Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 17 Nov 2010 00:56:44 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Cracking a known password shape

Eric,

On Tue, Nov 16, 2010 at 03:22:56PM -0600, Eric wrote:
> However, in this case, I have a password.  I know a few characters in
> it. It begins with an 'L' (or 'l') and the second letter is a 'o' or
> '0'.  The fifth letter is likely a '-' or '_'.  The 8th character is
> probably 'n' or 'N' and I need to brute-force the remaining 4-5
> characters.

I've attached an external mode definition that implements the pattern
you mentioned above.  This external mode is a variation of the
KnownForce sample included in the default john.conf - only the charset
definition in the init() function has been edited.

You need to append KnownEric.txt to your john.conf, then invoke:

john -e=KnownEric PASSWORD-FILE

> I cannot figure out the best method to do this. I've spent half the
> day looking through archives and how-tos, but most focus on the very
> basics of JtR usage.  I presume some sort of external function might
> suffice, but I'm not familiar with how those are executed.  Before I
> set out trying to learn the whole external filter functionality, can
> anyone offer suggestions on how to attack a password that is partially
> known.

That's what the KnownForce sample was meant for.  In some cases other
approaches are also reasonable, though.  For example, if you happen to
recall the characters in some of the positions for sure (which you
don't this time), then you may have an external filter() insert those
characters into candidate passwords generated with incremental mode.
This is illustrated here:

http://www.openwall.com/lists/john-users/2008/05/20/2

I am mentioning this for the sake of completeness.  In your specific
case, the KnownEric mode is easier to use.  On the other hand, if you
don't mind or actually want to invoke 16 instances of JtR, you may use
the incremental mode plus external filter() approach, with 16 variations
of the filter() (one for each specific combination of the known
characters you mentioned).

Questions like yours remind me of the need to implement an equivalent of
KnownForce (or "mask mode" as some call it) in JtR itself, with a more
intuitive way to specify the patterns.  Obviously, not everyone is
comfortable with editing what looks like program source code. ;-)

Thanks,

Alexander

View attachment "KnownEric.txt" of type "text/plain" (1782 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.