Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Jul 2017 07:04:26 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: partially known password

On Mon, Jul 10, 2017 at 5:20 AM, Marc <marc@...x.net> wrote:

> Hi,
>
> I am new to john. I am trying to crack a password where I know most of it.
>
> So for example I know what characters are in it and I know the length is
> between 8 and 16 chars.
>
> So in john.conf I added:
>
> [Incremental:Custom]
> File = ~/.john/custom.chr
> MinLen = 8
> MaxLen = 16
>
> I generated the custom.chr from a john.pot file in which I put some
> variation of what the password is like with the characters it contains. So
> for example:
>
Probably not the way to go to find this, but could work if you had a ton of
examples in your pot. You should likely start with a mask such as:
john hashes.txt -mask=s0m3?a?a?a?a?a?a?a?a?a?a?a?a -session=mask
That will begin cracking all printable ascii characters for a word
beginning with "s0m3", see MASK in the doc folder for other examples

$ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?a?a?a?a?a?a?a?a?a?a?a?a
-min=8
Using default input encoding: UTF-8
Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
256/256 AVX2 8x])
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:01 20.60% (8) (ETA: 06:16:41) 0g/s 12113Kp/s 12113Kc/s
174836GC/s s0m32{!5..s0m3d{!5
0g 0:00:00:02 41.20% (8) (ETA: 06:16:42) 0g/s 12192Kp/s 12192Kc/s
174836GC/s s0m3p^mL..s0m3x^mL
0g 0:00:00:04 61.79% (8) (ETA: 06:16:43) 0g/s 12225Kp/s 12225Kc/s
131127GC/s s0m3C~ZJ..s0m3!~ZJ
0g 0:00:00:05 82.39% (8) (ETA: 06:16:43) 0g/s 12255Kp/s 12255Kc/s
139869GC/s s0m3F%7)..s0m3,%7)
0g 0:00:00:06 1.04% (9) (ETA: 06:26:13) 0g/s 12274Kp/s 12274Kc/s 141467GC/s
s0m3||||..s0m3raaaa  <-----Length switched to 9
0g 0:00:00:06 1.07% (9) (ETA: 06:25:57) 0g/s 12247Kp/s 12247Kc/s 145697GC/s
s0m3<'(1a..s0m3^'(1a
0g 0:00:00:08 1.29% (9) (ETA: 06:26:58) 0g/s 12293Kp/s 12293Kc/s 131127GC/s
s0m3n)Oua..s0m3m)Oua
0g 0:00:00:09 1.50% (9) (ETA: 06:26:36) 0g/s 12274Kp/s 12274Kc/s 135984GC/s
s0m36={Na..s0m3v={Na

>
> So I found out I can define custom rules. Unfortunately I didn't find what
> the custom rule should be like to say that password starts with: s0m3
>
> [List.Rules:Example]
> s0m3...
>
> Could someone help me define the rule to say it should starts with s0m3
> and for the rest use the characters from the custom.chr. Another thing I'd
> like to have in the rule is that I know some of the characters are only in
> the password once so I'd like to define that as well.
>
You should start with the baseword as you "wordlist", and then apply rules
to the end of the wordlist.
echo s0m3 >wordlist.txt
john hashes.txt -w=wordlist.txt -rules=some-rules -session=rules

[List.Rules:some-rules]
$[0-9]$[0-9]$[0-9]$[0-9]
$[a-zA-Z]$[a-zA-Z]$[a-zA-Z]$[a-zA-Z]

And so on... those are very simple and unlikely rules, but that's the idea,
to append all digits, to append all alpha. Mask will do this already, and
maybe faster.

> For example there is only s, 0, m, @, 1, !, - once so it shouldn't try
> combinations where those characters would appear multiple times.
>
Might just try all rules john.conf has already, it does what your asking
and a whole lot more
john hashes.txt -w=wordlist.txt -rules=all

> Finally, one last thing I couldn't find out is how can I see the passwords
> that are being tried so I can see that it follows the rules the way I
> expect.
>
You have to press a key on the keyboard to see progress, or look in the log
files, when you use the -session=xyz you will see times/logs in xyz.log.
You wont see what it being tried but when it switches to new lengths, rules
etc...
If I were you I might try a wordlist like rockyou first, maybe even try
-prince mode, then go to mask.

$ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?w -prince=rockyou.txt
-min-length=8 -max-length=16 -session-prince-hybrid
Using default input encoding: UTF-8
Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
256/256 AVX2 8x])
Warning: invalid UTF-8 seen reading rockyou.txt
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:04  0g/s 1872Kp/s 1872Kc/s 21854GC/s s0m3joy921203..s0m3joy712005
0g 0:00:00:05  0g/s 2819Kp/s 2819Kc/s 34967GC/s s0m3Omomdad7..s0m3$momdad7
0g 0:00:00:07  0g/s 3384Kp/s 3384Kc/s 37465GC/s s0m3rose13211..s0m3rose12881
0g 0:00:00:08  0g/s 3776Kp/s 3776Kc/s 43709GC/s s0m3hcabayao..s0m38cabayao
0g 0:00:00:10  0g/s 4079Kp/s 4079Kc/s 43709GC/s s0m3017924041..s0m3017872901
0g 0:00:00:11  0g/s 4303Kp/s 4303Kc/s 47682GC/s s0m30fizzy12..s0m3Rfizzy12
0g 0:00:00:13  0g/s 4484Kp/s 4484Kc/s 47071GC/s s0m3bestminga..s0m3bestmanea
0g 0:00:00:14  0g/s 4580Kp/s 4580Kc/s 48432GC/s s0m3bigpr..s0m3antpr

You could even throw rules in on top of all that!
$ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?w -prince=rockyou.txt
-rules=NT -min-length=8 -max-length=16
Using default input encoding: UTF-8
Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
256/256 AVX2 8x])
Warning: invalid UTF-8 seen reading rockyou.txt
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:05  0g/s 197023p/s 197023c/s 2185GC/s s0m3kikoKIKO..s0m3kikOKIkO
0g 0:00:00:06  0g/s 242310p/s 242310c/s 2731GC/s s0m3123456AS..s0m31234567s
0g 0:00:00:07  0g/s 269726p/s 269726c/s 3122GC/s s0m3IloVemia..s0m3ilOVEmia
0g 0:00:00:09  0g/s 282448p/s 282448c/s 3035GC/s s0m3TANeISHA..s0m3TANEIShA
0g 0:00:00:10  0g/s 293961p/s 293961c/s 3278GC/s s0m3KONnaRaK..s0m3KONNarAK
0g 0:00:00:12  0g/s 303905p/s 303905c/s 3187GC/s s0m3kidsROck..s0m3kIdsrOck
0g 0:00:00:13  0g/s 312141p/s 312141c/s 3362GC/s s0m3CARSwelL..s0m3CARSWELL
0g 0:00:00:14  0g/s 317617p/s 317617c/s 3512GC/s s0m3hAMMOndS..s0m3HammoNDS
0g 0:00:00:16  0g/s 321150p/s 321150c/s 3353GC/s s0m3BANaNA24..s0m3BANANA24
-rich

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ