Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 22 Jul 2020 14:58:29 +0200
From: Albert Veli <albert.veli@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Re: Known part of password, attempting incremental attack

Good luck!

Btw, to use some custom rules, you can insert them into john.conf, for
instance like this:

# My custom rule, pass through, uppercase, capitalize
[List.Rules:myrule]
:
u
c

Then extract the 2000 most common english words and run the rules on them,
and remove duplicates:
head -2000 google-10000-english-usa.txt > 2000.txt
john -w:2000.txt --rule:myrule --stdout | unique 2krules.txt

Then run combinator to find all combinations of two words from the
2krules.txt file and finally use that as input to john. The double wordlist
file will be about 1GB.

You will probably have to add the path to john and unique to your $PATH to
make the command lines work. Oh, and instead of : you can also use = in the
john cmdline. Both works.

On Wed, Jul 22, 2020 at 1:23 PM Alexander Hunt <alexhunt308@...il.com>
wrote:

> Thank you very much for your suggestions Albert, I will try these tomorrow
> and let you know how it goes.
>
> Thank you
>
> On Tuesday, July 21, 2020, Albert Veli <albert.veli@...il.com> wrote:
>
> > >
> > > But I would create a big wordlist of all combinations of two words and
> > use
> > > that as input to john and use ?w in the mask.
> > >
> >
> > And apply rules to the big wordlist and remove duplicates. Removing
> > duplicates can be done with the unique command, from john. Creating all
> > combinations of two words can be done in many ways. For instance using
> > combinator from https://github.com/hashcat/hashcat-utils. So it would
> then
> > be something like this:
> >
> > ./combinator.bin words.txt words.txt | unique double.txt
> >
> > To get a good wordlist, try
> > https://github.com/first20hours/google-10000-english if it is common
> > english words. 10000 is too much to double, try to extract the maybe 3000
> > first words and hope both your words are among those. The words are in
> > order with the most common first.
> >
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.