I thought about creating a wordlist first but that takes way too much :D
I guess I need a new approach.
Comment has been collapsed.
you can use crunch with john (if you plan to use it) directly, no need to create actual file ;)
Comment has been collapsed.
Well it's time to install Kali I suppose. Windows is not good enough for these stuff.
Comment has been collapsed.
updated hints, now it's only almost 3TB for crunch, totally doable :)
Comment has been collapsed.
With the last hints, it would be probably a lot be easier but I already started crunch and john. Let's see how long it takes.
Comment has been collapsed.
with hints applied, it took me 1 minute to generate wordlist and 20 minutes to get password @ 2500p/s
my end wordlist size is 64.2MB (4941258 possibilities) but i'm not using one of the hints:
- 3 digits appear more than once
Comment has been collapsed.
I appreciate you doing these good giveaways, I just don't understand how to enter any of them though š¤·š»āāļø
Good luck to all the nerds out there.
Comment has been collapsed.
This thing really really doesn't like windows (no matter what I do, the "..hashes loaded" problem appears)..I don't think I can get any further with it :/
Comment has been collapsed.
Curious if another windows user managed anything with John..
Comment has been collapsed.
john works fine on windows, have used it on windows 10. as i understood, crunch has a problem on windows but crunch is optional, just might be faster with crunch ;)
Comment has been collapsed.
I'm baffled.. Used latest build and keep getting "No password hashes loaded <see FAQ>" in Win7 but I don't think it matters. Plain command, not even switches. Worked fine on another file I tried. I'll probably give up, nothing else to try.
Comment has been collapsed.
did you get the hash before you use john? "No password hashes loaded" happen when you use john with file without getting hash or john can't read it
Comment has been collapsed.
...nevermind.. found the way.. It was way too obvious after all, I was doing one step fundamentaly wrong..
Comment has been collapsed.
That's the error I'm getting too. I did this:
- Downloaded jumbo version of JTR and Johnny (GUI).
- Since RAR isn't passwd format, I used file => open other format (*2john)
- Chose rar as format.
- Chose random file name to save hashes to.
- Picked the RAR file in format options.
- Clicked "convert". Supposedly I need Perl and Python installed, I only have Python, not sure if this matters? Conversion worked anyway.
- When I click "start new attack", nothing happens. The console log says "No password hashes loaded (see FAQ)".
Comment has been collapsed.
im not even able to launch the john terminal it just close a microsecond after opening it :') so i believe its not always fine on w10
Comment has been collapsed.
try opening terminal first and then just call john from it
Comment has been collapsed.
unless its the default windows cmd you are talking about, i can't seem to have any terminal that open with john, i tried each and every.exe i found ni the run folder (and all the other folder) wich is a lot btw
Comment has been collapsed.
powershell? but cmd should work as well. just run it and then use cd to move to john directory and then just type name of exe file into cmd
Comment has been collapsed.
yes powershell, though i tried with powershell and command prompt (after a few trial and errors), but in the end it only says that the app "can't execute on my PC" (i used john-1.9.0-jumbo-1-win64) in a big orange windows. So i guess thats it x) might be some things to tweak here and there, but since my compter is running well, i won't try anything that can modify it for now. Though I do wish good luck for all the one that are still trying to get this code !
Comment has been collapsed.
password does not contain 9
Had an idea what the password could be, no luck though. Still, could it be that
(EDIT: My question / hint has been posted: "password contains one 8")
Comment has been collapsed.
I thought i was clever when I noticed that 2003 was ā011111010011ā¬ in binary which was 12 digits long. but alas my wild guess was incorrect.
Comment has been collapsed.
it means that there are not more than 2 of the same charcters next to each other. for example, 123945 is good, 123994 is good, 123999 is not good
Comment has been collapsed.
well, you can guess it but it would probably take a long time. if you come up with the right algorithm based on hints for any brute force tool, it won't take long as number password can be broken in short amount of time. (if you have enough power)
it took few hours for john to crack this (without hints except length) but I have a weak cpu and gpu cracking for amd gpu on Linux is hard to set up (i haven't done it obviuosly)
Comment has been collapsed.
Can you provide an example for that: 1 digit repeats side by side?
Thx
Comment has been collapsed.
This is great idea:) I am gonna pass that one since brute force with mask would take a long time but cheers mate:)
Comment has been collapsed.
well, on my not so good laptop without hints/masks it took few hours, so not that long ;)
Comment has been collapsed.
Ah - I used https://rarpasswordcracker.com/ , which has a rate of approx. 700 passwords per second (on my crappy 2007 low-end PC). With only the first two hints (12 characters, numbers only) it would take 45 years.
I also downloaded a "jumbo" version of JTR which supposedly also can handle rar archives, and a GUI for it (Johnny). Just didn't get it to work yet.
Comment has been collapsed.
45 years for 12 numbers? that is wrong calculation even for bad pc
Comment has been collapsed.
if you say so :D
my slow cpu is doing 250 hashes per core, so it's 1k per sec. if you do random numbers, not 111,112,113, it shouldn't be so long. and if you add hints, it's much less
Comment has been collapsed.
10^12 = 1,000,000,000,000 different passwords
700 passwords per second = 1,428,571,428 seconds => 16,534 days => 45.3 years
Comment has been collapsed.
The problem here are the 700 attempts per second. My old 486DX 33 should be able to do better than that.
Comment has been collapsed.
Already have the game, but tempted to chase the puzzle. Alas, there is too much to DL and study. XD
Comment has been collapsed.
tried kraken but have no idea how to use 5-7 hints in it, so it would take around 19 years to check all the possible numbers :D
Comment has been collapsed.
I am not sure how to set additional custom rules in JTR (like only 2 numbers can be repeated in a sequence)
Even setting the min and max char to 12 and using 0-8, it will take 7 years on an i5-9300H running on 8 threads.
I think you set the password length too high :| I am using incremental=digits mode
Great challenge tho!
Comment has been collapsed.
I have 1651p/s that's will take 5 years to crack...
I'm using Intel i7-8750H with 12 OpenMP threads.
Yes the password is too long.
With 1600p/s a 7 long pwd will took 1.7 hrs, so maybe give us 5 number in the pwd... ;)
Comment has been collapsed.
IMHO, the main problem here is the advanced options for JtR are very difficult to understand by noobs. It is a program for security experts, cryptographers and hackers, not a friendly tool.
With "advanced options" I mean to understand the different hints you provided and "convert" them to masks/parameters/whatever, translated to its command line syntax.
Comment has been collapsed.
jrt is just a suggestion, it's not the only tool. and crunch for wordlist build is easier to understand than jrt. if you build a wordlist, you can use jrt with simple wordlist option
Comment has been collapsed.
I know, but we have the same problem: how to "translate" your hints to crunch's command line syntax? ;)
Without all the hints applied we would get a unmanageable wordlist of several TBs
Comment has been collapsed.
but you can do as much as you know with crunch and do filtering after that through pipes for example. that is what i'm doing to test how many passwords will crunch and filters get.
crunch foo bar | grep foo | awk bar | sed foo
Comment has been collapsed.
I'm not an expert and I can't get a wordlist smaller than 3 TB. I don't have 3 TBs of free space so I can't save that huge wordlist to apply filters after.
Comment has been collapsed.
you don't have to do after, you can do in runtime.
crunch 4 4 abcdef | grep cde > word.lst - this will write in wordlist only lines containing cde
Comment has been collapsed.
I'm using Windows, I'm trying with findstr instead of grep but I still can't get a wordlist smaller than 2 TB because I don't know how to apply all of the hints
Comment has been collapsed.
Here's my thinking so far on how to interpret the hints:
- "password is 12 characters long": 12 spots total to fill
- "password does not contain 9" + "password contains one 8": set aside one spot for the number 8, the rest to fill with numbers from 0 to 7
- "3 digits appear more than once" + "if you are using crunch then 2@": means we have 3 digits each appearing exactly twice, so basically we do n-choose-k with n=0..7 and k=3 then repeat the chosen numbers once, that is we filled 6 more spots in addition to one spot for the number 8
- the remaining 5 spots should be distinct numbers from the set of numbers not previously picked above
Some quick Python to code the above:
from itertools import combinations
arr = [0,1,2,3,4,5,6,7]
res = [x+x+(8,)+tuple(set(arr)-set(x)) for x in combinations(arr, 3)]
for r in res:
print rWe get 56 lines.
Obviously for each line the order of elements is still not accounted for, so we need to generate all permutations for each line (unrestricted there are 12! factorial per line). Fortunately we still have the following two hints to further restrict the valid permutations:
- "password starts with odd number": self explanatory
- "only 1 digit repeats side by side": from the 3 digits repeated, ensure only one pair of same digits is consecutive, the others are dispersed across the pattern
I haven't coded this part, but I estimate now the upper limit of number of passwords to generate is something like factorial(11)*56, or rounded down let's say 1 billion passwords. If you can check 1000 passwords/sec, that would still take over a week to crack :(
Assuming I made no mistakes, maybe someone else might improve it further, I give up š¤·
EDIT2:
More hints added which cut down the possibilities significantly.
- "password starts with 1" + "password starts with pair": so 11xxxxxxxxxx
- "third digit is smaller than 5 "
I adjusted my code and generated all possible passwords in a ~300MB file with about 25 million passwords. At a rate of 1k pass/sec, that'll take like 7 hours to crack, much better but still a bit too much brute forcing for me...
Maybe another hint or two and it'll be within reach ;)
Comment has been collapsed.
I wrote program to generate all possible passwords and it would run for circa 1.73 days. I guess this is not the way.
edit: new hints added, now I am at 3.8 hours
Comment has been collapsed.
with all hints applied, my slow pc generated all possibilities in 2 hours
Comment has been collapsed.
I am using C#, that may be slower (?).
Even if I got it, it just saves all possibilities to txt file and I don't even know how to start with multiple passwords on one archive.
Anyway, thank you for this challenge, it entertained me for some time :D
Comment has been collapsed.
With the additional 2 hints you can reduce it even further (like 1/20th)
I only got 200000 possible combinations, but none worked, so Iām apparently too strict.
Comment has been collapsed.
I actually cracked it by incorporating all the new hints, but obviously didn't update my post here so not to completely give away the solution ;)
I managed to cut it down to something like 200K possible passwords before brute-forcing to get the final answer.
Comment has been collapsed.
damn, adding that 8 hint sure took possibilities down :D
difference in file size between "starts with 11" and "starts with 11 and 6th is 8" is 31GB :D
Comment has been collapsed.
my bad, hint was updated. must be that I haven't slept since 6 AM because someone in neighbors decided to do some construction work and was drilling something actively :(
Comment has been collapsed.
Heh, I haven't finish generating last batch and new hints are already it...
Comment has been collapsed.
Just a question, if you can answer:
- if you are using crunch, then 2@ (123456 is good, 123345 is good, 123334 is not good)
- only one pair of digits (e.g. 99456)
- password starts with 11
Given that last hint, is it safe to assume that there are no other pairs in the password? (meaning that the first hint becomes 1@)
or is it "one pair other than the one I gave you"?
Comment has been collapsed.
"3 digits appear more than once" is most evil of the hints... I had to make it last check as my current implementation for this one is poor :)
Comment has been collapsed.
for my test i didn't even use it and it still works pretty well with other hints excluding this one
Comment has been collapsed.
Tried crunch, never used anything like it before....the file was going to be about 4gb but it stopped after a few seconds :/
No idea how to do >5 or <5 though....also isn't 2@ wrong? ^^
Comment has been collapsed.
if you do crunch only, 2@ is one possibility. you can go around it with crunch or something else, than 2@ might not be best choice
Comment has been collapsed.
Without giving too much away @ should be lowercase letters not numbers, from what I read ^^
Comment has been collapsed.
there is a catch with using @ instead of %, at least as far as i have tested results of mine
Comment has been collapsed.
Used all the hints I know how to use (so except the > < and the 3 digits appear more than once hint)
The wordlist has 630MB and with my i7 3770k, a 8 year old CPU, it takes 21h to crack the PW....aargh.
Comment has been collapsed.
that's too much. my wordlist without 3 digits appear more than once hint is 29.1MB and it took like 10 minutes with my cpu (i5 3220M) to find it.
Comment has been collapsed.
Managed to actually lower it to 60MB, it still takes 3:30h, still quite slow with only 660p/s but it's a lot better already and I can have it running while I sleep and still do something tomorrow xD
Edit: Somehow it didn't find any password that fits, so I gotta change the wordlist.
Comment has been collapsed.
you are using john? i found out recently that even rar5-opencl is faster, it may miss correct password. rar5 works best but is way slower
Comment has been collapsed.
Hi. Let's do another
puzzlegiveaway, shall we?Giveaway code is in this archive: https://drive.google.com/file/d/1aOLuB4UjaNMU146ag7SdBl5NWCgBK2GK
this is the hash for those who struggle with *2john functions:
End date: 19.04.2020 12:00 AM UTC+3
Level: 2
Hints **:
Hints will be updated over time if there are not enough solvers. **
You can share other hints if you want or need help but as always - more hints usually means less chance to win.
Mood Music
John the Ripper
Answer: 114532826037
Comment has been collapsed.