Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 21 May 2008 01:06:22 +0400
From: Solar Designer <>
Subject: Re: incremental crack of partially known passwords

On Tue, May 20, 2008 at 09:05:45PM +0200, Polygraf Belkin wrote:
> I have partially forgotten the password to a server of mine.

Yet somehow you have access to the password hash, but not physical
access to the server (or you'd reset the password already)?

> I know, that the password has the form of xxxyyyxxx, where I know the x-es for sure, but have forgotten the ys, I know, though, that the ys are all numbers.
> I have fiddled out how to configure john pre-compile to accept '9' as maxcount, but from there on, I am lost.

You didn't need that.

> How would I formulate a request to john to incrementally crack the password of the specific form, which should not be too difficult, as the complexity is very reduced?

This should work:

void filter()
	word[5] = word[2];
	word[4] = word[1];
	word[3] = word[0];
	word[0] = 'x';
	word[1] = 'x';
	word[2] = 'x';
	word[6] = 'x';
	word[7] = 'x';
	word[8] = 'x';
	word[9] = 0;

File = $JOHN/digits.chr
MinLen = 3
MaxLen = 3
CharCount = 10

With the above in john.conf, you invoke John as follows:

	john -i=xxxyyyxxx -e=xxxyyyxxx passwd

As an alternative to this, you can use the KnownForce external mode:

Alexander Peslyak <solar at>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15 - bringing security into open computing environments

Was I helpful?  Please give your feedback here:

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.