|
Message-ID: <20090209203253.GA10680@openwall.com> Date: Mon, 9 Feb 2009 23:32:53 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: 2 known letters + wordlist word --> is new format definition best way? On Mon, Feb 09, 2009 at 07:20:23AM +0000, P PO1434 wrote: > I have a question regarding a long list of partially known passwords that use a simple MD5 hash. In my case, I know the first 2 characters (digits), however I would like john to use the wordlist for the remaining characters. Are those two known characters the same for all partially known passwords on your list or do they differ per password? > My options seemed to me to be: > > 1) Make a new rule in [List.Rules:Single] > > ^[0-9]^[0-9] > > This worked quite well, but of course not I'm not using the known digits, so 100 x slower than necessary. What stops you from specifying the known digits in that rule? Also, the section [List.Rules:Single] is for "single crack" mode only. You need to use [List.Rules:Wordlist] for wordlist mode. > 2) Make an external/incremental rule like the one in the wiki that forces the 2 digits in at the front, then goes through every combination of alpha letters. > > Not very efficient, given I expect the word will be in list. What stops you from using the external mode filter() that prepends the two known characters along with wordlist mode? For example, you can take the PrependSalt external mode from this posting: http://www.openwall.com/lists/john-users/2009/01/21/2 and use it along with a wordlist like this: ./john -w=password.lst --rules --external=PrependSalt --format=raw-md5 passwd I added "--rules" here simply because it makes little sense to go for an external mode if all you need is to prepend two known characters to all "words"; that can be done with wordlist mode rules as explained above. A possible reason to use an external mode here is thus if you want to use the rules as well, for a different purpose (e.g., keep and use the default wordlist ruleset, along with prepending the known characters). > 3) Write a xxx_fmt.c based on rawMD5go_fmt.c > > Struggling with this at the moment, but it looks like the best option (?) If your two known characters as the same for all passwords you want to be cracking at once, then you don't need to modify any C files. The approaches mentioned above will work. However, if your two known characters differ per password, then you may in fact prefer to implement what you need in C instead of having to run JtR for each different 2-character prefix separately. Please refer to: http://www.openwall.com/lists/john-users/2009/01/21/5 > My questions are: > > a) Am I even barking up the right tree creating a new xxx_fmt.c based on rawMD5go_fmt? Maybe not. You need to start by defining your task fully. > b) If a new fmt is the right way, will it be a matter of just 'overriding' the set_key function? Given the way you have worded the question above, the answer is no. Specifically: Defining a new "format" (or patching an existing one) only appears to be the right way to approach your task if you essentially implement salts - that is, if your two known characters differ per password hash. In that case, no, "overriding" set_key() won't be sufficient. On the other hand, "overriding" set_key() will be sufficient if the two known characters are the same for all loaded password hashes. However, in that case defining a new "format" (or patching an existing one) does not appear to be the right way to approach the task - cleaner and easier ways have been mentioned above. > c) Is it possible/correct to create external rules that use a wordlist, or are these rules just exhaustive searches? An external mode can't use a wordlist directly, however an external filter() can be used along with any other cracking mode, including along with the wordlist mode. As you already know, filter() can do more than just filter some "words" out - it can also modify the "word". Alexander -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.