Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 23 Jan 2016 16:44:25 -0800
From: Dan Tentler <dan@...nlabs.com>
To: john-users <john-users@...ts.openwall.com>
Subject: lost sparsebundle/timemachine credential

Hey Fellas,

  So, like a derp, I screwed up my backups. I was able to partially 
restore using a backup from last august, but theres a sparsebundle I 
need to crack to get my newest backups.

  I've already used dmg2john to get the hash (holy crap are they huge) 
from the sparsebundle.
  My question is about hugely narrowing down the passwords. I need to 
basically build a dictionary of my own credentials, and substitute words 
and numbers around.

  Outside of using crunch, and building a huge dictionary by hand, is 
there a way to tell jtr to use wildcards, similar to how hashcat does 
it? Or to stack dictionaries?
  Here's what I'm thinking

  Lets say my password is "imadumbass123!!!", but I want to swap just 
the exclamation points at the end for other symbols, the numbers for 
other letters, or the word 'dumbass' for 'idiot' or another smaller 
dictionary of options.. Is it possible to do something like

ima$1123!!!
imadumbass$1!!!
imadumbass123$1

where $1 would be either a mask (?d?d?d, ?s?s?s) or another smaller dict 
file (selfdeprecationisfun.txt, which contains a variety of other words)

I don't THINK jtr can do this at the moment, if it can I'll be 
pleasantly surprised, but I'm expecting some amalgamation of glueing 
together various tools to get this done.

Any advice is appreciated!

If you guys recall - Jeremiah Grossman had the same problem a few years 
ago and he wrote a blogpost about it. This is literally the same thing.

-Dan

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.