|
Message-ID: <20101008235742.GA19195@openwall.com> Date: Sat, 9 Oct 2010 03:57:42 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Rule to replace strings On Fri, Oct 08, 2010 at 05:04:50PM -0500, Minga Minga wrote: > On Fri, Oct 8, 2010 at 3:03 PM, Solar Designer <solar@...nwall.com> wrote: > > /?d Dp =p?d Dp =p?d Dp =p?d Dp Ap"[0-9][0-9][0-9][0-9]" > > That is really cool. It took me a while to completely understand it. > My only question is, why is there not a 4th =p?d ? If you add > it, there is no output so its obviously correct. We're matching 4 "old" digits - one with "/?d" (this command finds the position of the first digit and puts this position into "p") and three with "=p?d" (at specific positions - right after the previous digits). > /?d -> reject the word if it doesn't have any digits Yes, and set "p" to the position of the first digit. > Dp -> Delete the character at position 'p' Exactly. This also makes "p" the position for the next character. > =p?d -> reject the letter at position 'p' if its not a digit Not exactly; the entire word is rejected if the character at "p" is not a digit. > Ap"[0-9][0-9][0-9][0-9]" -> add 4 numbers at location 'p' where you just > removed 4 numbers Correct. Obviously, there are actually 10000 separate rules (after preprocessor expansion) - one for each 4-digit number to introduce as a replacement. > Fyi: I used your rule on some NTLMs that I've been cracking a LOOONG time > using 'cut -d: -f2- john.pot | sort -u > john.pot.dic' as my wordlist. And > I cracked some good passwords that I previously missed that were just 4-digits > different that previous passwords. Great. Yes, I actually meant this for use on already-known passwords (or just common passwords) as the "wordlist". > I created these for my own use: That's very nice. Did you exclude the single-character replacements on purpose, though? Maybe because they'd be mostly redundant with the substitution rules you already have? Well, not exactly: those apply to all instances of a letter, whereas these would apply to the first instance only (and you can add variations for the second instance only, 1st & 2nd, 3rd only, etc.) Some of these would be redundant with an overstrike-all line, though - much like what we (john-users) used during the contest. For example: %[1-4]?d op[0-9] Q produces with "test2010" in the wordlist: test0010 test1010 test3010 ... test8010 test9010 test2110 test2210 ... test2810 test2910 test2000 test2020 ... test2080 test2090 test2011 test2012 ... test2019 words: 36 time: 0:00:00:00 100% w/s: 3600 current: test2019 without duplicates. :-) (Of course, there may be duplicates with other input wordlists, due to similarities between different input lines.) Thanks, Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.