Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <f85b8f69-b2c1-845e-5b6c-ea7d9cda466d@ttux.net>
Date: Mon, 10 Jul 2017 11:20:04 +0200
From: Marc <marc@...x.net>
To: john-users@...ts.openwall.com
Subject: partially known password

Hi,

I am new to john. I am trying to crack a password where I know most of it.

So for example I know what characters are in it and I know the length is 
between 8 and 16 chars.

So in john.conf I added:

[Incremental:Custom]
File = ~/.john/custom.chr
MinLen = 8
MaxLen = 16

I generated the custom.chr from a john.pot file in which I put some 
variation of what the password is like with the characters it contains. 
So for example:

:s0m3teo@1-!
:s0m3teo@!
:s0m3teo@1!

So to generate the custom.chr from this I did:

john --make-charset=custom.chr john.pot

Now I know the password starts with exactly: s0m3

So I found out I can define custom rules. Unfortunately I didn't find 
what the custom rule should be like to say that password starts with: s0m3

[List.Rules:Example]
s0m3...

Could someone help me define the rule to say it should starts with s0m3 
and for the rest use the characters from the custom.chr. Another thing 
I'd like to have in the rule is that I know some of the characters are 
only in the password once so I'd like to define that as well.

For example there is only s, 0, m, @, 1, !, - once so it shouldn't try 
combinations where those characters would appear multiple times.

Finally, one last thing I couldn't find out is how can I see the 
passwords that are being tried so I can see that it follows the rules 
the way I expect.

Thank you for your help.

Marc

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.