Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20120120150652.GA6369@openwall.com>
Date: Fri, 20 Jan 2012 19:06:52 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Cc: Martin M?nsson <martin@...adix.se>
Subject: Re: Crack the rest of a password if first half of password is known?

Hi Martin,

You don't appear to be subscribed.  I am CC'ing this message to you, but
someone else might not...

On Fri, Jan 20, 2012 at 03:54:11PM +0100, Martin M?nsson wrote:
> If i know half the password in plaintext, lets say, 8 characters out of 12. Is there a way to make JtR crack the 4 remaining characters?

Yes.  One way is to revise and use the KnownForce external mode sample
(see john.conf supplied with JtR).

Another way is to create a new external mode that only has a filter()
function.  This function may prepend your known portion of the password
to word[].  It will then be usable along with any cracking mode (e.g.,
you may set incremental mode's MinLen and MaxLen to 4 and use it along
with your external filter() prepending your known 8-character string to
form 12-character candidate passwords).

Yet another way is to use a wordlist rule like:

[List.Rules:Wordlist]
A0"known8ch"

along with a wordlist - but this will only work with a wordlist (not
with other cracking modes).

> Also if i know the SAP CODEVN B (max 8 alpha numeric case-insensitive) password is there a way to use that to obtain the SAP CODEVN G (max 40 case sensitive alnum + special chars) password?

Yes, this should be possible in a way similar to how NTLM hashes may be
cracked with the help of previously cracked LM hash passwords:

http://www.openwall.com/lists/john-users/2006/07/08/2

Someone familiar with SAP passwords may provide specific instructions.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.