3

I left my old job a few years back and wanted to check a few of my old pdf payslips but for the life of me I can't remember the password. I've tried using John The Ripper in incremental mode because I do know it wasn't a complicated password (I never changed the one they provided me when they setup Sage as I never saw the need) but despite running for over a day it still hadn't found it.

I was pretty sure it was just the first part of my email address (let's call is abcchji) followed by, or perhaps preceded by a series of numbers. There may have been a single capital in it too at the start.

I've tried looking for guides, but the ones I've found are far more complicated than what I'm looking to achieve.

I want John the search solely for the string abcchji, but with John then trying random strings of numbers (0-9) and symbols (nothing exotic, maybe a ! or #, the passwords for everyone were set up together so I don't remember it being too difficult to remember until I didn't use it for 4 years)

Is what I'm looking to achieve even possible?

ram0nvaldez
  • 204
  • 1
  • 2
  • 9
Will
  • 133
  • 1
  • 5
  • What masks have you tried? – schroeder Jul 09 '20 at 19:06
  • I have tried ?d?d?sabcchij?d?d?d and various combinations of numbers/symbols ion front of and behind the string I think the password contains, none of whichwere successful. At this stage it's more of an ocd thing because it's infuriating me I can't remember this simple password. I may be wrong about the string being my email but it was definitely based on my name (as is my email) so ideally I would love to create a custom character set with numbers, # & !, and the letters of my name/email in both upper and lower case and just set John to work mixing them all up to see if it can find it. – Will Jul 09 '20 at 21:37

1 Answers1

5

You can create your own JtR rules to generate your wordlist.
Create a local john-local.conf file in your working directory, so JtR will include it, giving you the option to run rules defined therein: 

~/$ cat john-local.conf 
[List.Rules:myrule]
# as-is
:
# append a number
: $[0-9]
# append 2 numbers
: $[0-9]$[0-9]
# prepend a number
: ^[0-9]
# prepend 2 numbers
: ^[0-9]^[0-9]
# prepend a number and append a number
: ^[0-9]$[0-9]
# capitalize
c
# capitalize and append a number
c $[0-9]
# capitalize and append 2 numbers
c $[0-9]$[0-9]
# capitalize and prepend a number
c ^[0-9]
# capitalize and prepend 2 numbers
c ^[0-9]^[0-9]
# capitalize and prepend a number and append a number
c ^[0-9]$[0-9]
# capitalize and prepend "nothing exotic" and append a number
c ^[0-9A-Za-z#!]$[0-9]

I've added comments above the rules so you can understand the syntax. Adjust it to your needs.
Put your basic password candidates in a file (I called it wordlist): 

~/$ cat wordlist 
abcchji

Now, in order to apply those rules and generate your custom wordlist, call john specifying your custom ruleset in the --rules attribute:

~/$ john --wordlist=wordlist --stdout --rules:myrule >longlist
Using default input encoding: UTF-8
Press 'q' or Ctrl-C to abort, almost any other key for status
1282p 0:00:00:00 100.00% (2020-07-09 20:08) 42733p/s !Abcchji9

Depending on your rules, the wordlist will contain all corresponding combinations.

~/$ wc longlist 
 1282  1282 12776 longlist

~/$ cat longlist
abcchji
abcchji0
abcchji1
abcchji2
abcchji3
abcchji4
abcchji5
... (truncated)
!Abcchji4
!Abcchji5
!Abcchji6
!Abcchji7
!Abcchji8
!Abcchji9

Finally, run JtR with the argument --wordlist=longlist against you pdf file.

lab9
  • 474
  • 2
  • 7
  • 1
    That is outstanding, thank you. I assume given the format of your final entry in the john-local.conf rules (c ^[0-9A-Za-z#!]$[0-9]) that I could replace, say A-Za-z with ACEace, and the rule would then ONLY use the letters a, c & e in either upper or lower case? – Will Jul 10 '20 at 14:40
  • 1
    hi @Will, yes that's what I would expect. It's helpful to play around with the options, so I'd suggest to create a rule with a different name just for testing (and skip the redirection so you can see the results on the screen immediately) – lab9 Jul 10 '20 at 14:46
  • 1
    That has provided me a great basis to do what I need and more. Thank you. – Will Jul 10 '20 at 14:52
  • 1
    You're welcome, good luck! – lab9 Jul 10 '20 at 14:55