Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 7 Apr 2007 20:16:43 +0400
From: Solar Designer <>
Subject: Re: Initial seed password

On Thu, Apr 05, 2007 at 04:36:52PM -0500, jmk wrote:
> I've been messing with implementing LM and NTLMv1 challenge/response
> cracking within John. I seem to have both working now in my lame hacked
> together code sort of way. ;) Not sure if it'll be useful to others, but
> I'll post the diff once I'm a bit more confident in it.

Yes, please do.  Thanks!

> Is it possible to provide John with the start of a password and have it
> go from there? Say I know the first 7 characters of the password, but
> the password may actually be up to 14 characters in length. I'm assuming
> I would create a custom wordlist rule that tells John to start appending
> characters to this value. Unfortunately, I'm completely confused by
> John's rule syntax. Can anyone point me in the right direction or give
> me a few tips?

Wordlist rules are not intended to be used for things like that.  They
might be abused in this way, but only when the number of combinations to
try is small (say, up to 100,000).

What will work best is a combination of John's "incremental" mode with
an external filter() (which you will actually use to prefix candidate
passwords with your known 7 characters).  An example is available here:

Other uses of external modes in similar cases can be seen here:

Alexander Peslyak <solar at>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15 - bringing security into open computing environments

Was I helpful?  Please give your feedback here:

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.