Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <COL112-W36824DFA76D1B4B980F082C80A0@phx.gbl>
Date: Wed, 26 Nov 2008 11:20:48 -0500
From: Adam Turk <bofh1234@...mail.com>
To: <john-users@...ts.openwall.com>
Subject: RE: Partly known password


> I forgot some parts of my password to a service-account. Since it is windows
> something broke and
> I can't update my software! Now I'm bruteforcing the password, but it's so
> slow..
> 
> I think the password is 9 or 10 letter/digets, and I remember a phrase I put
> in the middel of
> the password. (let's say "1batMan" just as an example).
> 
> The format is something like this
> 
> XX1batMan or XX1batManX (where X's is unknown.)
> 
> I had a look at the mailing list
>  http://www.openwall.com/lists/john-users/2008/05/20/2
> but couldn't figure it out.
> 
> How do I run all the combinations for X together with the part of the
> password I know?
> 
> Oddmund

I recommend cracking the LM hash with john and then with those results switch to using mdcrack 182 to crack the NTLM hash.  mdcrack 183 has a bug in it.  Download at http://membres.lycos.fr/mdcrack/download/MDCrack-182.zip  mdcrack 182 works great under wine.  I do recommend updating wine to the latest version.  With mdcrack you can specify the charset to use to crack so if the LM hash returns CD1BATMAN3 use the following:
wine MDCrack-sse.exe --charset=abcdtmn13ABCDTMN --algorithm=NTLM1 --minsize=10
--maxsize=10 NTLM hash

Don't get me wrong, john the ripper is great, but specifing a specific charset like is difficult.

If you are absolutly certain about 1batMan being exactly like this XX1batManX you can use crunch to generate a wordlist with:
aa1batMana
aa1batManb
and pass that wordlist to john.
Something like:
crunch 10 10 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
-t @@1batMan@ >wordlist.txt
The above is untested but should work.



_________________________________________________________________
Windows Live Hotmail now works up to 70% faster.
http://windowslive.com/Explore/Hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_faster_112008

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.