Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 31 Aug 2018 18:47:05 +0200
From: Solar Designer <>
Subject: Re: partially forgotten kdbx pw / help recover partially known pw


I'm sorry no one commented on this sooner.  Please see inline:

On Mon, Aug 27, 2018 at 04:38:27PM +0300, Александр Наумов wrote:
> The first part is known to me, its like ABC12 (3 capital letters and 2 numbers). I know this part.
> Then there is one or two quite simple words like 'work', 'home', 'best', 'now' etc. No numbers are placed here, no capital letters.
> The max length of the whole password is between 10 and 20 characters.
> Generally it looks like ABC12bestwork OR ABC12worknow etc.
> I generated the hash for the kdbx file


You can obtain a common English words list e.g. from one of these URLs:

You'll need to copy-paste just the list of words to a text file, or in
the case of the GitHub URL you can click on "Raw".

You can also use lower.gz from:

If so, "gzip -d" it first.  But it's probably unnecessarily long, and
isn't as focused on the top words as the above lists are.

Then you can use a combination of PRINCE and mask modes like this:

./john --prince=top-1000-words.txt --prince-elem-cnt-min=2 --prince-elem-cnt-max=2 --mask='ABC12?w' --min-length=10 --max-length=20 hashfile

This may produce a handful of duplicates, which you can filter out if
you like (makes sense if each guess takes a long time to test):

./john --prince=top-1000-words.txt --prince-elem-cnt-min=2 --prince-elem-cnt-max=2 --mask='ABC12?w' --min-length=10 --max-length=20 --stdout | ./unique to-test.txt
./john -w=to-test.txt hashfile

where "unique" is a symlink or program located in JtR's run directory.

Alternatively, the old-fashioned way to do it (prior to us getting
PRINCE, kindly contributed by atom of Hashcat) was to use Perl scripts
such as those I attached here, e.g.:

./ top-1000-words.txt > top1000x2.txt

Similarly to the above, you can optionally filter out the few duplicates
that might appear in the combined list with:

rm top1000x2.txt
./ top-1000-words.txt | ./unique top1000x2.txt

Then use JtR e.g. like this:

./john -w=top1000x2.txt --mask='ABC12?w' hashfile

With the script, you can use two different input lists e.g. if
you know that one of the words is more common than the other.

The scripts also let you specify a word separator easily (e.g., there's
a commented-out line for separating the two words with a space).

> and wanted to try this:
> john --session=01 --mask=ABC12\u\u\u\u\u\u\u\u\u\u\ hashfile
> and then create several (10) sessions for each.
> The mask command didn't work for me

This mask is wrong, and even if you corrected it e.g. to:

./john --mask='ABC12?l' --min-length=10 --max-length=20 hashfile

it'd take far too long to complete unless your password's length happens
to be close to the minimum.  Feel free to give this a try while you're
preparing the wordlist, though - you might get lucky.

There's no need to run a session per length - the mask automatically
expands to higher lengths as specified by the options.

Just to provide yet another option (more efficient than mask mode alone,
but less efficient than a focused wordlist), you can combine incremental
and mask modes:

./john --incremental=lower --mask='ABC12?w' --min-length=10 --max-length=20 hashfile

Unlike mask mode alone, this will consider character triplet
frequencies, but unlike the wordlist it won't focus on whole words.

If you're unsure the minimum length is 10, just omit "--min-length=10"
in all of these commands.  This is probably a good idea since testing of
shorter passwords is relatively quick anyway.

I hope this helps.


View attachment "" of type "text/plain" (139 bytes)

View attachment "" of type "text/plain" (348 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.