Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <7256f881-ae46-6157-aefb-c06b456d7161@ttux.net>
Date: Mon, 10 Jul 2017 14:21:56 +0200
From: Marc <marc@...x.net>
To: john-users@...ts.openwall.com
Subject: Re: partially known password

Thank you, I have tried this but it doesn't seem to follow the -min as I 
can see what it's trying has length 6. The password I am trying to crack 
is a keepass password. I got the hash using keepass2john from the john 
bleeding jumbo.

The command I am running now is:
john -min=10 -mask=p3tI?a?a?a?a?a?a?a?a?a?a?a?a -session=mask keepass.hash

Thanks for your help.

On 07/10/2017 01:04 PM, Rich Rumble wrote:
> On Mon, Jul 10, 2017 at 5:20 AM, Marc <marc@...x.net> wrote:
>
>> Hi,
>>
>> I am new to john. I am trying to crack a password where I know most of it.
>>
>> So for example I know what characters are in it and I know the length is
>> between 8 and 16 chars.
>>
>> So in john.conf I added:
>>
>> [Incremental:Custom]
>> File = ~/.john/custom.chr
>> MinLen = 8
>> MaxLen = 16
>>
>> I generated the custom.chr from a john.pot file in which I put some
>> variation of what the password is like with the characters it contains. So
>> for example:
>>
> Probably not the way to go to find this, but could work if you had a ton of
> examples in your pot. You should likely start with a mask such as:
> john hashes.txt -mask=s0m3?a?a?a?a?a?a?a?a?a?a?a?a -session=mask
> That will begin cracking all printable ascii characters for a word
> beginning with "s0m3", see MASK in the doc folder for other examples
>
> $ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?a?a?a?a?a?a?a?a?a?a?a?a
> -min=8
> Using default input encoding: UTF-8
> Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
> 256/256 AVX2 8x])
> Press 'q' or Ctrl-C to abort, almost any other key for status
> 0g 0:00:00:01 20.60% (8) (ETA: 06:16:41) 0g/s 12113Kp/s 12113Kc/s
> 174836GC/s s0m32{!5..s0m3d{!5
> 0g 0:00:00:02 41.20% (8) (ETA: 06:16:42) 0g/s 12192Kp/s 12192Kc/s
> 174836GC/s s0m3p^mL..s0m3x^mL
> 0g 0:00:00:04 61.79% (8) (ETA: 06:16:43) 0g/s 12225Kp/s 12225Kc/s
> 131127GC/s s0m3C~ZJ..s0m3!~ZJ
> 0g 0:00:00:05 82.39% (8) (ETA: 06:16:43) 0g/s 12255Kp/s 12255Kc/s
> 139869GC/s s0m3F%7)..s0m3,%7)
> 0g 0:00:00:06 1.04% (9) (ETA: 06:26:13) 0g/s 12274Kp/s 12274Kc/s 141467GC/s
> s0m3||||..s0m3raaaa  <-----Length switched to 9
> 0g 0:00:00:06 1.07% (9) (ETA: 06:25:57) 0g/s 12247Kp/s 12247Kc/s 145697GC/s
> s0m3<'(1a..s0m3^'(1a
> 0g 0:00:00:08 1.29% (9) (ETA: 06:26:58) 0g/s 12293Kp/s 12293Kc/s 131127GC/s
> s0m3n)Oua..s0m3m)Oua
> 0g 0:00:00:09 1.50% (9) (ETA: 06:26:36) 0g/s 12274Kp/s 12274Kc/s 135984GC/s
> s0m36={Na..s0m3v={Na
>
>> So I found out I can define custom rules. Unfortunately I didn't find what
>> the custom rule should be like to say that password starts with: s0m3
>>
>> [List.Rules:Example]
>> s0m3...
>>
>> Could someone help me define the rule to say it should starts with s0m3
>> and for the rest use the characters from the custom.chr. Another thing I'd
>> like to have in the rule is that I know some of the characters are only in
>> the password once so I'd like to define that as well.
>>
> You should start with the baseword as you "wordlist", and then apply rules
> to the end of the wordlist.
> echo s0m3 >wordlist.txt
> john hashes.txt -w=wordlist.txt -rules=some-rules -session=rules
>
> [List.Rules:some-rules]
> $[0-9]$[0-9]$[0-9]$[0-9]
> $[a-zA-Z]$[a-zA-Z]$[a-zA-Z]$[a-zA-Z]
>
> And so on... those are very simple and unlikely rules, but that's the idea,
> to append all digits, to append all alpha. Mask will do this already, and
> maybe faster.
>
>> For example there is only s, 0, m, @, 1, !, - once so it shouldn't try
>> combinations where those characters would appear multiple times.
>>
> Might just try all rules john.conf has already, it does what your asking
> and a whole lot more
> john hashes.txt -w=wordlist.txt -rules=all
>
>> Finally, one last thing I couldn't find out is how can I see the passwords
>> that are being tried so I can see that it follows the rules the way I
>> expect.
>>
> You have to press a key on the keyboard to see progress, or look in the log
> files, when you use the -session=xyz you will see times/logs in xyz.log.
> You wont see what it being tried but when it switches to new lengths, rules
> etc...
> If I were you I might try a wordlist like rockyou first, maybe even try
> -prince mode, then go to mask.
>
> $ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?w -prince=rockyou.txt
> -min-length=8 -max-length=16 -session-prince-hybrid
> Using default input encoding: UTF-8
> Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
> 256/256 AVX2 8x])
> Warning: invalid UTF-8 seen reading rockyou.txt
> Press 'q' or Ctrl-C to abort, almost any other key for status
> 0g 0:00:00:04  0g/s 1872Kp/s 1872Kc/s 21854GC/s s0m3joy921203..s0m3joy712005
> 0g 0:00:00:05  0g/s 2819Kp/s 2819Kc/s 34967GC/s s0m3Omomdad7..s0m3$momdad7
> 0g 0:00:00:07  0g/s 3384Kp/s 3384Kc/s 37465GC/s s0m3rose13211..s0m3rose12881
> 0g 0:00:00:08  0g/s 3776Kp/s 3776Kc/s 43709GC/s s0m3hcabayao..s0m38cabayao
> 0g 0:00:00:10  0g/s 4079Kp/s 4079Kc/s 43709GC/s s0m3017924041..s0m3017872901
> 0g 0:00:00:11  0g/s 4303Kp/s 4303Kc/s 47682GC/s s0m30fizzy12..s0m3Rfizzy12
> 0g 0:00:00:13  0g/s 4484Kp/s 4484Kc/s 47071GC/s s0m3bestminga..s0m3bestmanea
> 0g 0:00:00:14  0g/s 4580Kp/s 4580Kc/s 48432GC/s s0m3bigpr..s0m3antpr
>
> You could even throw rules in on top of all that!
> $ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?w -prince=rockyou.txt
> -rules=NT -min-length=8 -max-length=16
> Using default input encoding: UTF-8
> Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
> 256/256 AVX2 8x])
> Warning: invalid UTF-8 seen reading rockyou.txt
> Press 'q' or Ctrl-C to abort, almost any other key for status
> 0g 0:00:00:05  0g/s 197023p/s 197023c/s 2185GC/s s0m3kikoKIKO..s0m3kikOKIkO
> 0g 0:00:00:06  0g/s 242310p/s 242310c/s 2731GC/s s0m3123456AS..s0m31234567s
> 0g 0:00:00:07  0g/s 269726p/s 269726c/s 3122GC/s s0m3IloVemia..s0m3ilOVEmia
> 0g 0:00:00:09  0g/s 282448p/s 282448c/s 3035GC/s s0m3TANeISHA..s0m3TANEIShA
> 0g 0:00:00:10  0g/s 293961p/s 293961c/s 3278GC/s s0m3KONnaRaK..s0m3KONNarAK
> 0g 0:00:00:12  0g/s 303905p/s 303905c/s 3187GC/s s0m3kidsROck..s0m3kIdsrOck
> 0g 0:00:00:13  0g/s 312141p/s 312141c/s 3362GC/s s0m3CARSwelL..s0m3CARSWELL
> 0g 0:00:00:14  0g/s 317617p/s 317617c/s 3512GC/s s0m3hAMMOndS..s0m3HammoNDS
> 0g 0:00:00:16  0g/s 321150p/s 321150c/s 3353GC/s s0m3BANaNA24..s0m3BANANA24
> -rich
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.