Date: Fri, 8 Feb 2013 15:47:00 -0500 From: Lex Par <ziptied@...il.com> To: john-users@...ts.openwall.com Subject: Re: Cracking SHA1 with some knowledge of password thanks Jim! I'd liek to use your approach. When I add what you specified in my conf file and run: ./john --format dynamic_1050 --test I get: Invalid format dynamic_1050 xxxSHA1($p)yyy; The first command must be a clean input 1 or input 2 OR a special key 2 input loader function Unknown ciphertext format name requested xxx is really "something here " and yyy is really " and other stuff here" both with spaces included... Here is my config entry: [List.Generic:dynamic_1050] Expression=xxxSHA1($p)yyy Flag=MGF_SHA1_40_BYTE_FINISH MaxInputLen=40 Func=DynamicFunc__clean_input Func=DynamicFunc__append_input1_from_CONST1 Func=DynamicFunc__append_keys Func=DynamicFunc__append_input1_from_CONST2 Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL Const1=something here Const2= and other stuff here Test=$dynamic_1050$c302cf90ec0c2ad200fc8c3cad54cee7e4b169ef:1 thanks for all of your help!!!! On Fri, Feb 8, 2013 at 3:09 PM, jfoug <jfoug@....net> wrote: > From: magnum [mailto:john.magnum@...hmail.com] > >On 8 Feb, 2013, at 17:40 , Lex Par <ziptied@...il.com> wrote: > > > >> Group, I have a SHA1 hash that I would like to brute-force. I have > >> knowledge of several characters before and after the password (ie, if > >> the hash is derived from "xxxpasswordyyy", I know both xxx and yyy). > >> I'd like to somehow input the xxx and yyy values as constants, so that > >> they are always included in the crack attempt but the "password" > >> portion is brute-forced. > > > >This can be done in several ways but using rules should be fastest. Add > this to your john.local.conf: > > > >[List.Rules:custom] > >A0"xxx"Az"yyy" > > > >Then run wordlist mode with --rules:custom. > > > >magnum > > Another option, is to use dynamic, and create your own 'special' format, > just for this. If done that way, then you can use -rules, -markov, > -increment, etc within Jtr. To do this, one would use something similar to > the dynamic_26 raw-sha1, but we cannot use MGF_RAW_SHA1_INPUT since dynamic > would not get the original password back out of the input buffer. > > So, we simply make a simple raw-like, sha1, but do it with 2 constants. It > would be something like this: > > [List.Generic:dynamic_1050] > Expression=xxxSHA1($p)yyy > Flag=MGF_SHA1_40_BYTE_FINISH > MaxInputLen=40 > Func=DynamicFunc__clean_input > Func=DynamicFunc__append_input1_from_CONST1 > Func=DynamicFunc__append_keys > Func=DynamicFunc__append_input1_from_CONST2 > Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL > Const1=xxx > Const2=yyy > Test=$dynamic_1050$82249e184fe863c01f5d60f84fb346ac86e21496:openwall > > > NOTE, if the constants were something other than xxx and yyy, then the test > hash value must be recomputed (82249e184fe863c01f5d60f84fb346ac86e21496 in > above example, of xxx$Pyyy for password openwall). > > To get the sample hash value(s): > > echo -n xxxopenwallyyy | sha1sum > > Jim. > >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.