CaveOps | Post: John the Ripper crack password when you know a part of it

Table of Content

Install

From you Package Manager

$ sudo apt update
$ sudo apt install john

From Source Code

$ git clone https://github.com/magnumripper/JohnTheRipper.git
$ cd JohnTheRipper/src
$ ./configure && sudo make -s clean && sudo make -sj4
$ cd ../run

Addition: 7z

$ sudo apt install p7zip
$ sudo apt install libcompress-raw-lzma-perl

Crack password when you know a part of it

Let’s say you installed JtR from source code.

Rules and WordList

add this to ./john.conf:

[List.Rules:myrule]
# as-is
:
# append a number
: $[0-9]
# append 2 numbers
: $[0-9]$[0-9]
# prepend a number
: ^[0-9]
# prepend 2 numbers
: ^[0-9]^[0-9]
# prepend a number and append a number
: ^[0-9]$[0-9]
# capitalize
c
# capitalize and append a number
c $[0-9]
# capitalize and append 2 numbers
c $[0-9]$[0-9]
# capitalize and prepend a number
c ^[0-9]
# capitalize and prepend 2 numbers
c ^[0-9]^[0-9]
# capitalize and prepend a number and append a number
c ^[0-9]$[0-9]
# capitalize and prepend "nothing exotic" and append a number
c ^[0-9A-Za-z#!]$[0-9]

I’ve added comments above the rules so you can understand the syntax. Adjust it to your needs.

$ echo "abcchji" > wordlist

Now, put your basic password candidates in a file (I called it wordlist). In order to apply those rules and generate your custom wordlist, call john specifying your custom ruleset in the --rules attribute:

$ ./john --wordlist=wordlist --stdout --rules:custom > longlist
Using default input encoding: UTF-8
Press 'q' or Ctrl-C to abort, almost any other key for status
1282p 0:00:00:00 100.00% (2023-08-29 12:06) 42733p/s !Abcchji9

Depending on your rules, the wordlist will contain all corresponding combinations.

~/$ wc longlist
 1282  1282 12776 longlist

~/$ cat longlist
abcchji
abcchji0
abcchji1
abcchji2
abcchji3
abcchji4
abcchji5
... (truncated)
!Abcchji4
!Abcchji5
!Abcchji6
!Abcchji7
!Abcchji8
!Abcchji9

Hash and Passwird

Now get the hash info of you zip file:

$ ./zip2john /path/to/your/zip_file.zip > hash

Finally, run JtR with the argument --wordlist=longlist against you zip file.

$ ./john --wordlist=longlist ./hash
Using default input encoding: UTF-8
Loaded 1 password hash (Zip archive encryption [SHA256 256/256 AVX2 8x AES])
Cost 1 (iteration count) is 524288 for all loaded hashes
Cost 2 (padding size) is 14 for all loaded hashes
Cost 3 (compression type) is 0 for all loaded hashes
Cost 4 (data length) is 130 for all loaded hashes
Will run 4 OpenMP threads
Press 'q' or Ctrl-C to abort, 'h' for help, almost any other key for status
!Abcchji9      (zip_file.zip)
1g 0:00:04:02 DONE (2023-08-29 12:48) 0g/s 62.34p/s 62.34c/s 62.34C/s !Abcchji4..!Abcchji9
Use the "--show" option to display all of the cracked passwords reliably
Session completed.