Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAJ9ii1E4FA8AyQYv=4P+tiH_xyxrJWPyOH85aY8yt0hP=C189A@mail.gmail.com>
Date: Tue, 23 Aug 2022 20:34:43 -0400
From: Matt Weir <cweir@...edu>
To: john-users@...ts.openwall.com
Subject: JtR Rules Questions

I've been playing around with John the Ripper rules, (this is a holdover
from the Crack Me if You Can competition), and I had some questions about
what I'm seeing and the best way to do things.

Note: The following observations are with John the Ripper
1.9.0-jumbo-1+bleeding-c80015001

As some further background, part of this investigation is into trying to
replicate the "random rule" (-g flag) option in Hashcat.

1) It doesn't seem like the delete first character '[' rule is working on
the command line:

echo "test" | john --pipe --stdout --rules=':['
Using default input encoding: UTF-8
test
1p 0:00:00:00 0.00% 1.515p/s test

Note, the delete last character rule ']' does work

echo "test" | john --pipe --stdout --rules=':]'
Using default input encoding: UTF-8
Enabling duplicate candidate password suppressor
tes
1p 0:00:00:00 0.00% 1.538p/s tes

2) With the rule preprocessor, is there an easy way to specify all
'special' characters? Trying to capture them while getting the escaping
correct is very difficult. Aka for alphanumeric I can
specify Az"[a-zA-Z0-9]". (Side note, if there is an easier way I'd be
interested in that). But how should I do that for all special characters,
or for that matter, all ASCII characters?

3) I notice that some commands play well within the rule preprocessor and
others do not. For example the following works:

echo "test" | john --pipe --stdout --rules=':[cul]'
Using default input encoding: UTF-8
Enabling duplicate candidate password suppressor
Test
TEST
test
3p 0:00:00:00 0.00% 4.225p/s test

But you can't seem to do an append in the rule preprocess. So for example:

echo "test" | john --pipe --stdout --rules=':[$0]'
Using default input encoding: UTF-8
Invalid rule in Command Line Rule at line 0: Unexpected end of rule $

This isn't so much a question vs. a comment I guess... To turn it into a
question, is there a list or set of rules that are "approved" to work in
the rule preprocessor

Thanks!
Matt / @Lakiw

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.