2

I want to optimize the way I'm using John the Ripper. I have a password with a know length (9) that consists only of (lower-case) hex characters and exactly two special characters.

First I tried using the --increment=ASCII option combined with a fixed password length. Then I stripped the character set down to digits, a..f and the known special character set, so JtR skips impossible combinations.

Out of academic interest I'm wondering if there is a more efficient way on how to describe the pattern: that it's all hex values sprinkled with exactly two special characters out of a defined set *!.,+-#.

Examples of matches: 0000000.., *abcdef1*, aa-bb!123 (exactly two special characters)

Counter examples: 123456789, *********, 1234.abcd

Norbert
  • 121
  • 3
  • You could write a script generating wordlists on the fly and run JTR on each of them in a multithreaded enviornment. Suppose you generate wordlists based on regexes like `[*!.,+-#][*!.,+-#][0-9a-f]{6}` ... `[*!.,+-#][0-9a-f]{x}[*!.,+-#][0-9a-f]{6-x}` ... `[0-9a-f]{6}[*!.,+-#][*!.,+-#]` then you'd need to generate total of `8!/2=20160` files 2147 MB each. – kozooh Aug 13 '18 at 10:50

0 Answers0