jwt2john not working with some input strings / formats?
Opened this issue · 1 comments
This hmac-sha256 input string does not seem to be interpreted by john (with or without bleeding jumbo patches) following jwt2john even if forced to hmac-sha256. Any thoughts? What algorithms are supported? Maybe I am missing something?
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMGUyOWViNC1iYWNhLTRiMGItYWE3OS00YzlmMDMxMjg5NWQiLCJ1c2VySWQiOjUwNywidXNlclVpZCI6ImQzMjQwZGZmLTEwZTktNDM2MC05ZjdkLWE4YzdmOTllMzc4MSIsImVtYWlsIjoiYWxpY2UuZGF0YXNjaWVuY2VAZ3VhcmRzaWdodC5jb20iLCJyb2xlcyI6WyJTVEFOREFSRCJdLCJuYW1lIjoiQWxpY2UgR3VhcmRzaWdodCIsImlhdCI6MTQ5MDE0NTU3MH0.J0KJ3N7WwqE9MIL2nABdLVSfseej4BiUFREJl8eSUqU
$ echo -en 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9' | base64 -d
{"alg":"HS256","typ":"JWT"}
$ jwt2john eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMGUyOWViNC1iYWNhLTRiMGItYWE3OS00YzlmMDMxMjg5NWQiLCJ1c2VySWQiOjUwNywidXNlclVpZCI6ImQzMjQwZGZmLTEwZTktNDM2MC05ZjdkLWE4YzdmOTllMzc4MSIsImVtYWlsIjoiYWxpY2UuZGF0YXNjaWVuY2VAZ3VhcmRzaWdodC5jb20iLCJyb2xlcyI6WyJTVEFOREFSRCJdLCJuYW1lIjoiQWxpY2UgR3VhcmRzaWdodCIsImlhdCI6MTQ5MDE0NTU3MH0.J0KJ3N7WwqE9MIL2nABdLVSfseej4BiUFREJl8eSUqU > hash.txt
$ john hash.txt
Using default input encoding: UTF-8
No password hashes loaded (see FAQ
This is because of a length restriction in john. You can try increasing SALT_LIMBS in the source code to support larger data sizes.
Also, I noticed that jumbo-john now supports the JWT format, so you don't need jwt2john anymore to convert it to another format.