|
Message-ID: <20101127010249.GB4903@openwall.com> Date: Sat, 27 Nov 2010 04:02:49 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Wordlist Mangling Rule On Wed, Nov 17, 2010 at 05:46:30PM +1300, Al Grant wrote: > I have decided that trying every combination of numbers after my words would > be too time consuming so I have revised it to try everyword of 8 characters > with no appending but toggle case of first char (T0). > > Then any word under 8 characters also has T0 but the correct number of > sequential digits added: > > Smith123 > smith123 OK, this is up to you. Please note that instead of "T0" (toggle the case of the first character), you could prefer to use "l" (lowercase) and "c" (capitalize) on two different rules. This is similar to but subtly different from having "T0" on one of the rules. That is, you could have: : -c T0 or you could have: l -c c (subtly different behavior, likely preferred) or you could write this on one line, due to the rules preprocessor: -[:c] \p[lc] (this is exactly the same as above). Also, please note that if your input wordlist already contains, say, both "Smith" and "smith", such rules will result in duplicate candidate passwords. A way to avoid this is to have your input wordlist all-lowercase. Another way is to pre-apply the word mangling rules and pass the output through "unique". doc/EXAMPLES gives this example: john --wordlist=all.lst --rules --stdout | unique mangled.lst This "unique" step is generally desirable when your target cipher is slow or when you have a lot of different salts (so only a few different candidate passwords are tried per second). > I am assuming this would be something like: > > <9>7T0 > <8>6[T0]$1 > Etc etc No, this is wrong. On the first line: <9>7T0 which is more readable when written as: <9 >7 T0 you only try input words with the first character's case toggled. You never try them in their original form, which you probably wanted to. The second line: <8>6[T0]$1 expands into two rules: <8>6T$1 <8>60$1 which are invalid. The "T" command expects to be followed by a position code, and "$" is not a valid position code. And there's no "0" command. By including "T0" in square brackets, did you want to have this command "optional" (skipped in some cases)? Well, the preprocessor operates on individual characters, not on substrings. So you actually have to write two lines: <8 >6 $1 <8 >6 T0 $1 Alternatively, you can resort to some trickery: <8 >6 [:T]\p[:0] $1 which expands into: <8 >6 :: $1 <8 >6 T0 $1 which gets optimized into: <8 >6 $1 <8 >6 T0 $1 but it is simpler and likely better to use: <8 >6 [lc] $1 as I had suggested above. Maybe this helps. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.