|
Message-ID: <CANWtx02VhMp7rjV3B2ks23jaUJtHdSJEbnpZXkZFu4yCcGxGHQ@mail.gmail.com> Date: Mon, 17 Dec 2012 21:13:23 -0500 From: Rich Rumble <richrumble@...il.com> To: john-users@...ts.openwall.com Subject: Re: new user help with list vs. incremental modes On Mon, Dec 17, 2012 at 1:54 PM, Raleigh Rinehart <rrinehart@...-estech.com> wrote: > My question is this: how do I best configure JtR to run for a known > password pattern? For example, if I know ahead of time the password is > going to be of the form 3-6 alpha-numerical characters followed by 3-8 > digits? I've gone through the documents, mailing lists and other resources > but am still confused on the best approach attack to this. Incremental isn't as likely to be effective (quickly) unless you tuned the chr files (custom chr file) to try passwords of this pattern or type. There should be quicker ways of doing it, like the rules you've tried are one way (but they will be prepended to all words in your wordlist). You can also try the external modes like Knownforce. ./john passwords.txt -external=knownforce The default knownforce external module is 4 alpha (all lower?) and 4 digits, I think it can be easily tweaked to your use case. (I've included what I believe would do the job at the bottom) > When I run that with: > ./john --format=raw-sha512-cuda --device=1 --session:foo > --wordlist=digits_list.txt -rules:Foo crackme.txt > JtR just seems to do nothing. I let it run for a couple of hours but it > never seemed to do anything. > Running the status command returns this: > ./john --status=foo > fopen: foo.rec: No such file or directory It's a GPU on a MAC so I'm not sure how well tested that is > I am guessing it is because the digits_list.txt is too big (~950meg) or the > way I've tried setting up the mangling is too inefficient. This could also be it... In the KnownForce external this should do a 1-3 alpha numeric (upper and lower + digits) and 1-7 digits after (because the length is 10 in this example, increase to 11 to have 1-8 digits). This will be a "dumb" search, aaa1, aaa2, aaa3 etc... and will take a lot of time potentially. I'm not sure it would be faster this way than using the rules you created on a one line wordlist file, and I've not tested the code below, I think it's right. <snip> length = 10; // Password length to try /* This defines the character sets for different character positions */ pos = 0; while (pos < 3) { ofs = pos++ << 8; i = 0; c = '0'; while (c <= '9') charset[ofs + i++] = c++; c = 'A'; while (c <= 'Z') charset[ofs + i++] = c++; c = 'a'; while (c <= 'z') charset[ofs + i++] = c++; charset[ofs + i] = 0; } while (pos < length) { ofs = pos++ << 8; i = 0; c = '0'; while (c <= '9') charset[ofs + i++] = c++; charset[ofs + i] = 0; } last = length - 1; pos = -1; while (++pos <= last) word[pos] = charset[id[pos] = pos << 8]; lastid = (lastofs = last << 8) - 1; word[pos] = 0; } void generate() </snip> -rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.