Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Fri, 20 Jan 2012 19:06:52 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Cc: Martin M?nsson <martin@...adix.se>
Subject: Re: Crack the rest of a password if first half of password is known?

Hi Martin,

You don't appear to be subscribed.  I am CC'ing this message to you, but
someone else might not...

On Fri, Jan 20, 2012 at 03:54:11PM +0100, Martin M?nsson wrote:
> If i know half the password in plaintext, lets say, 8 characters out of 12. Is there a way to make JtR crack the 4 remaining characters?

Yes.  One way is to revise and use the KnownForce external mode sample
(see john.conf supplied with JtR).

Another way is to create a new external mode that only has a filter()
function.  This function may prepend your known portion of the password
to word[].  It will then be usable along with any cracking mode (e.g.,
you may set incremental mode's MinLen and MaxLen to 4 and use it along
with your external filter() prepending your known 8-character string to
form 12-character candidate passwords).

Yet another way is to use a wordlist rule like:

[List.Rules:Wordlist]
A0"known8ch"

along with a wordlist - but this will only work with a wordlist (not
with other cracking modes).

> Also if i know the SAP CODEVN B (max 8 alpha numeric case-insensitive) password is there a way to use that to obtain the SAP CODEVN G (max 40 case sensitive alnum + special chars) password?

Yes, this should be possible in a way similar to how NTLM hashes may be
cracked with the help of previously cracked LM hash passwords:

http://www.openwall.com/lists/john-users/2006/07/08/2

Someone familiar with SAP passwords may provide specific instructions.

Alexander

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ