Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGSLPCbu=ieqAac_TUmcVLyH3gWfoyBAYQ3c6HhyZmAySyPi2Q@mail.gmail.com>
Date: Mon, 16 Sep 2024 22:41:07 +0530
From: Pentester LAB <pentesterlab3@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Hexadecimal attack

Subject: John the Ripper Equivalent to Hashcat's --hex-charset for Bitcoin
Hashes

Hi,

I successfully cracked a Bitcoin hash using Hashcat with the following
command:

```bash
hashcat -m 11300 ab.hash -a 3 --hex-charset 6142
```

In this case, `61` is the hex value for `a` and `42` is the hex value for
`B`, resulting in the password `aB`.

When I tried John the Ripper with the following commands:

```bash
~/tools/john-bleeding-jumbo/run/john --mask='[0-9][0-9][0-9][0-9]'
--format=bitcoin ab.hash
~/tools/john-bleeding-jumbo/run/john
--mask='[0-9a-f][0-9a-f][0-9a-f][0-9a-f]' --format=bitcoin ab.hash
```

John seems to only accept UTF-8 by default. Is there a way to handle
hexadecimal input directly in John, similar to Hashcat’s `--hex-charset` or
`--hex-wordlist` options? If not, is there a workaround or specific switch
to achieve this?

My Bitcoin hash is:

```
$bitcoin$64$7e641e6315f8872eed57c344560a4f76f7d3bc0424ad7be89eada848431969ee$16$0a041920753002a2$50310$2$00$2$00
```

Thanks for your help.


On Sat, Sep 14, 2024 at 7:35 PM Solar Designer <solar@...nwall.com> wrote:

> On Sat, Sep 14, 2024 at 12:25:12AM +0530, Pentester LAB wrote:
> > Does hashcat support hex-charset? For example, if I give it
> "--hex-charset
> > -1 ?d ?1?1?1" to crack a 0to9 -digit value as hexadecimal.
>
> This example looks confused.  You could want to illustrate what you
> actually want differently, e.g. by an example password you'd want to
> have cracked.
>
> > Does John the Ripper have a similar feature?
>
> Since you didn't explain which exact feature you're actually after, let
> me give you two answers.
>
> 1. If you want to crack passwords that are strings of hexadecimal
> characters, you can do that e.g. with a custom mask mode charset:
>
> $ ./john -9='0-9a-f' --mask='?9?9' --stdout | head
> Press 'q' or Ctrl-C to abort, 'h' for help, almost any other key for status
> 256p 0:00:00:00 100.00% (2024-09-14 15:55) 5120p/s ff
> 00
> 10
> 20
> 30
> 40
> 50
> 60
> 70
> 80
> 90
>
> $ ./john -9='0-9a-f' --mask='?9?9' --stdout | tail
> Press 'q' or Ctrl-C to abort, 'h' for help, almost any other key for status
> 256p 0:00:00:00 100.00% (2024-09-14 15:56) 3657p/s ff
> 6f
> 7f
> 8f
> 9f
> af
> bf
> cf
> df
> ef
> ff
>
> 2. If you want to specify the character codes as hexadecimal, such as to
> use characters that you can't easily type directly, then you can also do
> that e.g. with a custom mask mode charset:
>
> $ ./john -9='\x41-\x43\x78' --mask='?9?9' --stdout
> AA
> BA
> CA
> xA
> AB
> BB
> CB
> xB
> AC
> BC
> CC
> xC
> Ax
> Bx
> Cx
> xx
> 16p 0:00:00:00 100.00% (2024-09-14 16:01) 320.0p/s xx
>
> I encoded printable characters in this example so that I can show them
> in this message, but you'd probably actually use this feature with
> hexadecimal codes corresponding to weirder characters.
>
> I hope this helps.
>
> Alexander
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.