Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20081017012236.GA16749@openwall.com>
Date: Fri, 17 Oct 2008 05:22:36 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: wordlist rules for known elements of password

On Sun, Oct 05, 2008 at 08:18:05AM -0700, William wrote:
> I'm trying to recover a forgotten password

Do you have a specific reason for recovering as opposed to resetting it?
The latter is often easier to do.

> and I need some help creating a rule.  I know the password is a combination of several words, but, while I know the list of words the password is drawn from, I don't know exact combination.

How long is that list?  Is it the same list for all "word positions"?
How many words form the "password"?

> For example, I have the list 
> 
> cat
> dog
> bird
> cow
> 
> and I want to create a rule that will try all possible combinations of the words, for example:

Wordlist rules are only usable for this when your list of words is very
short - or, if you have different lists for different "word positions",
when all but one list are very short (it is OK for one of these lists to
be long - you'd place that one in your wordlist file).

> catdog
> dogcat
> catbird
> birdcat
> catcow

...and so on for two-word combinations.  For that, you'll need to place
your "first" words into a wordlist file, one per line:

	cat
	dog
	bird
	cow

and you need to create wordlist rules out of your "second" words, using
the "append character" command:

	[List.Rules:Wordlist]
	$c$a$t
	$d$o$g
	$b$i$r$d
	$c$o$w

Then running JtR produces:

	$ john -w=w --rules --stdout
	catcat
	dogcat
	birdcat
	cowcat
	catdog
	dogdog
	...
	cowcow
	words: 16  time: 0:00:00:00 100%  w/s: 1600  current: cowcow

> catdogbird
> catbirddog
> dogcatbirdcow
> cowbirddogcat
> etc

For three-word combinations, you may have JtR apply the rules for a
second time:

	$ john -w=w --rules --stdout > w2
	words: 16  time: 0:00:00:00 100%  w/s: 1600  current: cowcow
	$ john -w=w2 --rules --stdout
	catcatcat
	dogcatcat
	birdcatcat
	cowcatcat
	catdogcat
	...
	birdcowcow
	cowcowcow
	words: 64  time: 0:00:00:00 100%  w/s: 6400  current: cowcowcow

Of course, in practice your final invocation of "john" won't use the
"--stdout" option, but it will instead include the filename for your
file with the password hash.  I am using "--stdout" in these examples to
show what candidate "passwords" would be tried.

If you have a significantly larger number of words to try (for more than
one "word position"), then your best bet is to use a Perl script, such
as one of those found on this older john-users posting:

	http://www.openwall.com/lists/john-users/2006/10/19/4

> Some rules I've tried in the  John.conf file:
> :+:
> :+:+:
> :+:+:+:  (etc)

The ":" command is a no-op - and it really is, so there's no point in
using it.  The "+" command is specific to "single crack" mode and it is
only relevant when a "1" or "2" is found earlier on the same rule.
With "single crack", JtR will try various combinations of two "words"
out of those "words" that it determines are relevant to the target
account (e.g., a user's first and last name).  A rule may use "1" or "2"
to temporarily restrict further commands to apply to the "first" or the
"second" "word" only, respectively.  Then a "+" will remove that
restriction, making further commands apply to the concatenation of both
"words" again.  Thus, the rules above make no sense (and are not valid
for wordlist mode).

> $cat
> ^cat
> $catdog
> ^catdog

The "$" and "^" commands apply to individual characters only.  So you'll
need to use them per-character to append or prepend entire words.  Also
note that with "^" you'll have to put your characters in reverse order -
but you probably don't need this.

> I know that some of the elements are upper-case (but I don't know which ones), so I also need to toggle between upper and lower case, so I also need to try:
> DOGcat
> dogCAT
> DOGcatCOW
> dogCATCOW

You may achieve this with rules like:

	[List.Rules:Wordlist]
	$c$a$t
	$d$o$g
	$b$i$r$d
	$c$o$w
	$C$A$T
	$D$O$G
	$B$I$R$D
	$C$O$W

and with the same words, in both lower and upper case, in your input
wordlist.  You may use the "l" and "u" commands to simplify generating
that wordlist initially.

Of course, this gets nasty; wordlist rules were never meant for dealing
with multiple words at a time (except in "single crack" mode), so using
a Perl script may be your best bet.

A multi-word "passphrase" cracking mode, or an enhancement to the
wordlist mode, might be added in a future version of JtR.

Alexander

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.