Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 27 Nov 2010 04:02:49 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Wordlist Mangling Rule

On Wed, Nov 17, 2010 at 05:46:30PM +1300, Al Grant wrote:
> I have decided that trying every combination of numbers after my words would
> be too time consuming so I have revised it to try everyword of 8 characters
> with no appending but toggle case of first char (T0).
> 
> Then any word under 8 characters also has T0 but the correct number of
> sequential digits added:
> 
> Smith123
> smith123

OK, this is up to you.  Please note that instead of "T0" (toggle the
case of the first character), you could prefer to use "l" (lowercase)
and "c" (capitalize) on two different rules.  This is similar to but
subtly different from having "T0" on one of the rules.

That is, you could have:

:
-c T0

or you could have:

l
-c c

(subtly different behavior, likely preferred)

or you could write this on one line, due to the rules preprocessor:

-[:c] \p[lc]

(this is exactly the same as above).

Also, please note that if your input wordlist already contains, say,
both "Smith" and "smith", such rules will result in duplicate candidate
passwords.  A way to avoid this is to have your input wordlist
all-lowercase.  Another way is to pre-apply the word mangling rules and
pass the output through "unique".  doc/EXAMPLES gives this example:

john --wordlist=all.lst --rules --stdout | unique mangled.lst

This "unique" step is generally desirable when your target cipher is
slow or when you have a lot of different salts (so only a few different
candidate passwords are tried per second).

> I am assuming this would be something like:
> 
> <9>7T0
> <8>6[T0]$1
> Etc etc

No, this is wrong.  On the first line:

<9>7T0

which is more readable when written as:

<9 >7 T0

you only try input words with the first character's case toggled.  You
never try them in their original form, which you probably wanted to.

The second line:

<8>6[T0]$1

expands into two rules:

<8>6T$1
<8>60$1

which are invalid.  The "T" command expects to be followed by a position
code, and "$" is not a valid position code.  And there's no "0" command.

By including "T0" in square brackets, did you want to have this command
"optional" (skipped in some cases)?  Well, the preprocessor operates on
individual characters, not on substrings.  So you actually have to write
two lines:

<8 >6 $1
<8 >6 T0 $1

Alternatively, you can resort to some trickery:

<8 >6 [:T]\p[:0] $1

which expands into:

<8 >6 :: $1
<8 >6 T0 $1

which gets optimized into:

<8 >6 $1
<8 >6 T0 $1

but it is simpler and likely better to use:

<8 >6 [lc] $1

as I had suggested above.

Maybe this helps.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.