0

Is it possible to specify a mask (of sorts) on the command like with John the Ripper where most of the words are known (but not the permutations used in the passphrase)?

Example: If part of the passphrase is the word "Agile", the passphrase could be one of "aGile", "Ag!le", "Ag1le", etc.

I know one the command like I could specify a mask such as:

--mask='?a' --min-length=xx --max-length=yy

But I know that the passphrase uses a few words and is 12-20 characters long (so just doing the above mask will take a very long time to compute given the number of ASCII characters that will be tried by default. I can reduce that by at least seeding the phrase with a couple of possible words (that may require some minor substitution) and let John deal with any prefix and postfix words or special characters (e.g. trailing "!" characters, etc.)

Improve this question
2
  • welcome - do any of these answer your q? security.stackexchange.com/search?q=%5Bjohn-the-ripper%5D+mask
    – brynk
    Commented Jan 25, 2023 at 22:20
  • Not specifically but I figured out an approach that will work (generated a wordlist with a large number of variants for specific placeholder characters that may differ ... e.g., "iI1") and then ran (still running :) ) JtR with a set of custom rules (e.g., something like: 'cA0"[A-Za-z][A-Za-z]"Az"[!]"Az"[!]"') for prefix/postfix possibilities. I'm sure there could be a more efficient method but this is just a background job on another machine that will run for a long time
    – rfbsurf
    Commented Jan 27, 2023 at 15:26

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .