PWDUMP output, Cisco IOS config files, etc.) may also be mentioned.
See How to produce test hashes for various formats for how to generate arbitrary hashes yourself.
| Hash type | Username (if used as salt) | Hash encoding (often includes salt) | Plaintext | Support in JtR | “Format” name | Default on | Also supported on |
|---|---|---|---|---|---|---|---|
| DES crypt | rEK1ecacw.7.c | password | yes | des | ancient Unix-like, recent Solaris | all Unix-like, PHP 5.3.0+ | |
| BSDI crypt | _J9..K0AyUubDrfOgO4s | password | yes | bsdi | BSDI BSD/OS | all *BSD, some Linux, PHP 5.3.0+ | |
| bigcrypt | qiyh4XPJGsOZ2MEAyLkfWqeQ | passphrase | yes (split) | des | ? | HP-UX, OSF/1, Digital Unix, Tru64 | |
| crypt16 | qi8H8R7OM4xMUNMPuRAZxlY. | passphrase | 1.7.6+ if supported by the underlying OS (have to add -DHAVE_CRYPT) | crypt | ? | Ultrix | |
| MD5 crypt | $1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/ | password | yes | md5 | FreeBSD, NetBSD, many Linux, Cisco IOS | OpenBSD, almost all Linux, PHP 5.3.0+ | |
| SHA-256 crypt | $5$MnfsQ4iN$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5 $5$rounds=5000$usesomesillystri$KqJWpanXZHKq2BOB43TSaYhEWsQ1Lr5QNyPCDH/Tp.6 | password rasmuslerdorf | 1.7.6+ if supported by the underlying OS | crypt | recent Ubuntu, recent Fedora | glibc 2.7+, PHP 5.3.2+, some Solaris 10+ | |
| SHA-512 crypt | $6$zWwwXKNj$gLAOoZCjcr8p/.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcVEJLT/rSwZcDMlVVf/bhf.1 $6$rounds=5000$usesomesillystri$D4IrlXatmP7rx3P3InaxBeoomnAihCKRVQP22JZ6EY47Wc6BkroIuUUBOov1i.S5KPgErtP/EN5mcO.ChWQW21 | password rasmuslerdorf | 1.7.6+ if supported by the underlying OS | crypt | recent Ubuntu, recent Fedora | glibc 2.7+, PHP 5.3.2+, some Solaris 10+ | |
| bcrypt | $2a$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe | password | yes | bf | OpenBSD | recent *BSD, some Linux, Solaris 10+, PHP 5.3.0+ | |
| LM (LanMan) | 855c3697d9979e78ac404c4ba2c66533 | passphrase | yes (split) | lm | Windows NT, 2000, XP; Mac OS X 10.3 | Windows Vista, 7; Samba | |
| NTLM | $NT$7f8fe03093cc84b267b109625f6bbf4b | passphrase | Pro or jumbo patch | nt | Windows NT, 2000, XP, Vista, 7; Samba | ? | |
| Mac OS X salted SHA-1 | 0E6A48F765D0FFFFF6247FA80D748E615F91DD0C7431E4D9 | macintosh | Pro or jumbo patch | xsha | Mac OS X 10.4+ | ? | |
| Netscreen | admin | admin$nKv3LvrdAVtOcE5EcsGIpYBtniNbUn | netscreen | Jumbo patch needed | md5ns | All | N/A |
| Oracle | USER ALFREDO | 000EA4D72A142E29 EB026A76F0650F7B | #95LWEIGHTS CIAO2010 | Jumbo patch needed | oracle | Oracle 10 | Oracle 11g |
| SAP | DDIC | DDIC $C94E2F7DD0178374 (Username<space-padding-to-40>$HASHCODE) See File SAP-pw-test-for-user-DDIC.zip | DDIC | Jumbo patch needed | sapb | ? | ? |
| SAP | TEST_0001 | TEST_0001 $7369F1C8ECD6FCA1C6413F07408CA281C7A85EF0 (Username<space-padding-to-40>$HASHCODE) See File SAP-pw-test-file-for-TEST_0001.zip | NewPassword12$$ | Jumbo patch needed | sapg | ? | ? |
| Cisco Pix | rharris | zyIIMSYjiPm0L7a6 | phonehome | Jumbo patch needed | pix-md5 | All | N/A |
To have JtR load and crack these, the file must have the /etc/passwd format. (For LM and NTLM hashes, the PWDUMP output format may also be used.) For example:
$ cat pw-bigcrypt user:qiyh4XPJGsOZ2MEAyLkfWqeQ $ cat w passphrase $ john --wordlist=w --rules pw-bigcrypt Loaded 2 password hashes with 2 different salts (Traditional DES [64/64 BS MMX]) se (user:2) passphra (user:1) guesses: 2 time: 0:00:00:00 100% c/s: 3200 trying: passphra - se $ john --show pw-bigcrypt user:passphrase 2 password hashes cracked, 0 left
Relevant john-users postings:
3107 is the number of entries in an older revision of JtR's default password.lst wordlist.