Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <55586AE4.20606@web.de>
Date: Sun, 17 May 2015 11:18:12 +0100
From: Demian Smith <demian.smith@....de>
To: john-users@...ts.openwall.com
Subject: Re: Advise on best approach (truecrypt pw based on pdf
 file)

Hi magnum,

thanks a million for the rule Orz !

I ran it over my file, alas - to no avail. I start to think there's
something really wrong/awkward, in all likelihood on my side of thinks
when creating the encrypted HDD.

I have as well created of copy of the wordlist and manually went through
the 3500 lines to check where there wrong line breaks (i.e. lines
starting with lower case).

So, this is my last question and with it I wish to apply for the "Most
stupid question - 2015" award - is it possible, to create a "moving
interval" rule?

I am thinking to take my wordlist rule, remove all the line breaks so
that I have a really long stream of chars and then just move the Interval.

Say, my stream would be
SiadqrfewmnsohabiwtoarotwwsbaotmcaaTpthbwuitrubwltetpt

I'd like to have rule (or preoprocessed rule) that walks throught the
file like this
[Siad]qrfewmnsohabiwtoarotwwsbaotmcaaTpthbwuitrubwltetpt
[Siadq]rfewmnsohabiwtoarotwwsbaotmcaaTpthbwuitrubwltetpt
[Siadqr]fewmnsohabiwtoarotwwsbaotmcaaTpthbwuitrubwltetpt
(...)
[Siadqrfewmnsohabiwto]arotwwsbaotmcaaTpthbwuitrubwltetpt
S[iadq]rfewmnsohabiwtoarotwwsbaotmcaaTpthbwuitrubwltetpt
S[iadqr]fewmnsohabiwtoarotwwsbaotmcaaTpthbwuitrubwltetpt
S[iadqrf]ewmnsohabiwtoarotwwsbaotmcaaTpthbwuitrubwltetpt
(...)
Si[adqr]fewmnsohabiwtoarotwwsbaotmcaaTpthbwuitrubwltetpt

This might not result in any positives, but after I have treid all the
other things, I just would like to use this last attempt, before going
back to "BruteForcing" with incremental...

Right now the --rules=single runs on the file, but it takes quite long
as I have the additional ones from KoreLogic in there ( which in my case
probably doesn't make any sense in the first place)

Anyway, if I could get a quick word on my interval idea, I hope I can
then stop asking questions and bug you :s

Thanks,
Demian

 ★ On 15/05/14 01:32 a.m. Magnum wrote ★
> On 2015-05-13 23:19, Demian Smith wrote:
>> still working on my truecrypt hash - in the meantime I have converted
>> all pdfs in a folder to txt and created the "first letter only"
>> candidates.
>>
>> I am currently running the truncate rule that magnum thankfully provided
>> me with on the wordlist (>[4-9A-Z]'\0 )
>>
>> As this had not been succesful yet even though I assume the correct pdf
>> had been used I was wondering could a rule be written to do the
>> "opposite" of truncate?
>>
>> So instead of truncating
>> Abcdefgeh to Abcd | Abc | Ab it would start from the back and
>> "truncates" to fgeh | geh | ge instead. I hope by doing so I fetch out
>> the stuff I have not tested as yet, in case I started at some random
>> spot in the sentence...
> 
> Here's a shot from the hip. I half heartedly tossed things together and
> it (seemingly) started working much sooner than I expected:
> 
> [List.Rules:substring]
>>[4-9A-Z] val\0 Xal0 '\0 >[3-9A-Y]'\p[4-9A-Z]
> 
> The above expands to 1024 rules. It appears to produce all combinations
> of min. length 4 except the full original word. I did not test it other
> than the below:
> 
> $ ../run/john -pipe -rules:substring -stdout <<< Abcdefgh
> efgh
> defg
> defgh
> cdef
> cdefg
> cdefgh
> bcde
> bcdef
> bcdefg
> bcdefgh
> 
> magnum
> 
> 

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.