Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 28 Mar 2008 00:27:58 +0100
From: "Ronald Brakeboer" <>
To: <>
Subject: RE: passwords with fixed position characters and numbers

I did some searching in old topics and came up with this:

Two options: 

Generate a file (with John) with all the combo's of aaaa and ZZZZ. Dump it
to external. 
Then add a rule in external (I guess) and add following: 
this will append 4 digits at the end of a word from your wordlist.
Then run John.

Option 2.

I found following script for format aaa0000 (which is 3 alpha-4digits) 
Only problem Uppper to change that?
The // parts are modifications of the original or not sure whether that's

void init()
word[0] = 'a';
word[1] = 'a';
word[2] = 'a'; // just copied one line and added +1 to all word[x] entries
to get aaaa0000 instead of aaa0000
word[3] = 'a';
word[4] = '0';
word[5] = '0';
word[6] = '0';
word[7] = '/';               // what's this doing? Is that ok? Shouldn't
that be > word[8] = 0; here?
word[8] = 0;

// Only thing above just does aaaa0000 and not AAAA0000...whe're almost

// I was thinking of something like this: aaaa0009 then add +1 to 7th
pos..if aaaa0099 add +1 to 6th post etc etc
// I probably need some loop (return or whatever) somewhere to make it go
back after adding +1 tot the last character do I?

void generate()       // This starts the generating thing right?

if(++word[8]>'9')  // It counts from 0 till 9 and then starts with following
word[7] = '+1';   // As in 10..20..30 etc etc, +1 is probably wrong value
(any thoughts?)
word[6] = '+1'; // As in 100...200..300..etc etc
if(++word[6]>'9') // Same as in 1000...2000...3000. etc etc
word[5] = '+1';
word[4] = '+1';   ///as in aaab0000....aaac0000...aaad0000 //this is
probably very not right
word[3] = '+1';  //as in get the point I hope
word[2] = '+1';  // as in abaa0000...acaa0000...
word[1] = '+1';  
if(++word[1]>'Z') (I mean if last pass is ZZZZ9999 just stop and print

............// count tried passwords 
count=$          //$ is result of count tried passwords  
..........// Print message " finished tried $ passwords "  and stop  

........ // I don't know how :-(

// Ow...whe need it to go --stdout...hmmm, how?

like I said it's my first attempt to write something in John...
Please take a look at it and modify if needed or if it speeds up things.

-----Original Message-----
From: Ronald Brakeboer [] 
Sent: woensdag 26 maart 2008 22:12
Subject: [john-users] passwords with fixed position characters and numbers


how to achieve the follwing:

I have a “to be cracked” password wich I know consist of min-max 8
The format (by social engineering) is always like this: 
(4 alphanumeric -Upper and/or Lower and 4 digits that is) 

I only need some kind of script that generates all possible combinations
aaaa0000 ¬ ZZZZ9999 

I want to use John as a generator for aaaa0000 till ZZZZ9999 and send the
output to –stdout 
so another program (Sipcrack) can crack my own MD5 SIP password (which is
sniffed from my locked SPA3000)
(I asked the company nicely , they wouldn’t give it to me, but told me to
find it myself, welll, not very sure what they ment, I guess this is J 

My knowledge of C is not that great so I kindly and humbly ask if someone
can make this simple script in John for me and publish it to the world
I can’t seem to modify the existing examples in such way I can do this.
Which sucks bigtime. (selfesteam things etc etc J )
And can someone tell me at what speed those could be generated in theory.
(200.000 a second is about fine)
(Tried it in VB ..max generator could do was 1000 a second. Too Slow.) 


To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.