Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 23 Jan 2016 16:44:25 -0800
From: Dan Tentler <dan@...nlabs.com>
To: john-users <john-users@...ts.openwall.com>
Subject: lost sparsebundle/timemachine credential

Hey Fellas,

  So, like a derp, I screwed up my backups. I was able to partially 
restore using a backup from last august, but theres a sparsebundle I 
need to crack to get my newest backups.

  I've already used dmg2john to get the hash (holy crap are they huge) 
from the sparsebundle.
  My question is about hugely narrowing down the passwords. I need to 
basically build a dictionary of my own credentials, and substitute words 
and numbers around.

  Outside of using crunch, and building a huge dictionary by hand, is 
there a way to tell jtr to use wildcards, similar to how hashcat does 
it? Or to stack dictionaries?
  Here's what I'm thinking

  Lets say my password is "imadumbass123!!!", but I want to swap just 
the exclamation points at the end for other symbols, the numbers for 
other letters, or the word 'dumbass' for 'idiot' or another smaller 
dictionary of options.. Is it possible to do something like

ima$1123!!!
imadumbass$1!!!
imadumbass123$1

where $1 would be either a mask (?d?d?d, ?s?s?s) or another smaller dict 
file (selfdeprecationisfun.txt, which contains a variety of other words)

I don't THINK jtr can do this at the moment, if it can I'll be 
pleasantly surprised, but I'm expecting some amalgamation of glueing 
together various tools to get this done.

Any advice is appreciated!

If you guys recall - Jeremiah Grossman had the same problem a few years 
ago and he wrote a blogpost about it. This is literally the same thing.

-Dan

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.