Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CANWtx03+5kup3TOJmneQML6Rm2r+z7Pv-q3sg20WcULxzZaf7w@mail.gmail.com>
Date: Mon, 10 Jul 2017 07:04:26 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: partially known password

On Mon, Jul 10, 2017 at 5:20 AM, Marc <marc@...x.net> wrote:

> Hi,
>
> I am new to john. I am trying to crack a password where I know most of it.
>
> So for example I know what characters are in it and I know the length is
> between 8 and 16 chars.
>
> So in john.conf I added:
>
> [Incremental:Custom]
> File = ~/.john/custom.chr
> MinLen = 8
> MaxLen = 16
>
> I generated the custom.chr from a john.pot file in which I put some
> variation of what the password is like with the characters it contains. So
> for example:
>
Probably not the way to go to find this, but could work if you had a ton of
examples in your pot. You should likely start with a mask such as:
john hashes.txt -mask=s0m3?a?a?a?a?a?a?a?a?a?a?a?a -session=mask
That will begin cracking all printable ascii characters for a word
beginning with "s0m3", see MASK in the doc folder for other examples

$ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?a?a?a?a?a?a?a?a?a?a?a?a
-min=8
Using default input encoding: UTF-8
Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
256/256 AVX2 8x])
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:01 20.60% (8) (ETA: 06:16:41) 0g/s 12113Kp/s 12113Kc/s
174836GC/s s0m32{!5..s0m3d{!5
0g 0:00:00:02 41.20% (8) (ETA: 06:16:42) 0g/s 12192Kp/s 12192Kc/s
174836GC/s s0m3p^mL..s0m3x^mL
0g 0:00:00:04 61.79% (8) (ETA: 06:16:43) 0g/s 12225Kp/s 12225Kc/s
131127GC/s s0m3C~ZJ..s0m3!~ZJ
0g 0:00:00:05 82.39% (8) (ETA: 06:16:43) 0g/s 12255Kp/s 12255Kc/s
139869GC/s s0m3F%7)..s0m3,%7)
0g 0:00:00:06 1.04% (9) (ETA: 06:26:13) 0g/s 12274Kp/s 12274Kc/s 141467GC/s
s0m3||||..s0m3raaaa  <-----Length switched to 9
0g 0:00:00:06 1.07% (9) (ETA: 06:25:57) 0g/s 12247Kp/s 12247Kc/s 145697GC/s
s0m3<'(1a..s0m3^'(1a
0g 0:00:00:08 1.29% (9) (ETA: 06:26:58) 0g/s 12293Kp/s 12293Kc/s 131127GC/s
s0m3n)Oua..s0m3m)Oua
0g 0:00:00:09 1.50% (9) (ETA: 06:26:36) 0g/s 12274Kp/s 12274Kc/s 135984GC/s
s0m36={Na..s0m3v={Na

>
> So I found out I can define custom rules. Unfortunately I didn't find what
> the custom rule should be like to say that password starts with: s0m3
>
> [List.Rules:Example]
> s0m3...
>
> Could someone help me define the rule to say it should starts with s0m3
> and for the rest use the characters from the custom.chr. Another thing I'd
> like to have in the rule is that I know some of the characters are only in
> the password once so I'd like to define that as well.
>
You should start with the baseword as you "wordlist", and then apply rules
to the end of the wordlist.
echo s0m3 >wordlist.txt
john hashes.txt -w=wordlist.txt -rules=some-rules -session=rules

[List.Rules:some-rules]
$[0-9]$[0-9]$[0-9]$[0-9]
$[a-zA-Z]$[a-zA-Z]$[a-zA-Z]$[a-zA-Z]

And so on... those are very simple and unlikely rules, but that's the idea,
to append all digits, to append all alpha. Mask will do this already, and
maybe faster.

> For example there is only s, 0, m, @, 1, !, - once so it shouldn't try
> combinations where those characters would appear multiple times.
>
Might just try all rules john.conf has already, it does what your asking
and a whole lot more
john hashes.txt -w=wordlist.txt -rules=all

> Finally, one last thing I couldn't find out is how can I see the passwords
> that are being tried so I can see that it follows the rules the way I
> expect.
>
You have to press a key on the keyboard to see progress, or look in the log
files, when you use the -session=xyz you will see times/logs in xyz.log.
You wont see what it being tried but when it switches to new lengths, rules
etc...
If I were you I might try a wordlist like rockyou first, maybe even try
-prince mode, then go to mask.

$ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?w -prince=rockyou.txt
-min-length=8 -max-length=16 -session-prince-hybrid
Using default input encoding: UTF-8
Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
256/256 AVX2 8x])
Warning: invalid UTF-8 seen reading rockyou.txt
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:04  0g/s 1872Kp/s 1872Kc/s 21854GC/s s0m3joy921203..s0m3joy712005
0g 0:00:00:05  0g/s 2819Kp/s 2819Kc/s 34967GC/s s0m3Omomdad7..s0m3$momdad7
0g 0:00:00:07  0g/s 3384Kp/s 3384Kc/s 37465GC/s s0m3rose13211..s0m3rose12881
0g 0:00:00:08  0g/s 3776Kp/s 3776Kc/s 43709GC/s s0m3hcabayao..s0m38cabayao
0g 0:00:00:10  0g/s 4079Kp/s 4079Kc/s 43709GC/s s0m3017924041..s0m3017872901
0g 0:00:00:11  0g/s 4303Kp/s 4303Kc/s 47682GC/s s0m30fizzy12..s0m3Rfizzy12
0g 0:00:00:13  0g/s 4484Kp/s 4484Kc/s 47071GC/s s0m3bestminga..s0m3bestmanea
0g 0:00:00:14  0g/s 4580Kp/s 4580Kc/s 48432GC/s s0m3bigpr..s0m3antpr

You could even throw rules in on top of all that!
$ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?w -prince=rockyou.txt
-rules=NT -min-length=8 -max-length=16
Using default input encoding: UTF-8
Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
256/256 AVX2 8x])
Warning: invalid UTF-8 seen reading rockyou.txt
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:05  0g/s 197023p/s 197023c/s 2185GC/s s0m3kikoKIKO..s0m3kikOKIkO
0g 0:00:00:06  0g/s 242310p/s 242310c/s 2731GC/s s0m3123456AS..s0m31234567s
0g 0:00:00:07  0g/s 269726p/s 269726c/s 3122GC/s s0m3IloVemia..s0m3ilOVEmia
0g 0:00:00:09  0g/s 282448p/s 282448c/s 3035GC/s s0m3TANeISHA..s0m3TANEIShA
0g 0:00:00:10  0g/s 293961p/s 293961c/s 3278GC/s s0m3KONnaRaK..s0m3KONNarAK
0g 0:00:00:12  0g/s 303905p/s 303905c/s 3187GC/s s0m3kidsROck..s0m3kIdsrOck
0g 0:00:00:13  0g/s 312141p/s 312141c/s 3362GC/s s0m3CARSwelL..s0m3CARSWELL
0g 0:00:00:14  0g/s 317617p/s 317617c/s 3512GC/s s0m3hAMMOndS..s0m3HammoNDS
0g 0:00:00:16  0g/s 321150p/s 321150c/s 3353GC/s s0m3BANaNA24..s0m3BANANA24
-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.