Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 8 Nov 2010 18:05:00 -0800 (PST)
From: William <phoolon_devi@...oo.com>
To: john-users@...ts.openwall.com
Subject: Re: which john & options to use for Mac OS X 10.4+ salted SHA-1 using OSX 10.6?

Checked my old emails: Pro was bought on Feb 14, 2008.  Time dilation is a terrible thing...

Got the url, FTP'd the Mac OS X 10.5+ version and fired that sucker up.



Added your attachment to the john.conf file and tried both



./john -e=KnownWilliam1 PASSWORD-FILE

and 

./john -e=KnownWilliam2 PASSWORD-FILE



They took 12 seconds each to run, got "0 password hashes cracked, 1 left"  then did "--show" (ever hopeful), but no luck....



the only other thing I can think of is that I got the order of the 
component parts wrong; for example, it might be two letters/two numbers/
 punctuation/2 letters/2 numbers/punctuation

or 

two numbers/two letters/two numbers/two letters/punctuation

or

punctuation/two letters/two numbers/punctuation/two numbers/two letters

or some other combination.



Anyway, you've been a great help, and most of the fun is figuring it 
out, so thanks.  I've got the latest version and I'll get back to ya if I
 get stuck again.



-William



--- On Mon, 11/8/10, Solar Designer <solar@...nwall.com> wrote:

From: Solar Designer <solar@...nwall.com>
Subject: Re: [john-users] which john & options to use for Mac OS X 10.4+ salted SHA-1 using OSX 10.6?
To: john-users@...ts.openwall.com
Date: Monday, November 8, 2010, 10:28 AM

William,

On Sun, Nov 07, 2010 at 07:22:41PM -0800, William wrote:
> 4.  the pattern I remember is two letters (either upper or lower case), then two numbers (from the set 02, 03, 04, 05 or 06), then either an * or !, then two more letters (if the first were upper, the second are lower and vice versa), then two more numbers from the set above.

Attached are two external mode definitions.  (For others on john-users:
these are trivial customizations of the KnownForce mode.)  Combined,
they implement all variations of the exact pattern you mentioned above.
You need to append the attached text file to your john.conf file.  You
may do so with a text editor, or you may run the command:

cat KnownWilliam.txt >> john.conf

(Note: with _two_ greater-than characters in a row, or you'd end up
_overwriting_ the file rather than appending to it.  Please be careful.)

Then run John with:

./john -e=KnownWilliam1 PASSWORD-FILE

and then with:

./john -e=KnownWilliam2 PASSWORD-FILE

where PASSWORD-FILE is the filename of your password hash file.  Each of
these commands will take less than a minute, and one of them ought to
crack your password.  If not, despite of you doing things correctly,
then your description of the password pattern above does not match your
actual password being attacked.

Please let us (the community) know whether this worked or not.  If not,
then please describe what exactly happened and how long it took (to
confirm that you were doing things correctly).  Preferably copy & paste
the relevant commands and output from your Terminal.  Also suggest how
to relax/broaden the pattern.

Alexander



      

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.