|
Message-Id: <429F107F-146F-4E91-AD79-589854565F08@gkc.co.za> Date: Tue, 10 Dec 2019 21:19:50 +0200 From: Greg Burne <gburne@....co.za> To: John <john-users@...ts.openwall.com> Subject: Re: Finding Password to Spareseimage Thank you Alexander, You have been a great help. Let me try the examples below and see how I go. If it’s just not working I chat to you about the password recovery service. Have a good one. Greg > On 10 Dec 2019, at 20:57, Solar Designer <solar@...nwall.com> wrote: > > On Tue, Dec 10, 2019 at 08:22:03PM +0200, Greg Burne wrote: >> The exact special characters used are known, and the exact uppercase and lowercase letters used are known including their position in the password, it is just the length that would really vary, and based on the length would determine the number of special characters used, but the actual password potion I would be able to hit bang on. > > Well, based on this description you can try something like this: > > ./john --mask='knownUl[.!?]' --max-length=16 file.txt > > which would try these candidates: > > knownUl. > knownUl! > knownUl? > knownUl.. > knownUl!. > knownUl?. > knownUl.! > knownUl!! > knownUl?! > knownUl.? > > and so on. You can use the square braces in multiple places in the > mask, but only the last portion of the mask may be have its length > stretched automatically. You can also use placeholders, like this: > > ./john -2='SOMEUPPERS' -3='somelowers' -4='.!??' --mask='known?4?2?2?3?3?4' --max-length=16 file.txt > > which produces: > > known.SSss. > known!SSss. > known?SSss. > known.OSss. > known!OSss. > known?OSss. > known.MSss. > known!MSss. > known?MSss. > known.ESss. > > ... and will take ages before moving to the next length. > >> From a specifics point of view, should I share the details of the password and structure? I would have stop using them then. >> First prize would be if I could keep the passwords secret. > > You can try to work from the examples above. > > If this doesn't help, then yes you could share the details and if your > other passwords are too similar then stop using this pattern. > > You can also use Openwall's password recovery service (recently added to > the Services web page on our website) if your budget permits. Then > you'd only need to share the details privately, and we'd work from your > dmg2john output file on our hardware (a Linux box with multiple GPUs). > > Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.