root@attackdefense:~# john pdfhash --mask=?d?d?d?d19?d?d?u
Using default input encoding: UTF-8
Loaded 1 password hash (PDF [MD5 SHA2 RC4/AES 32/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
01021980D (/root/encrypted.pdf)
1g 0:00:00:05 DONE (2019-10-31 10:10) 0.1721g/s 530466p/s 530466c/s 530466C/s 01021980D
Use the "--show" option to display all of the cracked passwords reliably
Session completed
- Static letters.
- Ranges in [aouei] or [a-z] syntax. Or both, [0-9abcdef] is the same as
[0-9a-f].
- Placeholders that are just a short form for ranges, like ?l which is
100% equivalent to [a-z].
- ?l lower-case ASCII letters
- ?u upper-case ASCII letters
- ?d digits
- ?s specials (all printable ASCII characters not in ?l, ?u or ?d)
- ?a full 'printable' ASCII. Note that for formats that don't recognize case
(eg. LM), this only includes lower-case characters which is a tremendous
reduction of keyspace for the win.
- ?B all 8-bit (0x80-0xff)
- ?b all (0x01-0xff) (the NULL character is currently not supported by core).
- ?h lower-case HEX digits (0-9, a-f)
- ?H upper-case HEX digits (0-9, A-F)
- ?L lower-case non-ASCII letters
- ?U upper-case non-ASCII letters
- ?D non-ASCII "digits"
- ?S non-ASCII "specials"
- ?A all valid characters in the current code page (including ASCII). Note
that for formats that don't recognize case (eg. LM), this only includes
lower-case characters which is a tremendous reduction of keyspace.
- Placeholders that are custom defined, so we can e.g. define ?1 to mean [?u?l]
?1 .. ?9 user-defined place-holder 1 .. 9
Placeholders for Hybrid Mask mode:
?w is a placeholder for the original word produced by the parent mode in
Hybrid Mask mode.
?W is just like ?w except the original word is case toggled (so PassWord
becomes pASSwORD).
root@attackdefense:~# for x in $(cat wordlists/100-common-passwords.txt); do echo -n $x | md5sum >> wordlist.txt; done
root@attackdefense:~# cat wordlist.txt | cut -d' ' -f1 >> new
root@attackdefense:~# john hash --wordlist=new
