[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3b2f445f-4b43-72ef-e87c-ed72fc31e0e1@ttux.net>
Date: Mon, 10 Jul 2017 21:48:37 +0200
From: Marc <marc@...x.net>
To: john-users@...ts.openwall.com
Subject: Re: partially known password
So at the end I managed to crack it. I used wordlist and simply wrote
some code to generate all the possible combinations rather than use john
for it as it was easier for me to define that character X or Y can't
repeat or that another one can repeat up to 2 times, etc... reducing
greatly the number of combinations.
Thanks for your help anyway.
On 07/10/2017 02:21 PM, Marc wrote:
> Thank you, I have tried this but it doesn't seem to follow the -min as
> I can see what it's trying has length 6. The password I am trying to
> crack is a keepass password. I got the hash using keepass2john from
> the john bleeding jumbo.
>
> The command I am running now is:
> john -min=10 -mask=p3tI?a?a?a?a?a?a?a?a?a?a?a?a -session=mask
> keepass.hash
>
> Thanks for your help.
>
> On 07/10/2017 01:04 PM, Rich Rumble wrote:
>> On Mon, Jul 10, 2017 at 5:20 AM, Marc <marc@...x.net> wrote:
>>
>>> Hi,
>>>
>>> I am new to john. I am trying to crack a password where I know most
>>> of it.
>>>
>>> So for example I know what characters are in it and I know the
>>> length is
>>> between 8 and 16 chars.
>>>
>>> So in john.conf I added:
>>>
>>> [Incremental:Custom]
>>> File = ~/.john/custom.chr
>>> MinLen = 8
>>> MaxLen = 16
>>>
>>> I generated the custom.chr from a john.pot file in which I put some
>>> variation of what the password is like with the characters it
>>> contains. So
>>> for example:
>>>
>> Probably not the way to go to find this, but could work if you had a
>> ton of
>> examples in your pot. You should likely start with a mask such as:
>> john hashes.txt -mask=s0m3?a?a?a?a?a?a?a?a?a?a?a?a -session=mask
>> That will begin cracking all printable ascii characters for a word
>> beginning with "s0m3", see MASK in the doc folder for other examples
>>
>> $ ./john.exe sha1s.txt -format=raw-sha1
>> -mask=s0m3?a?a?a?a?a?a?a?a?a?a?a?a
>> -min=8
>> Using default input encoding: UTF-8
>> Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
>> 256/256 AVX2 8x])
>> Press 'q' or Ctrl-C to abort, almost any other key for status
>> 0g 0:00:00:01 20.60% (8) (ETA: 06:16:41) 0g/s 12113Kp/s 12113Kc/s
>> 174836GC/s s0m32{!5..s0m3d{!5
>> 0g 0:00:00:02 41.20% (8) (ETA: 06:16:42) 0g/s 12192Kp/s 12192Kc/s
>> 174836GC/s s0m3p^mL..s0m3x^mL
>> 0g 0:00:00:04 61.79% (8) (ETA: 06:16:43) 0g/s 12225Kp/s 12225Kc/s
>> 131127GC/s s0m3C~ZJ..s0m3!~ZJ
>> 0g 0:00:00:05 82.39% (8) (ETA: 06:16:43) 0g/s 12255Kp/s 12255Kc/s
>> 139869GC/s s0m3F%7)..s0m3,%7)
>> 0g 0:00:00:06 1.04% (9) (ETA: 06:26:13) 0g/s 12274Kp/s 12274Kc/s
>> 141467GC/s
>> s0m3||||..s0m3raaaa <-----Length switched to 9
>> 0g 0:00:00:06 1.07% (9) (ETA: 06:25:57) 0g/s 12247Kp/s 12247Kc/s
>> 145697GC/s
>> s0m3<'(1a..s0m3^'(1a
>> 0g 0:00:00:08 1.29% (9) (ETA: 06:26:58) 0g/s 12293Kp/s 12293Kc/s
>> 131127GC/s
>> s0m3n)Oua..s0m3m)Oua
>> 0g 0:00:00:09 1.50% (9) (ETA: 06:26:36) 0g/s 12274Kp/s 12274Kc/s
>> 135984GC/s
>> s0m36={Na..s0m3v={Na
>>
>>> So I found out I can define custom rules. Unfortunately I didn't
>>> find what
>>> the custom rule should be like to say that password starts with: s0m3
>>>
>>> [List.Rules:Example]
>>> s0m3...
>>>
>>> Could someone help me define the rule to say it should starts with s0m3
>>> and for the rest use the characters from the custom.chr. Another
>>> thing I'd
>>> like to have in the rule is that I know some of the characters are
>>> only in
>>> the password once so I'd like to define that as well.
>>>
>> You should start with the baseword as you "wordlist", and then apply
>> rules
>> to the end of the wordlist.
>> echo s0m3 >wordlist.txt
>> john hashes.txt -w=wordlist.txt -rules=some-rules -session=rules
>>
>> [List.Rules:some-rules]
>> $[0-9]$[0-9]$[0-9]$[0-9]
>> $[a-zA-Z]$[a-zA-Z]$[a-zA-Z]$[a-zA-Z]
>>
>> And so on... those are very simple and unlikely rules, but that's the
>> idea,
>> to append all digits, to append all alpha. Mask will do this already,
>> and
>> maybe faster.
>>
>>> For example there is only s, 0, m, @, 1, !, - once so it shouldn't try
>>> combinations where those characters would appear multiple times.
>>>
>> Might just try all rules john.conf has already, it does what your asking
>> and a whole lot more
>> john hashes.txt -w=wordlist.txt -rules=all
>>
>>> Finally, one last thing I couldn't find out is how can I see the
>>> passwords
>>> that are being tried so I can see that it follows the rules the way I
>>> expect.
>>>
>> You have to press a key on the keyboard to see progress, or look in
>> the log
>> files, when you use the -session=xyz you will see times/logs in xyz.log.
>> You wont see what it being tried but when it switches to new lengths,
>> rules
>> etc...
>> If I were you I might try a wordlist like rockyou first, maybe even try
>> -prince mode, then go to mask.
>>
>> $ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?w -prince=rockyou.txt
>> -min-length=8 -max-length=16 -session-prince-hybrid
>> Using default input encoding: UTF-8
>> Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
>> 256/256 AVX2 8x])
>> Warning: invalid UTF-8 seen reading rockyou.txt
>> Press 'q' or Ctrl-C to abort, almost any other key for status
>> 0g 0:00:00:04 0g/s 1872Kp/s 1872Kc/s 21854GC/s
>> s0m3joy921203..s0m3joy712005
>> 0g 0:00:00:05 0g/s 2819Kp/s 2819Kc/s 34967GC/s
>> s0m3Omomdad7..s0m3$momdad7
>> 0g 0:00:00:07 0g/s 3384Kp/s 3384Kc/s 37465GC/s
>> s0m3rose13211..s0m3rose12881
>> 0g 0:00:00:08 0g/s 3776Kp/s 3776Kc/s 43709GC/s
>> s0m3hcabayao..s0m38cabayao
>> 0g 0:00:00:10 0g/s 4079Kp/s 4079Kc/s 43709GC/s
>> s0m3017924041..s0m3017872901
>> 0g 0:00:00:11 0g/s 4303Kp/s 4303Kc/s 47682GC/s
>> s0m30fizzy12..s0m3Rfizzy12
>> 0g 0:00:00:13 0g/s 4484Kp/s 4484Kc/s 47071GC/s
>> s0m3bestminga..s0m3bestmanea
>> 0g 0:00:00:14 0g/s 4580Kp/s 4580Kc/s 48432GC/s s0m3bigpr..s0m3antpr
>>
>> You could even throw rules in on top of all that!
>> $ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?w -prince=rockyou.txt
>> -rules=NT -min-length=8 -max-length=16
>> Using default input encoding: UTF-8
>> Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
>> 256/256 AVX2 8x])
>> Warning: invalid UTF-8 seen reading rockyou.txt
>> Press 'q' or Ctrl-C to abort, almost any other key for status
>> 0g 0:00:00:05 0g/s 197023p/s 197023c/s 2185GC/s
>> s0m3kikoKIKO..s0m3kikOKIkO
>> 0g 0:00:00:06 0g/s 242310p/s 242310c/s 2731GC/s
>> s0m3123456AS..s0m31234567s
>> 0g 0:00:00:07 0g/s 269726p/s 269726c/s 3122GC/s
>> s0m3IloVemia..s0m3ilOVEmia
>> 0g 0:00:00:09 0g/s 282448p/s 282448c/s 3035GC/s
>> s0m3TANeISHA..s0m3TANEIShA
>> 0g 0:00:00:10 0g/s 293961p/s 293961c/s 3278GC/s
>> s0m3KONnaRaK..s0m3KONNarAK
>> 0g 0:00:00:12 0g/s 303905p/s 303905c/s 3187GC/s
>> s0m3kidsROck..s0m3kIdsrOck
>> 0g 0:00:00:13 0g/s 312141p/s 312141c/s 3362GC/s
>> s0m3CARSwelL..s0m3CARSWELL
>> 0g 0:00:00:14 0g/s 317617p/s 317617c/s 3512GC/s
>> s0m3hAMMOndS..s0m3HammoNDS
>> 0g 0:00:00:16 0g/s 321150p/s 321150c/s 3353GC/s
>> s0m3BANaNA24..s0m3BANANA24
>> -rich
>>
>
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
