Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 8 Feb 2013 15:47:00 -0500
From: Lex Par <ziptied@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Cracking SHA1 with some knowledge of password

thanks Jim! I'd liek to use your approach.  When I add what you specified
in my conf file and run:

./john --format dynamic_1050 --test

I get:
Invalid format dynamic_1050 xxxSHA1($p)yyy;  The first command must be a
clean input 1 or input 2 OR a special key 2 input loader function
Unknown ciphertext format name requested

xxx is really "something here "
and yyy is really " and other stuff here"

both with spaces included...

Here is my config entry:
[List.Generic:dynamic_1050]
Expression=xxxSHA1($p)yyy
Flag=MGF_SHA1_40_BYTE_FINISH
MaxInputLen=40
Func=DynamicFunc__clean_input
Func=DynamicFunc__append_input1_from_CONST1
Func=DynamicFunc__append_keys
Func=DynamicFunc__append_input1_from_CONST2
Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
Const1=something here
Const2= and other stuff here
Test=$dynamic_1050$c302cf90ec0c2ad200fc8c3cad54cee7e4b169ef:1


thanks for all of your help!!!!

On Fri, Feb 8, 2013 at 3:09 PM, jfoug <jfoug@....net> wrote:

> From: magnum [mailto:john.magnum@...hmail.com]
> >On 8 Feb, 2013, at 17:40 , Lex Par <ziptied@...il.com> wrote:
> >
> >> Group, I have a SHA1 hash that I would like to brute-force. I have
> >> knowledge of several characters before and after the password (ie, if
> >> the hash is derived from "xxxpasswordyyy", I know both xxx and yyy).
> >> I'd like to somehow input the xxx and yyy values as constants, so that
> >> they are always included in the crack attempt but the "password"
> >> portion is brute-forced.
> >
> >This can be done in several ways but using rules should be fastest. Add
> this to your john.local.conf:
> >
> >[List.Rules:custom]
> >A0"xxx"Az"yyy"
> >
> >Then run wordlist mode with --rules:custom.
> >
> >magnum
>
> Another option, is to use dynamic, and create your own 'special' format,
> just for this.  If done that way, then you can use -rules, -markov,
> -increment, etc within Jtr. To do this, one would use something similar to
> the dynamic_26 raw-sha1, but we cannot use MGF_RAW_SHA1_INPUT since dynamic
> would not get the original password back out of the input buffer.
>
> So, we simply make a simple raw-like, sha1, but do it with 2 constants.  It
> would be something like this:
>
> [List.Generic:dynamic_1050]
> Expression=xxxSHA1($p)yyy
> Flag=MGF_SHA1_40_BYTE_FINISH
> MaxInputLen=40
> Func=DynamicFunc__clean_input
> Func=DynamicFunc__append_input1_from_CONST1
> Func=DynamicFunc__append_keys
> Func=DynamicFunc__append_input1_from_CONST2
> Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL
> Const1=xxx
> Const2=yyy
> Test=$dynamic_1050$82249e184fe863c01f5d60f84fb346ac86e21496:openwall
>
>
> NOTE, if the constants were something other than xxx and yyy, then the test
> hash value must be recomputed (82249e184fe863c01f5d60f84fb346ac86e21496 in
> above example, of xxx$Pyyy for password openwall).
>
> To get the sample hash value(s):
>
> echo -n xxxopenwallyyy | sha1sum
>
> Jim.
>
>

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.