Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <570025BD.10908@openwall.net>
Date: Sat, 2 Apr 2016 15:04:13 -0500
From: jfoug <jfoug@...nwall.net>
To: john-users@...ts.openwall.com
Subject: New hybrid external elite mode

There is a new external-hybrid mode  --external=Leet   which does 'leet 
word mangling of input words.

https://github.com/magnumripper/JohnTheRipper/commit/94f2eda06186eeb1d642f8e6fdf01a61e5b535a4

This is only available on current bleeding john-jumbo, which has the 
hybrid-external logic.  This external script is considerably more 
powerful than what can be done with rules. In this code, each character 
that has transformations is rolled through its transformations 
independent of all other letters.  So the word hellcats produces:

$ echo hellcats | ../run/john -pipe -stdout -extern:leet
hellcats
#ellcats
h3llcats
#3llcats
he1lcats
#e1lcats
h31lcats
#31lcats
hel1cats
#el1cats
h3l1cats
#3l1cats
he11cats
#e11cats
h311cats
#311cats
hell(ats
#ell(ats
....
h3l1(&75
#3l1(&75
he11(&75
#e11(&75
h311(&75
#311(&75
1152p 0:00:00:00 0.00% 9290p/s #311(&75

1152 total candidates is many more than are produced using rules, since 
rules are not easily able to rotate each letter independently.

This is the current leet language in the script (of course this can 
easily be extended).
  *   a -> a4@&
  *   b -> b68
  *   c -> c(
  *   e -> e3
  *   g -> g9
  *   h -> h#
  *   i -> i1!
  *   l -> l1
  *   o -> o0
  *   s -> s$5
  *   t -> t+7

Now the script as written does output the 'actual' word as the first 
output. This may not be right, as per normal usage. Normally by the time 
someone is getting down to doing elite testing, they have already tested 
the dictionary words, so having the script return the original word is 
usually redundant work.   I can easily add a flag to the script which 
allows it to skip that word, or if the flag is false, then the original 
word IS produced as the first word.

Also, there is a flag that limits the number of characters to rotate. 
This is by default set to 10. Letter 'a' has the most rotators at 4 
(a4@&) and 4^10 is just over 1 million, so that is why for default 
distribution, a limit of 10 characters is imposed. But that is a 
variable, so each user can make it smaller (faster work), or larger 
(more work, but may crack additional passwords).

I also have plans on doing a case mangler external-hybrid script in the 
near future.

-- 
Community volunteer for John the Ripper project.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.