Date: Sun, 28 Oct 2018 14:15:56 +0100 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: brute force unknown chars Hi, Thank you for helping answer the question, Rich! On Sun, Oct 28, 2018 at 08:43:52AM -0400, Rich Rumble wrote: > On Sun, Oct 28, 2018 at 7:39 AM Powen Cheng <madtomic@...il.com> wrote: > > Example: I know the password begins with "Password" but is 12 characters > > long. > > So, I would need to brute force the last 4 char using thecustom.chr that I > > created. > A custom.chr file might be faster, but depending on the hash type (fast or > slow) you could bruteforce 4 remaining chars very quickly with a mask, In cases like this, mask mode is typically the way to go. > or even the external-mode "knownforce". The KnownForce external mode pre-dates the introduction of mask mode and is now pretty useless except as an example and a template for its revisions like the DateTime mode. > I'd do the following: > ./john -format=nt hash.txt -session=mask -mask=Password?a?a?a?a > (Assumes your hash type is NTLM aka -format=nt) Right. Explicit specification of "--format" isn't always necessary - JtR will generally auto-detect the hash type if it's of a specific enough format. > That will try all characters appended to the end of the word "Password", if > the real password contains "?'s" escape them -mask=asdf\?lkjh?a?a?a?a > https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/doc/MASK There are two kinds of escaping that might be required: for the shell that JtR is invoked from, and for JtR itself. In Rich's example, the backslash may end up being eaten by the shell, leaving the question mark unescaped when it reaches JtR. I recommend putting the entire mask in single quotes for the shell, and then using JtR mask's escapes inside the mask as necessary. For question marks, I recommend escaping them by doubling (which is also the syntax that works for character classes in wordlist rules), although a backslash also works (when not eaten by the shell). For example: --mask='asdf??lkjh?a?a?a?a' > If you have more than one thread/CPU you may consider using Fork as well > ./john -format=nt hash.txt -session=mask -mask=Password?a?a?a?a -fork=4 > That will spit the load out to 4 threads Actually, 4 processes. > just in case your hash type is not benefiting from OMP Use of processes (with "--fork") generally results in higher cumulative c/s rate than use of threads (with OpenMP) even for hash types that are benefitting from OpenMP. > https://openwall.info/wiki/john/parallelization This wiki page is currently badly out of date. I wouldn't refer to it. (And we should probably update it.) > I think you can use your charset by adding a new rule like this to john.conf > [wordlist:append] > :Az I guess you meant something like: Az"[a-z][a-z][a-z][a-z]" > and running a command like > ./john -stdout -i=thecustom.chr | ./john -pipe -format=nt > -session=custom-in -rules=append -w=word.txt hash.txt > This will output your characters from your custom charset and pipe them > into the next instance of john, and that instance is set to format NTLM, > use the rule in john.conf, a wordlist containing the known part of the > password, and then agains the hash you have in hash.txt. This is erroneous (can't use both "-pipe" and "-w" at once - what would this even mean if it were supported?) and overly complicated. Instead of the above mix, something like this can be used: ./john --incremental=custom --mask='Password?w' hash.txt It's that simple. The ?w in the mask refers to whatever "word" comes from another cracking mode, in this case incremental. If the password length is known, it can be specified as: ./john -inc=custom -mask='Password?w' -min-len=12 -max-len=12 hash.txt In fact, for only 4 characters to find the default incremental mode might work well enough, leaving us with: ./john -inc -mask='Password?w' -min-len=12 -max-len=12 hash.txt > Check out some of the older questions on John's mailing list too This is always a good suggestion. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.