|
Message-ID: <034e01cabe9d$c28094f0$4781bed0$@edu> Date: Mon, 8 Mar 2010 04:00:07 -0500 From: "Matt Weir" <cweir@...edu> To: <john-users@...ts.openwall.com> Subject: RE: generate passwords with wDDDwDDD template >> I would like to generate a passwords list >> with wDDDwDDD template, where 'w' is a >> [a-Z] and 'D' is a [0-9]. You can do this using the preprocessor in JtR's rules file. I had written a sample config showing how to compose similar targeted brute force rules a while ago and I figure this is as good a time as any to re-upload it to the web. It's labeled john_bruteforce.conf and you can download it here: http://sites.google.com/site/reusablesec/Home/john-the-ripper-files/john-the -ripper-sample-configs-1 Note, it assumes your run JtR in wordlist mode with an input dictionary consisting of the 26 lower characters in the alphabet, one per line. Aka a b c d ... z While I don't have your rule in the sample config, it would probably look like :$[0-9]$[0-9]$[0-9]$[a-z]$[0-9]$[0-9]$[0-9] I haven't tested it myself so there may be a typo. >> I also wish to know how to generate the full >> list of words where each word is 8 symbols in length and word contains >> at least one digit or word. I think I understand you. Aka you are trying to construct a bruteforce rule to target passwords that were created under a password creation policy that mandated passwords must be eight characters long and contain at least one letter and one digit. That's much trickier considering the large number of combinations and would require 256 rules using the above method. I'm a little too lazy to write those myself ;) One tool you might want to check out is crunch. It is a wordlist generator and can be used in conjunction with John the Ripper by pipeing its output into JtR using the -stdin option. I haven't played with it for a while but I know at one point in time people were talking about adding the capability to do what you were asking. Even if it doesn't, it's easier to use then writing your own rules, though using JtR's preprocessor actually is much faster when attacking quick hashes like MD5. You can download crunch here: http://sourceforge.net/projects/crunch-wordlist/ I hope this helps, Matt Weir http://reusablesec.blogspot.com
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.