Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 7 Apr 2013 11:11:42 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: What am I doing wrong?

On Sun, Apr 7, 2013 at 9:50 AM, Sandra Schlichting <littlesandra88@...il.com
> wrote:

> That is very interesting!
>
> So Marcow can not be stopped and resumed. Can Incremental that?
>
> Incremental can be resumed, wordlists also, external modes as far as I
know can't, but I wrote one that may help you if you truly think it's
A-Za-z and "-" only. There are french wordlists out there to be tried, I'd
use something like the following:
http://contest-2010.korelogic.com/wordlists.html
http://www.skullsecurity.org/wiki/index.php/Passwords
./john -format=raw-md5 /tmp/hashes -w=french_wordlist.txt -rules=jumbo
-session=wordlist_1
To resume (if it had to be stopped)
./john -resume=wordlist_1


> It turned out that the "tdc" one was very simple to brute force using the
> command I posted. CpU2ts
>
> The other one have been brute forcing since Friday and only completed 0.04%
>
> The passphrase have a max length of 29 chars and can by anything possible
> on a French keyboard , but I will expect it to be 8 ASCII characters.
>
> I've placed the external mode for (A-Z, a-z - ) at the bottom of this
email.


> and compiled it by
> wget http://www.openwall.com/john/g/john-1.7.9-jumbo-7.tar.bz2
> tar xjf john-1.7.9-jumbo-7.tar.bz2
> cd john-1.7.9-jumbo-7/src/
> make  clean linux-x86-64
> ../run/john --format=raw-md5 /tmp/hashs
>
> Is that the correct architecture I have chosen?
>
> Looks correct to me.

> Reading the FAQ, it seams that if I want to use both cores, then I have to
> hand schedule the jobs?
>
> Depends on the algorithm, slower hash types will use MPI for parallel
processing, raw-md5 is still single threaded in JtR, it's very fast,
perhaps a GPU is faster, I'm not sure about that.
http://openwall.info/wiki/john/parallelization You can run other instances
of john at the same time to use more than one CPU and try other modes, just
remember to use -session=some_name for each in case you want to resume
them. They are not aware of each other, and don't check the pot file to see
if it was cracked, so if one session cracks the last password, the others
will keep going.

> Given that I have started the job with
>
> ../run/john --format=raw-md5 /tmp/hashs
>
> can I then stop it, split the remaining in two, and resume using both
> cores?
>
> You can stop it, and to resume you'd use "-resume=john" as that is the
default name for the .rec file. It won't use both cores.

Here is the external module, run it like so: ./john -format=raw-md5
-session=ext_az-dash -external=DF-alpha-minus
Copy this to the bottom of your john.conf file (you can name it what you
want, the session name is only an example)
This will try every combo of a-z A-Z and dash from 2 to 10 characters.


[List.External:DF-alpha-minus]
int maxlength;        // Maximum password length to try
int last;        // Last character position, zero-based
int lastid;        // Character index in the last position
int id[0x7f];        // Current character indices for other positions
int charset[0x100], c0;    // Character set

void init()
{
    int minlength;
    int i, c;

    minlength = 2;    // Initial password length to try, must be at least 1
    maxlength = 10;    // Must be at least same as minlength

    i = 0;
    charset[i++] = 0x2d;        // Add minus, then
    c = 'A';
    while (c <= 'Z')
        charset[i++] = c++;
    c = 'a';
    while (c <= 'z')
        charset[i++] = c++;


/* Zero-terminate it, and cache the first character */
    charset[i] = 0;
    c0 = charset[0];

    last = minlength - 1;
    i = 0;
    while (i <= last) {
        id[i] = 0;
        word[i++] = c0;
    }
    lastid = -1;
    word[i] = 0;
}

void generate()
{
    int i;

/* Handle the typical case specially */
    if (word[last] = charset[++lastid]) return;

    lastid = 0;
    word[i = last] = c0;
    while (i--) {            // Have a preceding position?
        if (word[i] = charset[++id[i]]) return;
        id[i] = 0;
        word[i] = c0;
    }

    if (++last < maxlength) {    // Next length?
        id[last] = lastid = 0;
        word[last] = c0;
        word[last + 1] = 0;
    } else                // We're done
        word = 0;
}

void restore()
{
    int i, c;

/* Calculate the current length and infer the character indices */
    last = 0;
    while (c = word[last]) {
        i = 0; while (charset[i] != c && charset[i]) i++;
        if (!charset[i]) i = 0;    // Not found
        id[last++] = i;
    }
    lastid = id[--last];
}

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.