Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 24 May 2018 11:46:02 +0100
From: Eric Watson <ea-watson@...ginmedia.com>
To: john-users@...ts.openwall.com
Subject: Re: john --make-charset=custom.chr: Can't get the hang
 of using it. :-(

Hi,

Can I comment on your reply?

But first to mention that one of the links supplied by "rich" does not work.

  https://xinn.org/blog/JtR-AD-Password-Auditing.html

Alexander, you mention, "training" incremental method. Can you explain
"training" please?

I find it confusing until it is pointed out that "wordlist" and "passwd"
are not in fact words but instead are hashes. I must remember that
everything revolves around hashes.

I appreciate that users such as I are "jumping in" with only basic
knowledge whereas most users appear to be very familiar with terms and
probably attended schooling.

Not a criticism just a comment to explain my apparent ignorance.

Eric

On 23/05/18 16:03, Solar Designer wrote:
> On Wed, May 23, 2018 at 03:48:19PM +0100, Eric Watson wrote:
>> I read somewhere in the john documents that there was a manual in
>> another group such as raspberry Pi but the advice was not to read it but
>> to use the documents instead. If you wish I will post the location
>> if/when I come across it again.
> Oh, you probably mean my own recent comments about the Debian man page.
> Yes, I recommend reading our documentation under doc/ instead of that
> unofficial man page.
>
>> May I continue with this query?
> Sure.
>
>> The password in question contains one or two numerical strings of known
>> length and known numerals. It also contains words of known length and
>> characters. It also contains two *, ! characters.
>>
>> The words may be capitalised and in any position as the numerical
>> strings could also be.
> If you can arrive at a reasonably small number of different masks that
> represent your possible passwords, then I recommend that you use mask
> mode (run it multiple times with the different masks).  For example:
>
> ./john --mask='[Ff]irstword197[0-4][Ss]econdword123[*!][*!]' passwd
>
> and so on for other word orderings, etc.
>
>> I tried the method, (actually just before receiving you reply):
>>
>> echo :AbCdEf > john.pot
>> ./john --make-charset=custom.chr
>>
>> It resulted in the numbers being treated individually which made me ask
>> about a 'group' set.
> You may also try training incremental mode on multiple samples similar
> to your password - not on mere lists of characters.
>
> Alexander
>


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ