Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <4CBE2414.4050907@16systems.com>
Date: Tue, 19 Oct 2010 19:04:52 -0400
From: Brad Tilley <brad@...ystems.com>
To: john-users@...ts.openwall.com
Subject: Re: Solution to this 'l33t' rules problem?

On 10/19/2010 05:52 PM, Minga Minga wrote:
> So heres something that I can't figure out, take the word:
> 
>    neglected
> 
> And place it into a wordlist.
> 
> and run a command such as:
> 
> # ./john -w:neglected.dic --rules:korelogicrulesl33t -stdout | grep -i ^n3gl3
> 
> You get words such as :
> 
> n3gl3ct3d  N3gl3ct3d  n3gl3c+3d  N3gl3c+3d
> 
> But how would you go about cracking the passwords:
> 
> N3gl3cted  n3gl3cted Negl3cted Negl3ct3d

Seems you would need a Cartesian product to cover all possibilities
(what about NegL3ctEd):

1 = nN
2 = eE3
3 = gG6
4 = lL17|
5 = eE3
6 = cC[
7 = tT+7
8 = eE3
9 = dD

Depending on you definition of leet, the sets may be bigger than what I
listed above, but you would want a CP of those sets to fully enumerate
the word "neglected" I think. I'm not sure JTR does this.

Brad

> Notice that _NOT_ all of the e's are turned into 3s. I've started to see a few
> of these passwords that Ive missed previously, and I totally should have been
> able to crack them.
> 
> Any ideas?  The problem obviously isn't with just 'e's  but _all_
> "l33t" translations.
> 
> What about 'mississippi' ? The 'l33t' rules should be able to generate
> passes like;
> mis$iss1ppi   (Notice how one of the s's is changed - and only one of
> the i's is changed
> as well).
> 
> I got the idea for this from the list of NTLM hashes not cracked from the DEFCON
> contest.
> 
> -Rick / Minga
> KoreLogic

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.