Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 16 Nov 2010 16:42:43 -0600
From: Eric <eric.h.security@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Cracking a known password shape

Thanks for your very helpful response.

I've done plenty of coding (though not as much these days, other than
quick-n-dirty perl), but I didn't know the syntax, nor whether it was
even the best approach and hadn't been able to pull myself away from
other work long enough to figure out how to do it, only to discover
that it was an entirely impractical way of solving the problem.

A mask mode would be awesome.

I would envison an incremental or "smart incremental" mode that uses
something like hashcat's masks $l$n etc.  Defining 4 or 5 charsets for
each mask character.  lower-alpha, upper-alpha, mixed-alpha, numeric,
alphanumeric, special, mixed-alphnumeric-special (all) represented by
a special character $l$u$m$n$a$s$x (or somesuch).

Thanks again,
Eric

On Tue, Nov 16, 2010 at 3:56 PM, Solar Designer <solar@...nwall.com> wrote:
> Eric,
>
> On Tue, Nov 16, 2010 at 03:22:56PM -0600, Eric wrote:
>> However, in this case, I have a password.  I know a few characters in
>> it. It begins with an 'L' (or 'l') and the second letter is a 'o' or
>> '0'.  The fifth letter is likely a '-' or '_'.  The 8th character is
>> probably 'n' or 'N' and I need to brute-force the remaining 4-5
>> characters.
>
> I've attached an external mode definition that implements the pattern
> you mentioned above.  This external mode is a variation of the
> KnownForce sample included in the default john.conf - only the charset
> definition in the init() function has been edited.
>
> You need to append KnownEric.txt to your john.conf, then invoke:
>
> john -e=KnownEric PASSWORD-FILE
>
>> I cannot figure out the best method to do this. I've spent half the
>> day looking through archives and how-tos, but most focus on the very
>> basics of JtR usage.  I presume some sort of external function might
>> suffice, but I'm not familiar with how those are executed.  Before I
>> set out trying to learn the whole external filter functionality, can
>> anyone offer suggestions on how to attack a password that is partially
>> known.
>
> That's what the KnownForce sample was meant for.  In some cases other
> approaches are also reasonable, though.  For example, if you happen to
> recall the characters in some of the positions for sure (which you
> don't this time), then you may have an external filter() insert those
> characters into candidate passwords generated with incremental mode.
> This is illustrated here:
>
> http://www.openwall.com/lists/john-users/2008/05/20/2
>
> I am mentioning this for the sake of completeness.  In your specific
> case, the KnownEric mode is easier to use.  On the other hand, if you
> don't mind or actually want to invoke 16 instances of JtR, you may use
> the incremental mode plus external filter() approach, with 16 variations
> of the filter() (one for each specific combination of the known
> characters you mentioned).
>
> Questions like yours remind me of the need to implement an equivalent of
> KnownForce (or "mask mode" as some call it) in JtR itself, with a more
> intuitive way to specify the patterns.  Obviously, not everyone is
> comfortable with editing what looks like program source code. ;-)
>
> Thanks,
>
> Alexander
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.