Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 27 Nov 2013 14:15:13 -0600
From: Richard Miles <richard.k.miles@...glemail.com>
To: john-users@...ts.openwall.com
Subject: Re: Questions and suggestions to build a home cracking
 box. :)

Hi Magnum,

Very appreciated as always and very informative.

On Mon, Nov 25, 2013 at 7:42 PM, magnum <john.magnum@...hmail.com> wrote:

> On 2013-11-25 22:16, Richard Miles wrote:
>
>> On Fri, Nov 22, 2013 at 3:00 PM, magnum <john.magnum@...hmail.com> wrote:
>>
>>> On 2013-11-22 18:24, Richard Miles wrote:
>>>
>>>> Aaa0?
>>>> Aaa1?
>>>> Aaa2?
>>>>
>>>
>>> The mask, separated by position, is ?u ?l [ab] ?d ??
>>>
>>> First position is ?u == upper-case A-Z
>>>
>>> Second position is ?l == lower-case a-z
>>>
>>> Third position is [ab] == 'a' or 'b' (not supported by HC afaik)
>>>
>>
> To be clear I meant this very syntax is not supported in Hashcat but you
> can do the same in other ways.
>
>
I got it.


>
>  Fourth position is ?d == digit 0-9
>>>
>>> Fifth position is actually a static '?' but since the mask tokens begin
>>> with a question mark, a literal one is escaped as '??'.
>>>
>>
>> Interesting. But where can I find a list of all these "meneumonics"? I see
>> that some parts looks like regular expression as [ab], but the others for
>> sure must have a kind of map with description about what they mean, right?
>>
>
> http://hashcat.net/wiki/doku.php?id=mask_attack#built-in_charsets
> http://hashcat.net/wiki/maskprocessor


They helped a lot, thanks!


>
>
> In JtR it's poorly documented (if at all) and code hasn't even settled
> yet. Noone wrote the doc/MASK yet so "use the source, Luke" and in
> particular rpp.c.
>

LOL :)


>
> The rules engine, or rather its preprocessor, was reused for quickly
> implementing mask mode. See doc/RULES but do not misread the "Character
> classes" section as masks - only read the preprocessor section. Without
> adding the new mnemonics you'd have to write the mask above as
> "[A-Z][a-z][a-z][0-9]??".
>

I got it, thanks.


>
> The current mnemonics (defined in rpp.c line 108 and on) are just
> shortcuts for predefined masks (?l really *becomes* [a-z] after parsing).
> They are mostly shared with HC but we also have ?A as full printable 8-bit
> (0x20-0xFF). Hashcat's maskprocessor defines ?h as 0xC0-0xFF while we
> currently define it as 0x80-0xFF. Maybe we should change this and use ?h
> for 0xC0-0xFF and ?H for 0x80-0xFF, for closer mimicing HC.
>
>
I think that I understood the idea, I have very bad understanding about
these representations with 7bits, 8bits,  etc. All that I know is that they
are used for languages that use "strange" characters :)


>
>  But how the GPU will know where to "insert" the word from my wordlist?
>>
>> For example, what syntax may I use to say that my word (obtained from
>> wordlist) will be prepend or append by this?
>>
>> Is there a "menumonic" to represent the "word" from wordlist? For example:
>>
>> --mask='?u?l[ab]?{w}?d??'
>>
>> Resulting in:
>>
>> AaaMyWord0?
>> AaaMyWord1?
>> AaaMyWord2?
>>
>
> I suggested a similar thing but it's not yet implemented. I haven't tested
> current mask mode with wordlist so I'm not sure if Sayanyan's current code
> always appends mask after word or if it can do something else.
>
>
This should be a great improvement. I will keep my eyes open for further
updates :)


>
>  Also, is it possible to do more powerful mutation? For example, replace
>> just the first occurrence of e with 3? replace only the second occurrence
>> of e with 3?  and so on until replace all occurrences of e with 3?
>>
>
> That is better achieved (and currently possible) using rules. Read
> doc/RULES several times and try to understand the supplied rules in
> john.conf ;-)
>

I'm not an expert, but I understand a bit of rules in john.conf - I was
just thinking that since GPU is so fast it could be used there too, in
special with very long words. I talked about it because Cain&Abel takes a
LONG time to execute this task one a very long word is found (for example,
35chars log with several entries of "e", "a", ï", etc).

My main idea was to ask for GPU do this permutation and based on each of
them generated do a similar attack as described below (for example
prepending or appending / prepending / postpending numbers, letter, etc).

Reading the hashcat documentation the sad thing that I learned is that we
have to create one mask attack per type, so my idea will probably not work
or will not be implemented, except if there is a way to say for example
that mask attacks described could work from 1 char up to 4 chars for
example.

Maybe we will have someday a kind of KoreLogic masks for GPU like they did
with rules and was awesome. KoreLogic rules was so cool, it helped me a
lot, but they take a LONG time to finish only on my CPU. :)


>
>
> BTW I think Hashkill should also be mentioned. I'm pretty sure it too
> outperforms JtR with GPU and it's open source:
> http://www.gat3way.eu/hashkill/index.php
>
>
Very interesting, I was not aware. I will read about it.

Thanks.


> magnum
>
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.