Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1535794892.103888459@f485.i.mail.ru>
Date: Sat, 01 Sep 2018 12:41:32 +0300
From: Alexander <a.naumoff.z@...l.ru>
To: john-users@...ts.openwall.com
Subject: Re[2]: partially forgotten kdbx pw / help recover partially known pw


Hi Alexander,

first of all thank you for your great help, I reviewed the email and I can see that the solution offered by you would (should anyway) definitely help.

However, I started it with --prince and it said 'unknown option=1000.txt'
I installed the version 1.8.0 (Linux Mint) using the command 'make clean generic'.
Also, it can't find the '-mask':
Unknown option: "--mask=ABC12?w" What I did wrong here?..

The last question is that you suggested in

./john -w=top1000x2.txt --mask='ABC12?w' hashfile

and similar examples where  'ABC12?w' ends with 'w'.

Does this 'w' stands for word lists (to tell the JtR that the next part of pw comes from words list) or is this a part of the first known password's part? 
I assume kind of yes (vote for syntax) since it comes after '?' and might be a part of the command syntax.

Generally, as you have noticed, it can be there after 'ABC12' any other letter like 'b', 'c' or whatever. 
Anyway, I'd try both variants since I looks like a good solution to me.

Thanks again 

Regards,
Alexander

>Пятница, 31 августа 2018, 19:48 +03:00 от Solar Designer < solar@...nwall.com >:
>
>Hi,
>
>I'm sorry no one commented on this sooner.  Please see inline:
>
>On Mon, Aug 27, 2018 at 04:38:27PM +0300, Александр Наумов wrote:
>> The first part is known to me, its like ABC12 (3 capital letters and 2 numbers). I know this part.
>> Then there is one or two quite simple words like 'work', 'home', 'best', 'now' etc. No numbers are placed here, no capital letters.
>> The max length of the whole password is between 10 and 20 characters.
>> Generally it looks like ABC12bestwork OR ABC12worknow etc.
>> I generated the hash for the kdbx file
>
>Great.
>
>You can obtain a common English words list e.g. from one of these URLs:
>
>https://www.ef.edu/english-resources/english-vocabulary/top-100-words/
>https://www.ef.edu/english-resources/english-vocabulary/top-1000-words/
>https://www.ef.edu/english-resources/english-vocabulary/top-3000-words/
>https://github.com/first20hours/google-10000-english/blob/master/google-10000-english.txt
>
>You'll need to copy-paste just the list of words to a text file, or in
>the case of the GitHub URL you can click on "Raw".
>
>You can also use lower.gz from:
>
>http://download.openwall.net/pub/wordlists/languages/English/1-tiny/
>
>If so, "gzip -d" it first.  But it's probably unnecessarily long, and
>isn't as focused on the top words as the above lists are.
>
>Then you can use a combination of PRINCE and mask modes like this:
>
>./john --prince=top-1000-words.txt --prince-elem-cnt-min=2 --prince-elem-cnt-max=2 --mask='ABC12?w' --min-length=10 --max-length=20 hashfile
>
>This may produce a handful of duplicates, which you can filter out if
>you like (makes sense if each guess takes a long time to test):
>
>./john --prince=top-1000-words.txt --prince-elem-cnt-min=2 --prince-elem-cnt-max=2 --mask='ABC12?w' --min-length=10 --max-length=20 --stdout | ./unique to-test.txt
>./john -w=to-test.txt hashfile
>
>where "unique" is a symlink or program located in JtR's run directory.
>
>Alternatively, the old-fashioned way to do it (prior to us getting
>PRINCE, kindly contributed by atom of Hashcat) was to use Perl scripts
>such as those I attached here, e.g.:
>
>./double.pl top-1000-words.txt > top1000x2.txt
>
>Similarly to the above, you can optionally filter out the few duplicates
>that might appear in the combined list with:
>
>rm top1000x2.txt
>./double.pl top-1000-words.txt | ./unique top1000x2.txt
>
>Then use JtR e.g. like this:
>
>./john -w=top1000x2.txt --mask='ABC12?w' hashfile
>
>With the mix.pl script, you can use two different input lists e.g. if
>you know that one of the words is more common than the other.
>
>The scripts also let you specify a word separator easily (e.g., there's
>a commented-out line for separating the two words with a space).
>
>> and wanted to try this:
>> john --session=01 --mask=ABC12\u\u\u\u\u\u\u\u\u\u\ hashfile
>> and then create several (10) sessions for each.
>> The mask command didn't work for me
>
>This mask is wrong, and even if you corrected it e.g. to:
>
>./john --mask='ABC12?l' --min-length=10 --max-length=20 hashfile
>
>it'd take far too long to complete unless your password's length happens
>to be close to the minimum.  Feel free to give this a try while you're
>preparing the wordlist, though - you might get lucky.
>
>There's no need to run a session per length - the mask automatically
>expands to higher lengths as specified by the options.
>
>Just to provide yet another option (more efficient than mask mode alone,
>but less efficient than a focused wordlist), you can combine incremental
>and mask modes:
>
>./john --incremental=lower --mask='ABC12?w' --min-length=10 --max-length=20 hashfile
>
>Unlike mask mode alone, this will consider character triplet
>frequencies, but unlike the wordlist it won't focus on whole words.
>
>If you're unsure the minimum length is 10, just omit "--min-length=10"
>in all of these commands.  This is probably a good idea since testing of
>shorter passwords is relatively quick anyway.
>
>I hope this helps.
>
>Alexander


-- 
Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.