Discussion:
[john-users] partially known password
Marc
2017-07-10 09:20:04 UTC
Permalink
Hi,

I am new to john. I am trying to crack a password where I know most of it.

So for example I know what characters are in it and I know the length is
between 8 and 16 chars.

So in john.conf I added:

[Incremental:Custom]
File = ~/.john/custom.chr
MinLen = 8
MaxLen = 16

I generated the custom.chr from a john.pot file in which I put some
variation of what the password is like with the characters it contains.
So for example:

:***@1-!
:s0m3teo@!
:***@1!

So to generate the custom.chr from this I did:

john --make-charset=custom.chr john.pot

Now I know the password starts with exactly: s0m3

So I found out I can define custom rules. Unfortunately I didn't find
what the custom rule should be like to say that password starts with: s0m3

[List.Rules:Example]
s0m3...

Could someone help me define the rule to say it should starts with s0m3
and for the rest use the characters from the custom.chr. Another thing
I'd like to have in the rule is that I know some of the characters are
only in the password once so I'd like to define that as well.

For example there is only s, 0, m, @, 1, !, - once so it shouldn't try
combinations where those characters would appear multiple times.

Finally, one last thing I couldn't find out is how can I see the
passwords that are being tried so I can see that it follows the rules
the way I expect.

Thank you for your help.

Marc
Rich Rumble
2017-07-10 11:04:26 UTC
Permalink
Post by Marc
Hi,
I am new to john. I am trying to crack a password where I know most of it.
So for example I know what characters are in it and I know the length is
between 8 and 16 chars.
[Incremental:Custom]
File = ~/.john/custom.chr
MinLen = 8
MaxLen = 16
I generated the custom.chr from a john.pot file in which I put some
variation of what the password is like with the characters it contains. So
Probably not the way to go to find this, but could work if you had a ton of
examples in your pot. You should likely start with a mask such as:
john hashes.txt -mask=s0m3?a?a?a?a?a?a?a?a?a?a?a?a -session=mask
That will begin cracking all printable ascii characters for a word
beginning with "s0m3", see MASK in the doc folder for other examples

$ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?a?a?a?a?a?a?a?a?a?a?a?a
-min=8
Using default input encoding: UTF-8
Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
256/256 AVX2 8x])
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:01 20.60% (8) (ETA: 06:16:41) 0g/s 12113Kp/s 12113Kc/s
174836GC/s s0m32{!5..s0m3d{!5
0g 0:00:00:02 41.20% (8) (ETA: 06:16:42) 0g/s 12192Kp/s 12192Kc/s
174836GC/s s0m3p^mL..s0m3x^mL
0g 0:00:00:04 61.79% (8) (ETA: 06:16:43) 0g/s 12225Kp/s 12225Kc/s
131127GC/s s0m3C~ZJ..s0m3!~ZJ
0g 0:00:00:05 82.39% (8) (ETA: 06:16:43) 0g/s 12255Kp/s 12255Kc/s
139869GC/s s0m3F%7)..s0m3,%7)
0g 0:00:00:06 1.04% (9) (ETA: 06:26:13) 0g/s 12274Kp/s 12274Kc/s 141467GC/s
s0m3||||..s0m3raaaa <-----Length switched to 9
0g 0:00:00:06 1.07% (9) (ETA: 06:25:57) 0g/s 12247Kp/s 12247Kc/s 145697GC/s
s0m3<'(1a..s0m3^'(1a
0g 0:00:00:08 1.29% (9) (ETA: 06:26:58) 0g/s 12293Kp/s 12293Kc/s 131127GC/s
s0m3n)Oua..s0m3m)Oua
0g 0:00:00:09 1.50% (9) (ETA: 06:26:36) 0g/s 12274Kp/s 12274Kc/s 135984GC/s
s0m36={Na..s0m3v={Na
Post by Marc
So I found out I can define custom rules. Unfortunately I didn't find what
the custom rule should be like to say that password starts with: s0m3
[List.Rules:Example]
s0m3...
Could someone help me define the rule to say it should starts with s0m3
and for the rest use the characters from the custom.chr. Another thing I'd
like to have in the rule is that I know some of the characters are only in
the password once so I'd like to define that as well.
You should start with the baseword as you "wordlist", and then apply rules
to the end of the wordlist.
echo s0m3 >wordlist.txt
john hashes.txt -w=wordlist.txt -rules=some-rules -session=rules

[List.Rules:some-rules]
$[0-9]$[0-9]$[0-9]$[0-9]
$[a-zA-Z]$[a-zA-Z]$[a-zA-Z]$[a-zA-Z]

And so on... those are very simple and unlikely rules, but that's the idea,
to append all digits, to append all alpha. Mask will do this already, and
maybe faster.
Post by Marc
combinations where those characters would appear multiple times.
Might just try all rules john.conf has already, it does what your asking
and a whole lot more
john hashes.txt -w=wordlist.txt -rules=all
Post by Marc
Finally, one last thing I couldn't find out is how can I see the passwords
that are being tried so I can see that it follows the rules the way I
expect.
You have to press a key on the keyboard to see progress, or look in the log
files, when you use the -session=xyz you will see times/logs in xyz.log.
You wont see what it being tried but when it switches to new lengths, rules
etc...
If I were you I might try a wordlist like rockyou first, maybe even try
-prince mode, then go to mask.

$ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?w -prince=rockyou.txt
-min-length=8 -max-length=16 -session-prince-hybrid
Using default input encoding: UTF-8
Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
256/256 AVX2 8x])
Warning: invalid UTF-8 seen reading rockyou.txt
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:04 0g/s 1872Kp/s 1872Kc/s 21854GC/s s0m3joy921203..s0m3joy712005
0g 0:00:00:05 0g/s 2819Kp/s 2819Kc/s 34967GC/s s0m3Omomdad7..s0m3$momdad7
0g 0:00:00:07 0g/s 3384Kp/s 3384Kc/s 37465GC/s s0m3rose13211..s0m3rose12881
0g 0:00:00:08 0g/s 3776Kp/s 3776Kc/s 43709GC/s s0m3hcabayao..s0m38cabayao
0g 0:00:00:10 0g/s 4079Kp/s 4079Kc/s 43709GC/s s0m3017924041..s0m3017872901
0g 0:00:00:11 0g/s 4303Kp/s 4303Kc/s 47682GC/s s0m30fizzy12..s0m3Rfizzy12
0g 0:00:00:13 0g/s 4484Kp/s 4484Kc/s 47071GC/s s0m3bestminga..s0m3bestmanea
0g 0:00:00:14 0g/s 4580Kp/s 4580Kc/s 48432GC/s s0m3bigpr..s0m3antpr

You could even throw rules in on top of all that!
$ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?w -prince=rockyou.txt
-rules=NT -min-length=8 -max-length=16
Using default input encoding: UTF-8
Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
256/256 AVX2 8x])
Warning: invalid UTF-8 seen reading rockyou.txt
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:05 0g/s 197023p/s 197023c/s 2185GC/s s0m3kikoKIKO..s0m3kikOKIkO
0g 0:00:00:06 0g/s 242310p/s 242310c/s 2731GC/s s0m3123456AS..s0m31234567s
0g 0:00:00:07 0g/s 269726p/s 269726c/s 3122GC/s s0m3IloVemia..s0m3ilOVEmia
0g 0:00:00:09 0g/s 282448p/s 282448c/s 3035GC/s s0m3TANeISHA..s0m3TANEIShA
0g 0:00:00:10 0g/s 293961p/s 293961c/s 3278GC/s s0m3KONnaRaK..s0m3KONNarAK
0g 0:00:00:12 0g/s 303905p/s 303905c/s 3187GC/s s0m3kidsROck..s0m3kIdsrOck
0g 0:00:00:13 0g/s 312141p/s 312141c/s 3362GC/s s0m3CARSwelL..s0m3CARSWELL
0g 0:00:00:14 0g/s 317617p/s 317617c/s 3512GC/s s0m3hAMMOndS..s0m3HammoNDS
0g 0:00:00:16 0g/s 321150p/s 321150c/s 3353GC/s s0m3BANaNA24..s0m3BANANA24
-rich
Marc
2017-07-10 12:21:56 UTC
Permalink
Thank you, I have tried this but it doesn't seem to follow the -min as I
can see what it's trying has length 6. The password I am trying to crack
is a keepass password. I got the hash using keepass2john from the john
bleeding jumbo.

The command I am running now is:
john -min=10 -mask=p3tI?a?a?a?a?a?a?a?a?a?a?a?a -session=mask keepass.hash

Thanks for your help.
Post by Rich Rumble
Post by Marc
Hi,
I am new to john. I am trying to crack a password where I know most of it.
So for example I know what characters are in it and I know the length is
between 8 and 16 chars.
[Incremental:Custom]
File = ~/.john/custom.chr
MinLen = 8
MaxLen = 16
I generated the custom.chr from a john.pot file in which I put some
variation of what the password is like with the characters it contains. So
Probably not the way to go to find this, but could work if you had a ton of
john hashes.txt -mask=s0m3?a?a?a?a?a?a?a?a?a?a?a?a -session=mask
That will begin cracking all printable ascii characters for a word
beginning with "s0m3", see MASK in the doc folder for other examples
$ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?a?a?a?a?a?a?a?a?a?a?a?a
-min=8
Using default input encoding: UTF-8
Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
256/256 AVX2 8x])
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:01 20.60% (8) (ETA: 06:16:41) 0g/s 12113Kp/s 12113Kc/s
174836GC/s s0m32{!5..s0m3d{!5
0g 0:00:00:02 41.20% (8) (ETA: 06:16:42) 0g/s 12192Kp/s 12192Kc/s
174836GC/s s0m3p^mL..s0m3x^mL
0g 0:00:00:04 61.79% (8) (ETA: 06:16:43) 0g/s 12225Kp/s 12225Kc/s
131127GC/s s0m3C~ZJ..s0m3!~ZJ
0g 0:00:00:05 82.39% (8) (ETA: 06:16:43) 0g/s 12255Kp/s 12255Kc/s
139869GC/s s0m3F%7)..s0m3,%7)
0g 0:00:00:06 1.04% (9) (ETA: 06:26:13) 0g/s 12274Kp/s 12274Kc/s 141467GC/s
s0m3||||..s0m3raaaa <-----Length switched to 9
0g 0:00:00:06 1.07% (9) (ETA: 06:25:57) 0g/s 12247Kp/s 12247Kc/s 145697GC/s
s0m3<'(1a..s0m3^'(1a
0g 0:00:00:08 1.29% (9) (ETA: 06:26:58) 0g/s 12293Kp/s 12293Kc/s 131127GC/s
s0m3n)Oua..s0m3m)Oua
0g 0:00:00:09 1.50% (9) (ETA: 06:26:36) 0g/s 12274Kp/s 12274Kc/s 135984GC/s
s0m36={Na..s0m3v={Na
Post by Marc
So I found out I can define custom rules. Unfortunately I didn't find what
the custom rule should be like to say that password starts with: s0m3
[List.Rules:Example]
s0m3...
Could someone help me define the rule to say it should starts with s0m3
and for the rest use the characters from the custom.chr. Another thing I'd
like to have in the rule is that I know some of the characters are only in
the password once so I'd like to define that as well.
You should start with the baseword as you "wordlist", and then apply rules
to the end of the wordlist.
echo s0m3 >wordlist.txt
john hashes.txt -w=wordlist.txt -rules=some-rules -session=rules
[List.Rules:some-rules]
$[0-9]$[0-9]$[0-9]$[0-9]
$[a-zA-Z]$[a-zA-Z]$[a-zA-Z]$[a-zA-Z]
And so on... those are very simple and unlikely rules, but that's the idea,
to append all digits, to append all alpha. Mask will do this already, and
maybe faster.
Post by Marc
combinations where those characters would appear multiple times.
Might just try all rules john.conf has already, it does what your asking
and a whole lot more
john hashes.txt -w=wordlist.txt -rules=all
Post by Marc
Finally, one last thing I couldn't find out is how can I see the passwords
that are being tried so I can see that it follows the rules the way I
expect.
You have to press a key on the keyboard to see progress, or look in the log
files, when you use the -session=xyz you will see times/logs in xyz.log.
You wont see what it being tried but when it switches to new lengths, rules
etc...
If I were you I might try a wordlist like rockyou first, maybe even try
-prince mode, then go to mask.
$ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?w -prince=rockyou.txt
-min-length=8 -max-length=16 -session-prince-hybrid
Using default input encoding: UTF-8
Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
256/256 AVX2 8x])
Warning: invalid UTF-8 seen reading rockyou.txt
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:04 0g/s 1872Kp/s 1872Kc/s 21854GC/s s0m3joy921203..s0m3joy712005
0g 0:00:00:05 0g/s 2819Kp/s 2819Kc/s 34967GC/s s0m3Omomdad7..s0m3$momdad7
0g 0:00:00:07 0g/s 3384Kp/s 3384Kc/s 37465GC/s s0m3rose13211..s0m3rose12881
0g 0:00:00:08 0g/s 3776Kp/s 3776Kc/s 43709GC/s s0m3hcabayao..s0m38cabayao
0g 0:00:00:10 0g/s 4079Kp/s 4079Kc/s 43709GC/s s0m3017924041..s0m3017872901
0g 0:00:00:11 0g/s 4303Kp/s 4303Kc/s 47682GC/s s0m30fizzy12..s0m3Rfizzy12
0g 0:00:00:13 0g/s 4484Kp/s 4484Kc/s 47071GC/s s0m3bestminga..s0m3bestmanea
0g 0:00:00:14 0g/s 4580Kp/s 4580Kc/s 48432GC/s s0m3bigpr..s0m3antpr
You could even throw rules in on top of all that!
$ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?w -prince=rockyou.txt
-rules=NT -min-length=8 -max-length=16
Using default input encoding: UTF-8
Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
256/256 AVX2 8x])
Warning: invalid UTF-8 seen reading rockyou.txt
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:05 0g/s 197023p/s 197023c/s 2185GC/s s0m3kikoKIKO..s0m3kikOKIkO
0g 0:00:00:06 0g/s 242310p/s 242310c/s 2731GC/s s0m3123456AS..s0m31234567s
0g 0:00:00:07 0g/s 269726p/s 269726c/s 3122GC/s s0m3IloVemia..s0m3ilOVEmia
0g 0:00:00:09 0g/s 282448p/s 282448c/s 3035GC/s s0m3TANeISHA..s0m3TANEIShA
0g 0:00:00:10 0g/s 293961p/s 293961c/s 3278GC/s s0m3KONnaRaK..s0m3KONNarAK
0g 0:00:00:12 0g/s 303905p/s 303905c/s 3187GC/s s0m3kidsROck..s0m3kIdsrOck
0g 0:00:00:13 0g/s 312141p/s 312141c/s 3362GC/s s0m3CARSwelL..s0m3CARSWELL
0g 0:00:00:14 0g/s 317617p/s 317617c/s 3512GC/s s0m3hAMMOndS..s0m3HammoNDS
0g 0:00:00:16 0g/s 321150p/s 321150c/s 3353GC/s s0m3BANaNA24..s0m3BANANA24
-rich
Marc
2017-07-10 19:48:37 UTC
Permalink
So at the end I managed to crack it. I used wordlist and simply wrote
some code to generate all the possible combinations rather than use john
for it as it was easier for me to define that character X or Y can't
repeat or that another one can repeat up to 2 times, etc... reducing
greatly the number of combinations.

Thanks for your help anyway.
Post by Marc
Thank you, I have tried this but it doesn't seem to follow the -min as
I can see what it's trying has length 6. The password I am trying to
crack is a keepass password. I got the hash using keepass2john from
the john bleeding jumbo.
john -min=10 -mask=p3tI?a?a?a?a?a?a?a?a?a?a?a?a -session=mask
keepass.hash
Thanks for your help.
Post by Rich Rumble
Post by Marc
Hi,
I am new to john. I am trying to crack a password where I know most of it.
So for example I know what characters are in it and I know the length is
between 8 and 16 chars.
[Incremental:Custom]
File = ~/.john/custom.chr
MinLen = 8
MaxLen = 16
I generated the custom.chr from a john.pot file in which I put some
variation of what the password is like with the characters it contains. So
Probably not the way to go to find this, but could work if you had a ton of
john hashes.txt -mask=s0m3?a?a?a?a?a?a?a?a?a?a?a?a -session=mask
That will begin cracking all printable ascii characters for a word
beginning with "s0m3", see MASK in the doc folder for other examples
$ ./john.exe sha1s.txt -format=raw-sha1
-mask=s0m3?a?a?a?a?a?a?a?a?a?a?a?a
-min=8
Using default input encoding: UTF-8
Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
256/256 AVX2 8x])
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:01 20.60% (8) (ETA: 06:16:41) 0g/s 12113Kp/s 12113Kc/s
174836GC/s s0m32{!5..s0m3d{!5
0g 0:00:00:02 41.20% (8) (ETA: 06:16:42) 0g/s 12192Kp/s 12192Kc/s
174836GC/s s0m3p^mL..s0m3x^mL
0g 0:00:00:04 61.79% (8) (ETA: 06:16:43) 0g/s 12225Kp/s 12225Kc/s
131127GC/s s0m3C~ZJ..s0m3!~ZJ
0g 0:00:00:05 82.39% (8) (ETA: 06:16:43) 0g/s 12255Kp/s 12255Kc/s
139869GC/s s0m3F%7)..s0m3,%7)
0g 0:00:00:06 1.04% (9) (ETA: 06:26:13) 0g/s 12274Kp/s 12274Kc/s 141467GC/s
s0m3||||..s0m3raaaa <-----Length switched to 9
0g 0:00:00:06 1.07% (9) (ETA: 06:25:57) 0g/s 12247Kp/s 12247Kc/s 145697GC/s
s0m3<'(1a..s0m3^'(1a
0g 0:00:00:08 1.29% (9) (ETA: 06:26:58) 0g/s 12293Kp/s 12293Kc/s 131127GC/s
s0m3n)Oua..s0m3m)Oua
0g 0:00:00:09 1.50% (9) (ETA: 06:26:36) 0g/s 12274Kp/s 12274Kc/s 135984GC/s
s0m36={Na..s0m3v={Na
Post by Marc
So I found out I can define custom rules. Unfortunately I didn't find what
the custom rule should be like to say that password starts with: s0m3
[List.Rules:Example]
s0m3...
Could someone help me define the rule to say it should starts with s0m3
and for the rest use the characters from the custom.chr. Another thing I'd
like to have in the rule is that I know some of the characters are only in
the password once so I'd like to define that as well.
You should start with the baseword as you "wordlist", and then apply rules
to the end of the wordlist.
echo s0m3 >wordlist.txt
john hashes.txt -w=wordlist.txt -rules=some-rules -session=rules
[List.Rules:some-rules]
$[0-9]$[0-9]$[0-9]$[0-9]
$[a-zA-Z]$[a-zA-Z]$[a-zA-Z]$[a-zA-Z]
And so on... those are very simple and unlikely rules, but that's the idea,
to append all digits, to append all alpha. Mask will do this already, and
maybe faster.
Post by Marc
combinations where those characters would appear multiple times.
Might just try all rules john.conf has already, it does what your asking
and a whole lot more
john hashes.txt -w=wordlist.txt -rules=all
Post by Marc
Finally, one last thing I couldn't find out is how can I see the passwords
that are being tried so I can see that it follows the rules the way I
expect.
You have to press a key on the keyboard to see progress, or look in the log
files, when you use the -session=xyz you will see times/logs in xyz.log.
You wont see what it being tried but when it switches to new lengths, rules
etc...
If I were you I might try a wordlist like rockyou first, maybe even try
-prince mode, then go to mask.
$ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?w -prince=rockyou.txt
-min-length=8 -max-length=16 -session-prince-hybrid
Using default input encoding: UTF-8
Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
256/256 AVX2 8x])
Warning: invalid UTF-8 seen reading rockyou.txt
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:04 0g/s 1872Kp/s 1872Kc/s 21854GC/s
s0m3joy921203..s0m3joy712005
0g 0:00:00:05 0g/s 2819Kp/s 2819Kc/s 34967GC/s
s0m3Omomdad7..s0m3$momdad7
0g 0:00:00:07 0g/s 3384Kp/s 3384Kc/s 37465GC/s
s0m3rose13211..s0m3rose12881
0g 0:00:00:08 0g/s 3776Kp/s 3776Kc/s 43709GC/s
s0m3hcabayao..s0m38cabayao
0g 0:00:00:10 0g/s 4079Kp/s 4079Kc/s 43709GC/s
s0m3017924041..s0m3017872901
0g 0:00:00:11 0g/s 4303Kp/s 4303Kc/s 47682GC/s
s0m30fizzy12..s0m3Rfizzy12
0g 0:00:00:13 0g/s 4484Kp/s 4484Kc/s 47071GC/s
s0m3bestminga..s0m3bestmanea
0g 0:00:00:14 0g/s 4580Kp/s 4580Kc/s 48432GC/s s0m3bigpr..s0m3antpr
You could even throw rules in on top of all that!
$ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?w -prince=rockyou.txt
-rules=NT -min-length=8 -max-length=16
Using default input encoding: UTF-8
Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
256/256 AVX2 8x])
Warning: invalid UTF-8 seen reading rockyou.txt
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:05 0g/s 197023p/s 197023c/s 2185GC/s
s0m3kikoKIKO..s0m3kikOKIkO
0g 0:00:00:06 0g/s 242310p/s 242310c/s 2731GC/s
s0m3123456AS..s0m31234567s
0g 0:00:00:07 0g/s 269726p/s 269726c/s 3122GC/s
s0m3IloVemia..s0m3ilOVEmia
0g 0:00:00:09 0g/s 282448p/s 282448c/s 3035GC/s
s0m3TANeISHA..s0m3TANEIShA
0g 0:00:00:10 0g/s 293961p/s 293961c/s 3278GC/s
s0m3KONnaRaK..s0m3KONNarAK
0g 0:00:00:12 0g/s 303905p/s 303905c/s 3187GC/s
s0m3kidsROck..s0m3kIdsrOck
0g 0:00:00:13 0g/s 312141p/s 312141c/s 3362GC/s
s0m3CARSwelL..s0m3CARSWELL
0g 0:00:00:14 0g/s 317617p/s 317617c/s 3512GC/s
s0m3hAMMOndS..s0m3HammoNDS
0g 0:00:00:16 0g/s 321150p/s 321150c/s 3353GC/s
s0m3BANaNA24..s0m3BANANA24
-rich
Rich Rumble
2017-07-10 20:25:31 UTC
Permalink
Post by Marc
Thank you, I have tried this but it doesn't seem to follow the -min as I
can see what it's trying has length 6. The password I am trying to crack is
a keepass password. I got the hash using keepass2john from the john
bleeding jumbo.
john -min=10 -mask=p3tI?a?a?a?a?a?a?a?a?a?a?a?a -session=mask keepass.hash
Thanks for your help.
In the future, let's try to keep our responses in-line as opposed to
top-posting. Mine are inline, which is under and or "inside" of yours.
You could try the full command option "--min-length=N", but I doubt that is
the issue. It may also be helpful to know what version of JtR your using
and if it's capable of doing what we want, I think it is, but to be sure:
./john --list=build-info
./john --list=formats|grep -i keep
Those should shed some light on what version your using. Here are some test
hashes you can try as well:
http://openwall.info/wiki/john/sample-non-hashes#KeePass It's possible the
encryption options being used aren't supported with JtR, but I'm not 100%
on that, try the sample hashes.
-rich
Post by Marc
Hi,
Post by Rich Rumble
Post by Marc
I am new to john. I am trying to crack a password where I know most of it.
So for example I know what characters are in it and I know the length is
between 8 and 16 chars.
[Incremental:Custom]
File = ~/.john/custom.chr
MinLen = 8
MaxLen = 16
I generated the custom.chr from a john.pot file in which I put some
variation of what the password is like with the characters it contains. So
Probably not the way to go to find this, but could work if you had a ton
of
john hashes.txt -mask=s0m3?a?a?a?a?a?a?a?a?a?a?a?a -session=mask
That will begin cracking all printable ascii characters for a word
beginning with "s0m3", see MASK in the doc folder for other examples
$ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?a?a?a?a?a?a?a?a?a?a
?a?a
-min=8
Using default input encoding: UTF-8
Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
256/256 AVX2 8x])
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:01 20.60% (8) (ETA: 06:16:41) 0g/s 12113Kp/s 12113Kc/s
174836GC/s s0m32{!5..s0m3d{!5
0g 0:00:00:02 41.20% (8) (ETA: 06:16:42) 0g/s 12192Kp/s 12192Kc/s
174836GC/s s0m3p^mL..s0m3x^mL
0g 0:00:00:04 61.79% (8) (ETA: 06:16:43) 0g/s 12225Kp/s 12225Kc/s
131127GC/s s0m3C~ZJ..s0m3!~ZJ
0g 0:00:00:05 82.39% (8) (ETA: 06:16:43) 0g/s 12255Kp/s 12255Kc/s
139869GC/s s0m3F%7)..s0m3,%7)
0g 0:00:00:06 1.04% (9) (ETA: 06:26:13) 0g/s 12274Kp/s 12274Kc/s 141467GC/s
s0m3||||..s0m3raaaa <-----Length switched to 9
0g 0:00:00:06 1.07% (9) (ETA: 06:25:57) 0g/s 12247Kp/s 12247Kc/s 145697GC/s
s0m3<'(1a..s0m3^'(1a
0g 0:00:00:08 1.29% (9) (ETA: 06:26:58) 0g/s 12293Kp/s 12293Kc/s 131127GC/s
s0m3n)Oua..s0m3m)Oua
0g 0:00:00:09 1.50% (9) (ETA: 06:26:36) 0g/s 12274Kp/s 12274Kc/s 135984GC/s
s0m36={Na..s0m3v={Na
So I found out I can define custom rules. Unfortunately I didn't find what
Post by Marc
the custom rule should be like to say that password starts with: s0m3
[List.Rules:Example]
s0m3...
Could someone help me define the rule to say it should starts with s0m3
and for the rest use the characters from the custom.chr. Another thing I'd
like to have in the rule is that I know some of the characters are only in
the password once so I'd like to define that as well.
You should start with the baseword as you "wordlist", and then apply
rules
to the end of the wordlist.
echo s0m3 >wordlist.txt
john hashes.txt -w=wordlist.txt -rules=some-rules -session=rules
[List.Rules:some-rules]
$[0-9]$[0-9]$[0-9]$[0-9]
$[a-zA-Z]$[a-zA-Z]$[a-zA-Z]$[a-zA-Z]
And so on... those are very simple and unlikely rules, but that's the idea,
to append all digits, to append all alpha. Mask will do this already, and
maybe faster.
Post by Marc
combinations where those characters would appear multiple times.
Might just try all rules john.conf has already, it does what your asking
and a whole lot more
john hashes.txt -w=wordlist.txt -rules=all
Finally, one last thing I couldn't find out is how can I see the passwords
Post by Marc
that are being tried so I can see that it follows the rules the way I
expect.
You have to press a key on the keyboard to see progress, or look in the
log
files, when you use the -session=xyz you will see times/logs in xyz.log.
You wont see what it being tried but when it switches to new lengths, rules
etc...
If I were you I might try a wordlist like rockyou first, maybe even try
-prince mode, then go to mask.
$ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?w -prince=rockyou.txt
-min-length=8 -max-length=16 -session-prince-hybrid
Using default input encoding: UTF-8
Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
256/256 AVX2 8x])
Warning: invalid UTF-8 seen reading rockyou.txt
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:04 0g/s 1872Kp/s 1872Kc/s 21854GC/s
s0m3joy921203..s0m3joy712005
0g 0:00:00:05 0g/s 2819Kp/s 2819Kc/s 34967GC/s s0m3Omomdad7..s0m3$momdad7
0g 0:00:00:07 0g/s 3384Kp/s 3384Kc/s 37465GC/s
s0m3rose13211..s0m3rose12881
0g 0:00:00:08 0g/s 3776Kp/s 3776Kc/s 43709GC/s s0m3hcabayao..s0m38cabayao
0g 0:00:00:10 0g/s 4079Kp/s 4079Kc/s 43709GC/s
s0m3017924041..s0m3017872901
0g 0:00:00:11 0g/s 4303Kp/s 4303Kc/s 47682GC/s s0m30fizzy12..s0m3Rfizzy12
0g 0:00:00:13 0g/s 4484Kp/s 4484Kc/s 47071GC/s
s0m3bestminga..s0m3bestmanea
0g 0:00:00:14 0g/s 4580Kp/s 4580Kc/s 48432GC/s s0m3bigpr..s0m3antpr
You could even throw rules in on top of all that!
$ ./john.exe sha1s.txt -format=raw-sha1 -mask=s0m3?w -prince=rockyou.txt
-rules=NT -min-length=8 -max-length=16
Using default input encoding: UTF-8
Loaded 10421099 password hashes with no different salts (Raw-SHA1 [SHA1
256/256 AVX2 8x])
Warning: invalid UTF-8 seen reading rockyou.txt
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:05 0g/s 197023p/s 197023c/s 2185GC/s
s0m3kikoKIKO..s0m3kikOKIkO
0g 0:00:00:06 0g/s 242310p/s 242310c/s 2731GC/s
s0m3123456AS..s0m31234567s
0g 0:00:00:07 0g/s 269726p/s 269726c/s 3122GC/s
s0m3IloVemia..s0m3ilOVEmia
0g 0:00:00:09 0g/s 282448p/s 282448c/s 3035GC/s
s0m3TANeISHA..s0m3TANEIShA
0g 0:00:00:10 0g/s 293961p/s 293961c/s 3278GC/s
s0m3KONnaRaK..s0m3KONNarAK
0g 0:00:00:12 0g/s 303905p/s 303905c/s 3187GC/s
s0m3kidsROck..s0m3kIdsrOck
0g 0:00:00:13 0g/s 312141p/s 312141c/s 3362GC/s
s0m3CARSwelL..s0m3CARSWELL
0g 0:00:00:14 0g/s 317617p/s 317617c/s 3512GC/s
s0m3hAMMOndS..s0m3HammoNDS
0g 0:00:00:16 0g/s 321150p/s 321150c/s 3353GC/s
s0m3BANaNA24..s0m3BANANA24
-rich
Loading...