Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Tue, 5 Feb 2013 08:16:45 -0500
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: generating passwords candidates longer than 8
 characters using incremental attack

On Tue, Feb 5, 2013 at 4:40 AM, JohnyKrekan <krekan@...nykrekan.com> wrote:
> Hello, after a successfull test with 8 characters password I tried to generate longer passwords by setting the incremental section in john.ini where
Incremental mode will only create max 8 length passwords by default.
You have to compile John with one tweak to allow for longer passwords,
and then you have to generate the .CHR files for it to use with those
longer settings.
> Why this configuration is not working?
> what should I do to derivate those longer password candidates using incremental attack?
Again the .chr files are where john derives it's incremental
candidates, and you have to create your own once you've modified the
params.h file

#define CHARSET_LENGTH			8

Change that to 10, or 12 etc...(whatever number you want up to a point)
Then you can create your own charset files.
http://www.openwall.com/john/doc/EXAMPLES.shtml
In order to generate the chr files you need a large pot file...
To generate a decent pot file for john to use when creating these
charset's try (if on windows find use cygwin)

cat rockyou.txt | sed 's/^/:/' > custom.pot

You can use some pre-defined or custom word filters when generating
the charset file to have John consider some simpler passwords only:
	john --pot=custom.pot --make-charset=my_alpha.chr
--external=filter_alpha mypasswd.chr

If your "pot file" got large enough (or if you don't have any charset
files at all), you might want to use it to generate a new set of main
charset files:

	john --pot=custom.pot --make-charset=all.chr
	john --pot=custom.pot --make-charset=alnum.chr --external=filter_alnum
	john --pot=custom.pot --make-charset=alpha.chr --external=filter_alpha
	john --pot=custom.pot --make-charset=digits.chr --external=filter_digits
	john --pot=custom.pot --make-charset=lanman.chr --external=filter_lanman

Those commands are specifying the pot file to use, john will default
to john.pot if you do not specify another. You can find rockyou.txt
and other good wordlists all over the internet have a look here for a
bunch of links: http://www.openwall.com/wordlists/ Note that the
commands above will overwrite the existing all, alnum, alpha, digits,
and lanman.chr files.
-rich

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ