Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 23 May 2018 10:02:57 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: john --make-charset=custom.chr: Can't get the hang
 of using it. :-(

On Wed, May 23, 2018 at 5:02 AM, Solar Designer <solar@...nwall.com> wrote:

> Hi Eric,
>
> On Tue, May 22, 2018 at 09:14:57PM +0100, Eric Watson wrote:
> > I have a .txt file containing a few characters from which a password was
> > made. I have the hash of the password.
> >
> > I use the command:
> >
> > ./john --make-charset=custom.chr mypasswd.txt
> >
> > where "mypasswd.txt" contains characters (AbCdEf)
> >
> > I get the error:
> >
> > Loaded 0 plaintexts, exiting...
>
> The intended use for the "--make-charset" option is to process whatever
> passwords you have already cracked in order to optimize further attacks.
> The cracked passwords are read from john.pot.  When you also list any
> "password files" on the command line, (1) those must be of one of the
> usual formats that JtR normally reads for cracking (that is, they should
> contain password hashes, as well as possibly other fields) and (2) they
> are only used to filter john.pot contents.  In other words, you specify
> them along with "--make-charset=custom.chr" only in order to limit the
> resulting contents of custom.chr to overlap of what's in john.pot
> (hashes and plaintexts) and what's in the specified files (hashes only).
>
> Your use is unintended.  You may, however, achieve what you want by
> creating a fake yet proper format john.pot with your characters, e.g.:
>
> echo :AbCdEf > john.pot
> ./john --make-charset=custom.chr
>
> Please note that incremental mode cares not only about the character
> set, but also about password lengths, character positions, character
> frequencies given specific up to two preceding characters.  So in the
> above example, it will generate the specific string AbCdEf first (if
> you allow it to generate candidate passwords of length 6 at all, and
> don't apply any other restrictions).
>
> You might want to use mask mode instead, which is intended use and is
> much easier, e.g.:
>
> ./john -2='AbCdEf' -mask='?2?2?2?2' mypasswd.hash
>
> This attacks your password hash directly, without generating any
> intermediate charset file.
>
> > Looks like I could use a manual! However,I am told that one does not
> > exist. I will create my own, step by step :-)
>
> Where are you told that a manual does not exist?
>
> > Please assist in using that john command. What I read seems to relate to
> > password lists:
> >
> > From john examples:
> >
> >       john --make-charset=custom.chr passwd1 passwd2
> >       [ Configure your custom "incremental" mode now. See below. ]
> >       john -i=custom passwd3
> >
> >
> > Where does passwd3 appear from?
>
> All of the passwd* files in this example are expected to contain
> password hashes.  passwd1 and passwd2 contain hashes that you already
> have some passwords cracked for (they're in john.pot), and you use these
> files for filtering your john.pot contents (in case it also contains
> cracked passwords for unrelated hashes).  passwd3 is the password hash
> file that you intend to crack.
>
> This example came from doc/EXAMPLES, where it says:
>
> "If you've got a password file for which you already have a lot of
> passwords cracked or obtained by other means, and the passwords are
> unusual, then you may want to generate a new charset file, based on
> character frequencies from that password file only"
>
> Then it proceeds to give examples for one such file and eventually for
> multiple related files (the example you quoted here).  Perhaps we need
> to clarify these examples with a mention that cracked passwords are read
> from john.pot.
>
> Alexander
>
Other helpful resources in addition to the DOC
<https://github.com/magnumripper/JohnTheRipper/tree/bleeding-jumbo/doc>
folder are: http://openwall.info/wiki/john
http://openwall.info/wiki/john/tutorials
One I'm fond of: https://xinn.org/blog/JtR-AD-Password-Auditing.html (Skip
down to "Using Jtr")
-rich

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.