|
Message-ID: <CAGSLPCbu=ieqAac_TUmcVLyH3gWfoyBAYQ3c6HhyZmAySyPi2Q@mail.gmail.com> Date: Mon, 16 Sep 2024 22:41:07 +0530 From: Pentester LAB <pentesterlab3@...il.com> To: john-users@...ts.openwall.com Subject: Re: Hexadecimal attack Subject: John the Ripper Equivalent to Hashcat's --hex-charset for Bitcoin Hashes Hi, I successfully cracked a Bitcoin hash using Hashcat with the following command: ```bash hashcat -m 11300 ab.hash -a 3 --hex-charset 6142 ``` In this case, `61` is the hex value for `a` and `42` is the hex value for `B`, resulting in the password `aB`. When I tried John the Ripper with the following commands: ```bash ~/tools/john-bleeding-jumbo/run/john --mask='[0-9][0-9][0-9][0-9]' --format=bitcoin ab.hash ~/tools/john-bleeding-jumbo/run/john --mask='[0-9a-f][0-9a-f][0-9a-f][0-9a-f]' --format=bitcoin ab.hash ``` John seems to only accept UTF-8 by default. Is there a way to handle hexadecimal input directly in John, similar to Hashcat’s `--hex-charset` or `--hex-wordlist` options? If not, is there a workaround or specific switch to achieve this? My Bitcoin hash is: ``` $bitcoin$64$7e641e6315f8872eed57c344560a4f76f7d3bc0424ad7be89eada848431969ee$16$0a041920753002a2$50310$2$00$2$00 ``` Thanks for your help. On Sat, Sep 14, 2024 at 7:35 PM Solar Designer <solar@...nwall.com> wrote: > On Sat, Sep 14, 2024 at 12:25:12AM +0530, Pentester LAB wrote: > > Does hashcat support hex-charset? For example, if I give it > "--hex-charset > > -1 ?d ?1?1?1" to crack a 0to9 -digit value as hexadecimal. > > This example looks confused. You could want to illustrate what you > actually want differently, e.g. by an example password you'd want to > have cracked. > > > Does John the Ripper have a similar feature? > > Since you didn't explain which exact feature you're actually after, let > me give you two answers. > > 1. If you want to crack passwords that are strings of hexadecimal > characters, you can do that e.g. with a custom mask mode charset: > > $ ./john -9='0-9a-f' --mask='?9?9' --stdout | head > Press 'q' or Ctrl-C to abort, 'h' for help, almost any other key for status > 256p 0:00:00:00 100.00% (2024-09-14 15:55) 5120p/s ff > 00 > 10 > 20 > 30 > 40 > 50 > 60 > 70 > 80 > 90 > > $ ./john -9='0-9a-f' --mask='?9?9' --stdout | tail > Press 'q' or Ctrl-C to abort, 'h' for help, almost any other key for status > 256p 0:00:00:00 100.00% (2024-09-14 15:56) 3657p/s ff > 6f > 7f > 8f > 9f > af > bf > cf > df > ef > ff > > 2. If you want to specify the character codes as hexadecimal, such as to > use characters that you can't easily type directly, then you can also do > that e.g. with a custom mask mode charset: > > $ ./john -9='\x41-\x43\x78' --mask='?9?9' --stdout > AA > BA > CA > xA > AB > BB > CB > xB > AC > BC > CC > xC > Ax > Bx > Cx > xx > 16p 0:00:00:00 100.00% (2024-09-14 16:01) 320.0p/s xx > > I encoded printable characters in this example so that I can show them > in this message, but you'd probably actually use this feature with > hexadecimal codes corresponding to weirder characters. > > I hope this helps. > > Alexander >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.