Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Wed, 26 Nov 2008 11:20:48 -0500
From: Adam Turk <bofh1234@...mail.com>
To: <john-users@...ts.openwall.com>
Subject: RE: Partly known password


> I forgot some parts of my password to a service-account. Since it is windows
> something broke and
> I can't update my software! Now I'm bruteforcing the password, but it's so
> slow..
> 
> I think the password is 9 or 10 letter/digets, and I remember a phrase I put
> in the middel of
> the password. (let's say "1batMan" just as an example).
> 
> The format is something like this
> 
> XX1batMan or XX1batManX (where X's is unknown.)
> 
> I had a look at the mailing list
>  http://www.openwall.com/lists/john-users/2008/05/20/2
> but couldn't figure it out.
> 
> How do I run all the combinations for X together with the part of the
> password I know?
> 
> Oddmund

I recommend cracking the LM hash with john and then with those results switch to using mdcrack 182 to crack the NTLM hash.  mdcrack 183 has a bug in it.  Download at http://membres.lycos.fr/mdcrack/download/MDCrack-182.zip  mdcrack 182 works great under wine.  I do recommend updating wine to the latest version.  With mdcrack you can specify the charset to use to crack so if the LM hash returns CD1BATMAN3 use the following:
wine MDCrack-sse.exe --charset=abcdtmn13ABCDTMN --algorithm=NTLM1 --minsize=10
--maxsize=10 NTLM hash

Don't get me wrong, john the ripper is great, but specifing a specific charset like is difficult.

If you are absolutly certain about 1batMan being exactly like this XX1batManX you can use crunch to generate a wordlist with:
aa1batMana
aa1batManb
and pass that wordlist to john.
Something like:
crunch 10 10 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
-t @@...tMan@ >wordlist.txt
The above is untested but should work.



_________________________________________________________________
Windows Live Hotmail now works up to 70% faster.
http://windowslive.com/Explore/Hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_faster_112008

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ