Date: Sat, 23 Jan 2016 16:44:25 -0800 From: Dan Tentler <dan@...nlabs.com> To: john-users <john-users@...ts.openwall.com> Subject: lost sparsebundle/timemachine credential Hey Fellas, So, like a derp, I screwed up my backups. I was able to partially restore using a backup from last august, but theres a sparsebundle I need to crack to get my newest backups. I've already used dmg2john to get the hash (holy crap are they huge) from the sparsebundle. My question is about hugely narrowing down the passwords. I need to basically build a dictionary of my own credentials, and substitute words and numbers around. Outside of using crunch, and building a huge dictionary by hand, is there a way to tell jtr to use wildcards, similar to how hashcat does it? Or to stack dictionaries? Here's what I'm thinking Lets say my password is "imadumbass123!!!", but I want to swap just the exclamation points at the end for other symbols, the numbers for other letters, or the word 'dumbass' for 'idiot' or another smaller dictionary of options.. Is it possible to do something like ima$1123!!! imadumbass$1!!! imadumbass123$1 where $1 would be either a mask (?d?d?d, ?s?s?s) or another smaller dict file (selfdeprecationisfun.txt, which contains a variety of other words) I don't THINK jtr can do this at the moment, if it can I'll be pleasantly surprised, but I'm expecting some amalgamation of glueing together various tools to get this done. Any advice is appreciated! If you guys recall - Jeremiah Grossman had the same problem a few years ago and he wrote a blogpost about it. This is literally the same thing. -Dan
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.