Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20191210172405.GA20763@openwall.com>
Date: Tue, 10 Dec 2019 18:24:05 +0100
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Finding Password to Spareseimage

Hello Greg,

On Tue, Dec 10, 2019 at 05:58:10PM +0200, Greg Burne wrote:
> I have two sparseimage files which I would like to find the passwords to. 
> 
> I have a very good idea on the structure of the password, special characters used, letters in upper and lower case and numbers, but just can't workout the password I set. The password is also somewhere between 8 and 16 characters.
> 
> I have run dmg2john and have the hashes and I'm able to run 'john file.txt'

"Somewhere between 8 and 16 characters" suggests you probably also don't
have a sufficiently good idea of what characters are in what places.
Reading this, my current expectation is that you're out of luck cracking
those passwords, unfortunately - but maybe you do recall more?

> I tried using crunch to create a wordlist,

There's no need to use Crunch along with JtR, because JtR is even more
capable of generating a stream of candidate passwords on its own.  But:

> but it wants to create a file over a PB!

File size isn't the worst problem here.  The real problem is this
expected file size suggests you also wouldn't realistically test all of
those passwords in reasonable time, because attacks on sparsebundles run
slowly.  You need to focus the attack far more in order to arrive at a
set of candidate passwords that you could actually have JtR test.

> I'm working on a MacBook Air running Kali in VirtualBox.

OK.  Given a sufficiently focused attack, this can work.

> I'm not sure on if I should be creating a wordlist, or going about it in another way.

This depends on specifics of what you recall about the password.  If you
don't mind sharing more specifics with the list, we can probably suggest
specific JtR commands for you to use.

For example, you might recall a portion of the password and that certain
characters are of certain types.  If so, you'd use JtR's mask mode.

Alternatively, you might feel you almost recall the password, and have
already tried entering a few passwords that you thought could work but
did not.  If so, you can put those few passwords in a wordlist file and
use JtR's wordlist rules to have it test passwords that have short edit
distance from those (perhaps 1 or 2 edited characters).

I hope this helps.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.