Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CANWtx02Lq2LdQe0x30pH0hrdDrFbHr1Q3NtG1D47c9qB1J4QCw@mail.gmail.com>
Date: Mon, 13 Jan 2014 08:34:57 -0500
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Rules-101 (was: How to use Wordlists with John The Ripper)

On Sun, Jan 12, 2014 at 9:09 PM, Jack Wilborn <jkwilborn@...il.com> wrote:
> Reading these questions and using JtR on my Linux box, I've had some
> trouble understanding the 'rules'.  I think it would help a lot to simplfy
> the initial intro text on making rules.  I'm a retired programmer, so I
> have some knowledge, but it's actual syntax and use is still evading me.
The Rules inside the john.conf are mostly commented on what they do
and even some examples given too:
# johnsmith -> JohnSmith, johnSmith
-p-c (?a 2 (?a c 1 [cl]
# JohnSmith -> john smith, john_smith, john-smith
-p 1 <- $[ _\-] + l
# JohnSmith -> John smith, John_smith, John-smith
-p-c 1 <- (?a c $[ _\-] 2 l

I know how to write some basic rules, but folks on here know how to
write much better ones, and I've asked for some pretty complex stuff
in the past. I understand the RULES file pretty well up to the point
of memorizing words (M,Q and X). But you can certainly "reverse" the
rules in John.conf already pretty simply by using the RULES file. We
should have some kind of primer on the Wiki
http://openwall.info/wiki/john
I may try to add what little I know soon.
> My suggestion would be to take a simple password, that is know the 'jack'
> is the start of it, but it can be any of 10,000
>  iteration such as 'john0000' to 'john9999' and show how the 'rule' is for
> that specific example.
>From RULES
AN"STR"    insert string STR into the word at position N

To append a string, specify "z" for the position.  To prefix the word
with a string, specify "0" for the position.

Az[0-9][0-9][0-9][0-9]
A0[0-9][0-9][0-9][0-9]
or
$X    append character X to the word
^X    prefix the word with character X

$[0-9] $[0-9] $[0-9] $[0-9]
^[0-9] ^[0-9] ^[0-9] ^[0-9]
And have a wordlist that had "jack" as the only entry (or many more words)
I'm sure I'll be corrected in a few, and that there are even more ways
to write that rule, perhaps more efficient ways, I believe the "AN"
rules are more ?efficient?

You can also run incremental and external together!!
http://www.openwall.com/lists/john-users/2009/03/26/1

> Of course when you mix alpha numerics such as
> 'john0000' through 'johnFFFF' (hex range and not the complete alpha group.
> Show that and you could see what's up with the rules.  Then the other would
> be the flip of it, like '0000john' to '9999john' and you may not need the
> hex range, but it's inclusion would help show the patter of what's
> happening.  The rules would have no more than what's necessary for the
> example.  I believe that I would have a much faster learning rate with
> simple starting examples.
You can use external modes too, JtR has a few, knownforce springs to
mind where you know "jack" is part of the pass, and you can increment
through the rest. I believe the incremental+external example I linked
above is more effecient.

There are many questions that have been asked before, a targeted
google search typically helps.
https://www.google.com/#q=site:openwall.com+add+characters+to+the+end+of+string
There is also the wiki: http://openwall.info/wiki/john/mailing-list-excerpts
We always need more folks actively participating on the wiki.
-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.