Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 18 Dec 2014 14:15:47 +0100
From: Patrick Proniewski <patpro@...pro.net>
To: john-users@...ts.openwall.com
Subject: Re: content of passwd file and --single

On 18 déc. 2014, at 10:01, Frank Dittrich wrote:

> On 12/18/2014 08:51 AM, patpro@...pro.net wrote:
>> On 18 déc. 2014, at 08:26, Frank Dittrich <frank.dittrich@...lbox.org> wrote:
>>> This is the mode you should start cracking with.  It will use the
>>> login names, "GECOS" / "Full Name" fields, and users' home directory
>>> names as candidate passwords, also with a large set of mangling rules
>>> applied. [...]
>> 
>> I've read the doc before posting, but it looks kind of fuzzy to me. What I would like is an explicit list of fields that matters / where I can put pieces of info grabbed from the LDIF file. I'm not a developer, otherwise I would have read the source code.
> 
../..

> The 5th field is the "full name" or "GECOS" field, it will be used for
> --single. The GECOS field might contain names or descriptions with
> multiple words, i.e. "Frank Dittrich", "Anonymous NFS User", etc.
> 
> John will split that contents into individual words and also use
> combinations of these words and login name etc. in single mode.
> 
> Core john will split the contents at these ASCII characters into words:
> 
> /*
> * Word separator characters for ldr_split_words(), used on GECOS fields.
> */
> #define issep \
>        "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~\177"



Ok thanks! So basically I should be able to fill the GECOS field with many info grabbed from the LDIF file, just in case some user's passwd includes their phone number or staff ID.

Patrick


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.