Date: Sun, 28 Jan 2007 10:11:11 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: how to find a password of 16 digits On Wed, Jan 24, 2007 at 02:52:40AM +0000, Johnny wrote: > C:\John>john-mmx -i:digits -stdout | [target program for further processing] > > I modified the john.ini this way: > [Incremental:Digits] > File = $JOHN/digits.chr > MinLen = 16 > MaxLen = 16 > CharCount = 10 > > The result was that it JTR is not able to genertate digits beyond 8 characters > in this mode. - Up to 8 characters worked fine. Yes, "incremental" mode is limited to lengths up to 8 by default, at compile time. > But I am sure, that the password must have 16 digits, no doubt. Do you know anything else about the password? For example, is it a Visa or MasterCard? ;-) > -> Is it possible to change any setting(s) to bypass the 8 characters > restriction in incremental mode? - Where and how? Yes, but you ought to be able to re-compile JtR from the source code. If you're on Windows, then you need to download and install Cygwin: http://www.cygwin.com Then you download the source code for JtR, e.g. john-1.7.2.tar.gz, and extract and compile it from the bash shell as included in Cygwin with the following commands: tar xvzf john-1.7.2.tar.gz cd john-1.7.2/src make clean win32-cygwin-x86-sse2 If the above has worked fine, you've tested your ability to re-compile JtR, with no modifications yet. Let's use this unmodified JtR to extract some statistical info from the supplied digits.chr with the following trick (still in bash): cd ../run ./john -i=digits --stdout | sed 's/^/:/; 1000000q' > john.pot This will save the first 1 million of candidate passwords (of length up to 8) that -i=digits would normally try, as if these were actual cracked passwords. Now edit the src/params.h file - replace the following lines (around line 200): #define CHARSET_MIN ' ' #define CHARSET_MAX 0x7E and #define CHARSET_LENGTH 8 with: #define CHARSET_MIN '0' #define CHARSET_MAX '9' and #define CHARSET_LENGTH 16 Then let's rebuild JtR with this modification: cd ../src make clean win32-cygwin-x86-sse2 And generate a new .chr file: cd ../run ./john --make-charset=digits16.chr The output should be: Loaded 1000000 plaintexts Generating charsets... 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 DONE Generating cracking order... DONE Successfully written charset file: digits16.chr (10 characters) Now you can define a new "incremental" mode: [Incremental:Digits16] File = $JOHN/digits16.chr MinLen = 16 MaxLen = 16 CharCount = 10 Note that this new digits16.chr will also work for lengths 0 to 15, if you ever need that. However, it will only work with this custom build of JtR, and moreover this custom build of JtR will not be able to process the old (supplied) .chr files anymore. Finally, let's test it: ./john -i=digits16 --stdout | head If you've used JtR 1.7.2 and its supplied digits.chr as specified above, this should produce: 2222222222222222 4222222222222222 4222222222222224 4222222222222242 4222222222222244 4222222222222422 4222222222222424 4222222222222442 4222222222222444 4222222222224222 Also, you can see what candidate passwords will be tried later on: ./john -i=digits16 --stdout | head -1000000 | tail This produces: 0224020442044420 0224020442044442 0224020442044444 0224020442044440 0224020442044402 0224020442044404 0224020442044400 0224020442044022 0224020442044024 0224020442044020 > -> If not, how can I generate my owen wordlist consisting of only digits and > of 16 characters? - A command line as an example would be nice. Obviously, you don't want to be trying to save 170 or 180 petabytes of data in a file. Even if you would happen to have this much storage and your operating system and filesystem would support files this large, your system would likely fail before this process is complete in some 30 years (assuming a rate of 10 million candidate passwords per second). You can, however, pipe the output of "./john -i=digits16 --stdout" into your program, hoping that the right password will be tried sometime in the first year due to the statistical information from the old digits.chr. You can further improve your chances by providing JtR with more information on your password (say, by means of applying an external filter() at the time you generate the digits16.chr file). > -> Could I modify the "-rules" option to make JTR generating 16 digits out of > a wordlist of only one! line of 16 digits? Im not sure how to use this option. No, you'd need a different input wordlist for that (say, an empty one), but the number of post-preprocessor rules would be too large for this to work in practice. JtR would spend ages verifying the syntax of those rules before it starts to do anything. The rules are not intended for things like that. -- Alexander Peslyak <solar at openwall.com> GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15 http://www.openwall.com - bringing security into open computing environments Was I helpful? Please give your feedback here: http://rate.affero.net/solar -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.