Table of Contents

John the ripper Test Suite

This page is still WIP. JimF.

Test Suite Intro

So, you have john built, or have added a new great format to john. Well, does it work? How can you tell. There is a self-test mode built into john, that helps to detect the worst of the worst errors. However, there can be problems which DO slip by the self test. This is where the 'John-Test-Suite' has come into play.

The test suite is a set of script files, dictionary file(s) (Some to create the test suite, and 2 to 'run' against the test suite), and a set of john input hash files.

These input hash files were created by usage of one of the script files in the test suite, which will use perl (requires several Crypt/Athens CPAN modules installed) and a perl script pass_gen.pl and some helper C code, to generate a proper working 'set' of input files. A user can recreate these input files, if he so chooses.

Once the test suite files are properly installed, then by simply running a single script command, john will be run multiple times against the input hash files. A properly built john should be able to detect all hashes in the file. The test suite will run checks twice. The first run, the test suite uses the data in the provided dictionary file. On the second run, the script will pull all of the found passwords from the john.pot file, will build a dictionary using that data, and will re-run john again (after removing the john.pot file). What this second step does, is validate that the found passwords, as written into johns john.pot file, are the proper words, and DO again 'crack' the passwords.

There are 2 integrated test suites. This is due to significant differences between the 'core' john package, and john with the jumbo-patch installed. The jumbo-patched john contains many additional command line options (the test suites uses some of them). The script file will auto detect, if the built john is a 'core' john, or if it is a 'jumbo' built john. Once the script knows which one, it will properly test the formats that are valid within that version of john, and will use the proper command line arguments.

What gets tested

The test suite, has specially built hash input files. Many things are tested, and when there are problems found, the input files are updated to make sure these issues get tested.

Some of the things tested:

- normal ASCII words.
- 8 bit values (on formats where this is meaningful), including 'garbage' characters. Early on, some formats had problems with binary data.
- utf8 encoded words (on formats which use the john-jumbo -enc=utf8 processing flag).
- utf8 encoded words on 'garbage' binary data (on formats which use the john-jumbo -enc=utf8 processing flag).
- long passwords Max length of format, AND words in the dictionary file that are longer than the format can possibly handle.
- very short words (and blank).
- Multiple salts for salted formats, and single salts

Usage

Download, and install (as listed below).

Then in that directory, run ./tstall [or ”./tstall quick” to skip checking some of the slower format, but this is usually not recommended]

Since 1.7.8-jumbo-5, you can also do “make test” (quick test) or “make test_full” in the src directory. This is the same as running tstall manually.

The script will run detect which 'type' of john is provided, and run john properly, and output information to screen.

Download

Currently, the Test Suite can be found at the patches wiki page in the “other” section.

How to install

TBD. May be a patch or a tarball. The proper location is in a directory: ./test in the main john directory (i.e. sibling of ./src and ./run)

How to run

See Usage

Design methodology

John formats

Supported

core and jumbo test suite

- DES and BigCrypt_DES
- BSDI
- md5 ($1$) and md5_apr1 ($apr1$)
- BF

jumbo test suite

- all 'core' formats
- md5_gen(0) to md5_gen(28)
- mscash (DCC1)
- mscash2 (DCC2)
- phpass (Wordpress, etc)
- pixmd5 (and salted)
- PO
- PHPS
- IPB2
- raw-md5 and raw-md5-unicode
- raw-sha1 and sha1-genp and sha1-gens
- raw-md4 and md4-genp and md4-gens
- LM and NTLM and pwdump format LM/NTLM
- Netscape_LDAP_SHA and Netscape_LDAP_SSHA
- LDAP_SSHA-(salted-sha)
- OpenSSHA
- Netscreen_MD5
- MAC_OSX_Salted_SHA1
- hmacMD5
- mskrb5
- bfegg
- mssql05 and mssql (older)
- mysqlSHA1 and mysql and mysql-fast
- oracle and oracle11
- lotus5
- hdaa
- netntlm and all the 'other' net* formats

Not yet supported

- AFS
- KRB5
- dominosec
- epi
- sapG and sapB
- DMD5
- pwsafe
- wpapsk
- grub
- MAC_OSX_Salted_SHA512