Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 10 Jul 2017 16:25:31 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: partially known password

On Mon, Jul 10, 2017 at 8:21 AM, Marc <marc@...x.net> wrote:

> Thank you, I have tried this but it doesn't seem to follow the -min as I
> can see what it's trying has length 6. The password I am trying to crack is
> a keepass password. I got the hash using keepass2john from the john
> bleeding jumbo.
>
> The command I am running now is:
> john -min=10 -mask=p3tI?a?a?a?a?a?a?a?a?a?a?a?a -session=mask keepass.hash
>
> Thanks for your help.
>
In the future, let's try to keep our responses in-line as opposed to
top-posting. Mine are inline, which is under and or "inside" of yours.
You could try the full command option "--min-length=N", but I doubt that is
the issue. It may also be helpful to know what version of JtR your using
and if it's capable of doing what we want, I think it is, but to be sure:
./john --list=build-info
./john --list=formats|grep -i keep
Those should shed some light on what version your using. Here are some test
hashes you can try as well:
http://openwall.info/wiki/john/sample-non-hashes#KeePass It's possible the
encryption options being used aren't supported with JtR, but I'm not 100%
on that, try the sample hashes.
-rich

> Hi,
>>>
>>> I am new to john. I am trying to crack a password where I know most of
>>> it.
>>>
>>> So for example I know what characters are in it and I know the length is
>>> between 8 and 16 chars.
>>>
>>> So in john.conf I added:
>>>
>>> [Incremental:Custom]
>>> File = ~/.john/custom.chr
>>> MinLen = 8
>>> MaxLen = 16
>>>
>>> I generated the custom.chr from a john.pot file in which I put some
>>> variation of what the password is like with the characters it contains.
>>> So
>>> for example:
>>>
>>> Probably not the way to go to find this, but could work if you had a ton
>> of
>> examples in your pot. You should likely start with a mask such as:
>> john hashes.txt -mask=s0m3?a?a?a?a?a?a?a?a?a?a?a?a -session=mask
>> That will begin cracking all printable ascii characters for a word
>> beginning with "s0m3", see MASK in the doc folder for other examples
>>
>> $ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?a?a?a?a?a?a?a?a?a?a
>> ?a?a
>> -min=8
>> Using default input encoding: UTF-8
>> Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
>> 256/256 AVX2 8x])
>> Press 'q' or Ctrl-C to abort, almost any other key for status
>> 0g 0:00:00:01 20.60% (8) (ETA: 06:16:41) 0g/s 12113Kp/s 12113Kc/s
>> 174836GC/s s0m32{!5..s0m3d{!5
>> 0g 0:00:00:02 41.20% (8) (ETA: 06:16:42) 0g/s 12192Kp/s 12192Kc/s
>> 174836GC/s s0m3p^mL..s0m3x^mL
>> 0g 0:00:00:04 61.79% (8) (ETA: 06:16:43) 0g/s 12225Kp/s 12225Kc/s
>> 131127GC/s s0m3C~ZJ..s0m3!~ZJ
>> 0g 0:00:00:05 82.39% (8) (ETA: 06:16:43) 0g/s 12255Kp/s 12255Kc/s
>> 139869GC/s s0m3F%7)..s0m3,%7)
>> 0g 0:00:00:06 1.04% (9) (ETA: 06:26:13) 0g/s 12274Kp/s 12274Kc/s
>> 141467GC/s
>> s0m3||||..s0m3raaaa  <-----Length switched to 9
>> 0g 0:00:00:06 1.07% (9) (ETA: 06:25:57) 0g/s 12247Kp/s 12247Kc/s
>> 145697GC/s
>> s0m3<'(1a..s0m3^'(1a
>> 0g 0:00:00:08 1.29% (9) (ETA: 06:26:58) 0g/s 12293Kp/s 12293Kc/s
>> 131127GC/s
>> s0m3n)Oua..s0m3m)Oua
>> 0g 0:00:00:09 1.50% (9) (ETA: 06:26:36) 0g/s 12274Kp/s 12274Kc/s
>> 135984GC/s
>> s0m36={Na..s0m3v={Na
>>
>> So I found out I can define custom rules. Unfortunately I didn't find what
>>> the custom rule should be like to say that password starts with: s0m3
>>>
>>> [List.Rules:Example]
>>> s0m3...
>>>
>>> Could someone help me define the rule to say it should starts with s0m3
>>> and for the rest use the characters from the custom.chr. Another thing
>>> I'd
>>> like to have in the rule is that I know some of the characters are only
>>> in
>>> the password once so I'd like to define that as well.
>>>
>>> You should start with the baseword as you "wordlist", and then apply
>> rules
>> to the end of the wordlist.
>> echo s0m3 >wordlist.txt
>> john hashes.txt -w=wordlist.txt -rules=some-rules -session=rules
>>
>> [List.Rules:some-rules]
>> $[0-9]$[0-9]$[0-9]$[0-9]
>> $[a-zA-Z]$[a-zA-Z]$[a-zA-Z]$[a-zA-Z]
>>
>> And so on... those are very simple and unlikely rules, but that's the
>> idea,
>> to append all digits, to append all alpha. Mask will do this already, and
>> maybe faster.
>>
>> For example there is only s, 0, m, @, 1, !, - once so it shouldn't try
>>> combinations where those characters would appear multiple times.
>>>
>>> Might just try all rules john.conf has already, it does what your asking
>> and a whole lot more
>> john hashes.txt -w=wordlist.txt -rules=all
>>
>> Finally, one last thing I couldn't find out is how can I see the passwords
>>> that are being tried so I can see that it follows the rules the way I
>>> expect.
>>>
>>> You have to press a key on the keyboard to see progress, or look in the
>> log
>> files, when you use the -session=xyz you will see times/logs in xyz.log.
>> You wont see what it being tried but when it switches to new lengths,
>> rules
>> etc...
>> If I were you I might try a wordlist like rockyou first, maybe even try
>> -prince mode, then go to mask.
>>
>> $ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?w -prince=rockyou.txt
>> -min-length=8 -max-length=16 -session-prince-hybrid
>> Using default input encoding: UTF-8
>> Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
>> 256/256 AVX2 8x])
>> Warning: invalid UTF-8 seen reading rockyou.txt
>> Press 'q' or Ctrl-C to abort, almost any other key for status
>> 0g 0:00:00:04  0g/s 1872Kp/s 1872Kc/s 21854GC/s
>> s0m3joy921203..s0m3joy712005
>> 0g 0:00:00:05  0g/s 2819Kp/s 2819Kc/s 34967GC/s s0m3Omomdad7..s0m3$momdad7
>> 0g 0:00:00:07  0g/s 3384Kp/s 3384Kc/s 37465GC/s
>> s0m3rose13211..s0m3rose12881
>> 0g 0:00:00:08  0g/s 3776Kp/s 3776Kc/s 43709GC/s s0m3hcabayao..s0m38cabayao
>> 0g 0:00:00:10  0g/s 4079Kp/s 4079Kc/s 43709GC/s
>> s0m3017924041..s0m3017872901
>> 0g 0:00:00:11  0g/s 4303Kp/s 4303Kc/s 47682GC/s s0m30fizzy12..s0m3Rfizzy12
>> 0g 0:00:00:13  0g/s 4484Kp/s 4484Kc/s 47071GC/s
>> s0m3bestminga..s0m3bestmanea
>> 0g 0:00:00:14  0g/s 4580Kp/s 4580Kc/s 48432GC/s s0m3bigpr..s0m3antpr
>>
>> You could even throw rules in on top of all that!
>> $ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?w -prince=rockyou.txt
>> -rules=NT -min-length=8 -max-length=16
>> Using default input encoding: UTF-8
>> Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
>> 256/256 AVX2 8x])
>> Warning: invalid UTF-8 seen reading rockyou.txt
>> Press 'q' or Ctrl-C to abort, almost any other key for status
>> 0g 0:00:00:05  0g/s 197023p/s 197023c/s 2185GC/s
>> s0m3kikoKIKO..s0m3kikOKIkO
>> 0g 0:00:00:06  0g/s 242310p/s 242310c/s 2731GC/s
>> s0m3123456AS..s0m31234567s
>> 0g 0:00:00:07  0g/s 269726p/s 269726c/s 3122GC/s
>> s0m3IloVemia..s0m3ilOVEmia
>> 0g 0:00:00:09  0g/s 282448p/s 282448c/s 3035GC/s
>> s0m3TANeISHA..s0m3TANEIShA
>> 0g 0:00:00:10  0g/s 293961p/s 293961c/s 3278GC/s
>> s0m3KONnaRaK..s0m3KONNarAK
>> 0g 0:00:00:12  0g/s 303905p/s 303905c/s 3187GC/s
>> s0m3kidsROck..s0m3kIdsrOck
>> 0g 0:00:00:13  0g/s 312141p/s 312141c/s 3362GC/s
>> s0m3CARSwelL..s0m3CARSWELL
>> 0g 0:00:00:14  0g/s 317617p/s 317617c/s 3512GC/s
>> s0m3hAMMOndS..s0m3HammoNDS
>> 0g 0:00:00:16  0g/s 321150p/s 321150c/s 3353GC/s
>> s0m3BANaNA24..s0m3BANANA24
>> -rich
>>
>>
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.