Brute force alphanumeric password using JohnTheRipper
lowercase + numbers
Incremental actually has a predefined mode for lowercase + numbers:
[Incremental:LowerNum]
File = $JOHN/lowernum.chr
MinLen = 1
MaxLen = 13
CharCount = 36
From the documentation:
"LowerNum" (lowercase letters plus digits, for 36 total)
Just adjust MinLen and MaxLen.
Create new incremental mode with certain characters
If you want to create your own chr file with a customized set of characters, you would do it like this:
john --pot=YOUR.pot --make-charset=YOUR_NEW_FILE.chr --external=filter_lowernum
filter_lowernum is the filter which determines what characters will be in your chr file. It is defined in your john.conf (under [List.External:Filter_LowerNum]), and you can create your own filters there as well. The code for LowerNum looks like this:
[List.External:Filter_LowerNum]
void filter()
{
int i, c;
i = 0;
while (c = word[i++])
if (((c < 'a' || c > 'z') && (c < '0' || c > '9')) || i > 13) {
word = 0; return;
}
}
Then just add the incremental filter to your config.
you can run following python code to do this
import zipfile,sys,time
import itertools
def extractFile(zFile, password):
try:
answer= zFile.extractall(pwd=password)
print 'Fount password : ', password
return True
except:
#print password + " was incorrect"
return False
def main(ifile):
zFile = zipfile.ZipFile(ifile)
pass_str = "abcdebcdefghijklmnopqrstuvwxyz0123456789"
for pass_len in range(1,5):
passwords = itertools.permutations(pass_str,pass_len)
for password in passwords:
#print password
#time.sleep(.01)
password = ''.join(password)
sys.stdout.write("\r checking .. %s" % password )
sys.stdout.flush()
if (extractFile(zFile, password)):
print "checked "+password+" ..."
sys.exit()
if __name__ == '__main__':
try:
ifile = sys.argv[1]
except:
print "please run like 'python python-file-name.py zip-file-name.zip'"
sys.exit()
main(ifile)
this program dont need any external library. its pure python. just run llke
python python-file-name.py zip-file-name.zip