Date: Thu, 3 May 2018 17:15:15 +0200 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: password puzzle with known variables On Thu, May 03, 2018 at 03:41:07PM +0200, Patrick Proniewski wrote: > Would something like this be in the right direction: > > ./john --mask=?1?2?3r?2?4?5?6?7?8?7?7?9 -1=[Hh] -2=[aA4] -3=[mM] -4=[dD] -5=[iI\!] -6=[oO0] -7=[nNzZ] -8=[7L] -9=[tT] --stdout Yes. And you don't have to use those numbered placeholders, you can instead embed the lists/ranges right in the mask: --mask='[Hh][aA4][mM]r[aA4][dD][iI!][oO0][nNzZ][7L][nNzZ][nNzZ][tT]' or you can combine both approaches: --mask='[Hh]?2[mM]r?2[dD][iI!][oO0]?7[7L]?7?7[tT]' -2='aA4' -7='nNzZ' > On 03 mai 2018, at 07:41, Eric Oyen wrote: > > ok, I am trying to figure this out with JTR and the instructions are a little hard to follow in the man page (and te man page format isn't entirely blind friendly). There's no official man page for JtR. Debian/Ubuntu has one, but it's not something I'd recommend reading. Please refer to JtR's own documentation instead - the files under the doc/ directory. In this case, you need doc/MASK in jumbo. > > then I would like to use the above rule values for the following strings: > > 1. hamradion7zzt (13 characters) > > 2. hamradioeon7zzt (15 characters) > > 3. hamradioeo.n7zzt (16 characters) You'll need to run 3 separate attacks, progressively introducing those extra characters in the middle of the mask. Like this: --mask='[Hh][aA4][mM]r[aA4][dD][iI!][oO0][nNzZ][7L][nNzZ][nNzZ][tT]' --mask='[Hh][aA4][mM]r[aA4][dD][iI!][oO0]eo[nNzZ][7L][nNzZ][nNzZ][tT]' --mask='[Hh][aA4][mM]r[aA4][dD][iI!][oO0]eo.[nNzZ][7L][nNzZ][nNzZ][tT]' If the "o" is actually any of "[oO0]", just put that in the mask in there, etc. > > I would like to have JTR running on 2 laptops (one OS X Lion, 1 Linux) and a desktop all crunching on the same hash and answering to the same pot file. You could, but there's little point. Your keyspace is so small you'd search it in a second against that fast hash on a single laptop. And if you're unsuccessful finding the password with that and need to enlarge the keyspace, then a mere 2x difference in processing speed won't make much of a difference in your chances for success. > Basically, I would be trying the BeoWolf setup described in how to cluster JTR. Don't, unless it's more fun for you to play with BeoWolf specifically. Even if you do distribute the work between two computers, it's far easier to do that either by running two different attacks or by using the --node option. > I figure, it will allow me to finally crack that pesky password I have for that account so I can recover some data inside it's keychain (without having to wait 237 years to solve all possible permutations of the above strings with characters in any position, and that is the MINIMUM time I calculated). Sure, just focus the attack. And yes, recovering data from the keychain is a valid reason to proceed with this. > > Am I dreaming here or what? You are not, you just need to focus the attack. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.