Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 23 May 2018 15:48:19 +0100
From: Eric Watson <ea-watson@...ginmedia.com>
To: john-users@...ts.openwall.com
Subject: Re: john --make-charset=custom.chr: Can't get the hang
 of using it. :-(

Thank you Alexander for that detailed advice.

I read somewhere in the john documents that there was a manual in 
another group such as raspberry Pi but the advice was not to read it but 
to use the documents instead. If you wish I will post the location 
if/when I come across it again.

May I continue with this query?

The password in question contains one or two numerical strings of known 
length and known numerals. It also contains words of known length and 
characters. It also contains two *, ! characters.

The words may be capitalised and in any position as the numerical 
strings could also be.

I tried the method, (actually just before receiving you reply):

echo :AbCdEf > john.pot
./john --make-charset=custom.chr


It resulted in the numbers being treated individually which made me ask 
about a 'group' set.

What method would you suggest in this case?

Eric

On 23/05/18 10:02, Solar Designer wrote:
> Hi Eric,
>
> On Tue, May 22, 2018 at 09:14:57PM +0100, Eric Watson wrote:
>> I have a .txt file containing a few characters from which a password was
>> made. I have the hash of the password.
>>
>> I use the command:
>>
>> ./john --make-charset=custom.chr mypasswd.txt
>>
>> where "mypasswd.txt" contains characters (AbCdEf)
>>
>> I get the error:
>>
>> Loaded 0 plaintexts, exiting...
> The intended use for the "--make-charset" option is to process whatever
> passwords you have already cracked in order to optimize further attacks.
> The cracked passwords are read from john.pot.  When you also list any
> "password files" on the command line, (1) those must be of one of the
> usual formats that JtR normally reads for cracking (that is, they should
> contain password hashes, as well as possibly other fields) and (2) they
> are only used to filter john.pot contents.  In other words, you specify
> them along with "--make-charset=custom.chr" only in order to limit the
> resulting contents of custom.chr to overlap of what's in john.pot
> (hashes and plaintexts) and what's in the specified files (hashes only).
>
> Your use is unintended.  You may, however, achieve what you want by
> creating a fake yet proper format john.pot with your characters, e.g.:
>
> echo :AbCdEf > john.pot
> ./john --make-charset=custom.chr
>
> Please note that incremental mode cares not only about the character
> set, but also about password lengths, character positions, character
> frequencies given specific up to two preceding characters.  So in the
> above example, it will generate the specific string AbCdEf first (if
> you allow it to generate candidate passwords of length 6 at all, and
> don't apply any other restrictions).
>
> You might want to use mask mode instead, which is intended use and is
> much easier, e.g.:
>
> ./john -2='AbCdEf' -mask='?2?2?2?2' mypasswd.hash
>
> This attacks your password hash directly, without generating any
> intermediate charset file.
>
>> Looks like I could use a manual! However,I am told that one does not
>> exist. I will create my own, step by step :-)
> Where are you told that a manual does not exist?
>
>> Please assist in using that john command. What I read seems to relate to
>> password lists:
>>
>>  From john examples:
>>
>> 	john --make-charset=custom.chr passwd1 passwd2
>> 	[ Configure your custom "incremental" mode now. See below. ]
>> 	john -i=custom passwd3
>>
>>
>> Where does passwd3 appear from?
> All of the passwd* files in this example are expected to contain
> password hashes.  passwd1 and passwd2 contain hashes that you already
> have some passwords cracked for (they're in john.pot), and you use these
> files for filtering your john.pot contents (in case it also contains
> cracked passwords for unrelated hashes).  passwd3 is the password hash
> file that you intend to crack.
>
> This example came from doc/EXAMPLES, where it says:
>
> "If you've got a password file for which you already have a lot of
> passwords cracked or obtained by other means, and the passwords are
> unusual, then you may want to generate a new charset file, based on
> character frequencies from that password file only"
>
> Then it proceeds to give examples for one such file and eventually for
> multiple related files (the example you quoted here).  Perhaps we need
> to clarify these examples with a mention that cracked passwords are read
> from john.pot.
>
> Alexander
>

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ