|
Message-ID: <CAC4WxJ7YWt8JmVt5vjYSk0SDJrLf2QAyi2-5qF+H_Fbh9MW-dQ@mail.gmail.com> Date: Tue, 16 Apr 2013 11:46:50 +0200 From: Guth <guth@...posor.com> To: john-users@...ts.openwall.com Subject: Re: l33t rules improvement Ha, forgot about KL rules addition/update, I'll have a deeper look into it. Thanks for the reminder. On Tue, Apr 16, 2013 at 11:37 AM, JJ Gray <jj.gray@....qinetiq-tim.com>wrote: > Have a look at the KoreLogic JtR rules from DEFCON2010 [1], amongst many > sections that are based on how people actually choose passwords > (particularly in a corporate environment), are extended "l33t" blocks. > > Cheers, > JJ > > [1] http://contest-2010.korelogic.com/rules.html > > On 16/04/2013 10:02, Guth wrote: > > Hi, > > > > While playing with wordlist, I realized that the default l33t rules in > > john.conf are missing "frequent" patterns, mostly: > > > > i -> 1 > > t -> 7 > > > > others (lower priority): > > s -> 5 > > b -> 8 > > g -> 9 > > > > Here is my dirty/incomplete patch (for i->1 only), I'm not used to rules > > reading/writing, so please advise/correct (add t->7, ... ?) > > It's not extensively tested, so it should probably improved: > > > > -[:c] l /[aeilos] s\0\p[43110$] (?\p1[za] \p1[:c] > > -[:c] l /a /[eilos] sa4 s\0\p[3110$] (?\p1[za] \p1[:c] > > -[:c] l /e /[ilos] se3 s\0\p[110$] (?\p1[za] \p1[:c] > > -[:c] l /i /[los] se1 s\0\p[10$] (?\p1[za] \p1[:c] > > -[:c] l /l /[os] sl1 s\0\p[0$] (?\p1[za] \p1[:c] > > -[:c] l /o /s so0 ss$ (?\p1[za] \p1[:c] > > -[:c] l /a /e /[ilos] sa4 se3 s\0\p[110$] (?\p1[za] \p1[:c] > > -[:c] l /a /e /[los] sa4 se3 s\0\p[10$] (?\p1[za] \p1[:c] > > -[:c] l /a /i /[los] sa4 sl1 s\0\p[0$] (?\p1[za] \p1[:c] > > -[:c] l /a /l /[os] sa4 sl1 s\0\p[0$] (?\p1[za] \p1[:c] > > -[:c] l /a /o /s sa4 so0 ss$ (?\p1[za] \p1[:c] > > -[:c] l /e /i /[los] se3 sl1 s\0\p[0$] (?\p1[za] \p1[:c] > > -[:c] l /e /l /[os] se3 sl1 s\0\p[0$] (?\p1[za] \p1[:c] > > -[:c] l /[eil] /o /s s\0\p[311] so0 ss$ (?\p1[za] \p1[:c] > > -[:c] l /a /e /i /[los] sa4 se3 sl1 s\0\p[0$] (?\p1[za] \p1[:c] > > -[:c] l /a /e /l /[os] sa4 se3 sl1 s\0\p[0$] (?\p1[za] \p1[:c] > > -[:c] l /a /[eil] /o /s sa4 s\0\p[311] so0 ss$ (?\p1[za] \p1[:c] > > -[:c] l /e /i /l /o /s se3 sl1 so0 ss$ (?\p1[za] \p1[:c] > > -[:c] l /e /l /o /s se3 sl1 so0 ss$ (?\p1[za] \p1[:c] > > -[:c] l /a /e /i /l /o /s sa4 se3 sl1 so0 ss$ (?\p1[za] \p1[:c] > > > > Regards. > > > >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.