Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 20 Jan 2012 19:06:52 +0400
From: Solar Designer <>
Cc: Martin M?nsson <>
Subject: Re: Crack the rest of a password if first half of password is known?

Hi Martin,

You don't appear to be subscribed.  I am CC'ing this message to you, but
someone else might not...

On Fri, Jan 20, 2012 at 03:54:11PM +0100, Martin M?nsson wrote:
> If i know half the password in plaintext, lets say, 8 characters out of 12. Is there a way to make JtR crack the 4 remaining characters?

Yes.  One way is to revise and use the KnownForce external mode sample
(see john.conf supplied with JtR).

Another way is to create a new external mode that only has a filter()
function.  This function may prepend your known portion of the password
to word[].  It will then be usable along with any cracking mode (e.g.,
you may set incremental mode's MinLen and MaxLen to 4 and use it along
with your external filter() prepending your known 8-character string to
form 12-character candidate passwords).

Yet another way is to use a wordlist rule like:


along with a wordlist - but this will only work with a wordlist (not
with other cracking modes).

> Also if i know the SAP CODEVN B (max 8 alpha numeric case-insensitive) password is there a way to use that to obtain the SAP CODEVN G (max 40 case sensitive alnum + special chars) password?

Yes, this should be possible in a way similar to how NTLM hashes may be
cracked with the help of previously cracked LM hash passwords:

Someone familiar with SAP passwords may provide specific instructions.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.