Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 28 Oct 2018 08:43:52 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: brute force unknown chars

On Sun, Oct 28, 2018 at 7:39 AM Powen Cheng <madtomic@...il.com> wrote:

> Hello,
>
> Can anyone please help me as I can't figure out if this is even possible?
>
> Example: I know the password begins with "Password" but is 12 characters
> long.
> So, I would need to brute force the last 4 char using thecustom.chr that I
> created.
>
> Can someone please help me with this?
>
A custom.chr file might be faster, but depending on the hash type (fast or
slow) you could bruteforce 4 remaining chars very quickly with a mask, or
even the external-mode "knownforce".
I'd do the following:
./john -format=nt hash.txt -session=mask -mask=Password?a?a?a?a
 (Assumes your hash type is NTLM aka -format=nt)
That will try all characters appended to the end of the word "Password", if
the real password contains "?'s" escape them -mask=asdf\?lkjh?a?a?a?a
https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/doc/MASK
If you have more than one thread/CPU you may consider using Fork as well
 ./john -format=nt hash.txt -session=mask -mask=Password?a?a?a?a -fork=4
That will spit the load out to 4 threads just in case your hash type is not
benefiting from OMP
https://openwall.info/wiki/john/parallelization

I think you can use your charset by adding a new rule like this to john.conf
[wordlist:append]
:Az
 and running a command like
./john -stdout -i=thecustom.chr | ./john -pipe -format=nt
-session=custom-in -rules=append -w=word.txt hash.txt
This will output your characters from your custom charset and pipe them
into the next instance of john, and that instance is set to format NTLM,
use the rule in john.conf, a wordlist containing the known part of the
password, and then agains the hash you have in hash.txt.
Check out some of the older questions on John's mailing list too
https://www.google.com/search?q=site:openwall.com+add+characters+to+the+end+of+string&cad=h
-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.