Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 23 May 2018 11:02:43 +0200
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: john --make-charset=custom.chr: Can't get the hang of using it. :-(

Hi Eric,

On Tue, May 22, 2018 at 09:14:57PM +0100, Eric Watson wrote:
> I have a .txt file containing a few characters from which a password was 
> made. I have the hash of the password.
> 
> I use the command:
> 
> ./john --make-charset=custom.chr mypasswd.txt
> 
> where "mypasswd.txt" contains characters (AbCdEf)
> 
> I get the error:
> 
> Loaded 0 plaintexts, exiting...

The intended use for the "--make-charset" option is to process whatever
passwords you have already cracked in order to optimize further attacks.
The cracked passwords are read from john.pot.  When you also list any
"password files" on the command line, (1) those must be of one of the
usual formats that JtR normally reads for cracking (that is, they should
contain password hashes, as well as possibly other fields) and (2) they
are only used to filter john.pot contents.  In other words, you specify
them along with "--make-charset=custom.chr" only in order to limit the
resulting contents of custom.chr to overlap of what's in john.pot
(hashes and plaintexts) and what's in the specified files (hashes only).

Your use is unintended.  You may, however, achieve what you want by
creating a fake yet proper format john.pot with your characters, e.g.:

echo :AbCdEf > john.pot
./john --make-charset=custom.chr

Please note that incremental mode cares not only about the character
set, but also about password lengths, character positions, character
frequencies given specific up to two preceding characters.  So in the
above example, it will generate the specific string AbCdEf first (if
you allow it to generate candidate passwords of length 6 at all, and
don't apply any other restrictions).

You might want to use mask mode instead, which is intended use and is
much easier, e.g.:

./john -2='AbCdEf' -mask='?2?2?2?2' mypasswd.hash

This attacks your password hash directly, without generating any
intermediate charset file.

> Looks like I could use a manual! However,I am told that one does not 
> exist. I will create my own, step by step :-)

Where are you told that a manual does not exist?

> Please assist in using that john command. What I read seems to relate to 
> password lists:
> 
> From john examples:
> 
> 	john --make-charset=custom.chr passwd1 passwd2
> 	[ Configure your custom "incremental" mode now. See below. ]
> 	john -i=custom passwd3
> 
> 
> Where does passwd3 appear from?

All of the passwd* files in this example are expected to contain
password hashes.  passwd1 and passwd2 contain hashes that you already
have some passwords cracked for (they're in john.pot), and you use these
files for filtering your john.pot contents (in case it also contains
cracked passwords for unrelated hashes).  passwd3 is the password hash
file that you intend to crack.

This example came from doc/EXAMPLES, where it says:

"If you've got a password file for which you already have a lot of
passwords cracked or obtained by other means, and the passwords are
unusual, then you may want to generate a new charset file, based on
character frequencies from that password file only"

Then it proceeds to give examples for one such file and eventually for
multiple related files (the example you quoted here).  Perhaps we need
to clarify these examples with a mention that cracked passwords are read
from john.pot.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.