Date: Fri, 8 Feb 2013 14:09:41 -0600 From: "jfoug" <jfoug@....net> To: <john-users@...ts.openwall.com> Subject: RE: Cracking SHA1 with some knowledge of password From: magnum [mailto:john.magnum@...hmail.com] >On 8 Feb, 2013, at 17:40 , Lex Par <ziptied@...il.com> wrote: > >> Group, I have a SHA1 hash that I would like to brute-force. I have >> knowledge of several characters before and after the password (ie, if >> the hash is derived from "xxxpasswordyyy", I know both xxx and yyy). >> I'd like to somehow input the xxx and yyy values as constants, so that >> they are always included in the crack attempt but the "password" >> portion is brute-forced. > >This can be done in several ways but using rules should be fastest. Add this to your john.local.conf: > >[List.Rules:custom] >A0"xxx"Az"yyy" > >Then run wordlist mode with --rules:custom. > >magnum Another option, is to use dynamic, and create your own 'special' format, just for this. If done that way, then you can use -rules, -markov, -increment, etc within Jtr. To do this, one would use something similar to the dynamic_26 raw-sha1, but we cannot use MGF_RAW_SHA1_INPUT since dynamic would not get the original password back out of the input buffer. So, we simply make a simple raw-like, sha1, but do it with 2 constants. It would be something like this: [List.Generic:dynamic_1050] Expression=xxxSHA1($p)yyy Flag=MGF_SHA1_40_BYTE_FINISH MaxInputLen=40 Func=DynamicFunc__clean_input Func=DynamicFunc__append_input1_from_CONST1 Func=DynamicFunc__append_keys Func=DynamicFunc__append_input1_from_CONST2 Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL Const1=xxx Const2=yyy Test=$dynamic_1050$82249e184fe863c01f5d60f84fb346ac86e21496:openwall NOTE, if the constants were something other than xxx and yyy, then the test hash value must be recomputed (82249e184fe863c01f5d60f84fb346ac86e21496 in above example, of xxx$Pyyy for password openwall). To get the sample hash value(s): echo -n xxxopenwallyyy | sha1sum Jim.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.