Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20240918120810.GA2114@openwall.com>
Date: Wed, 18 Sep 2024 14:08:10 +0200
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: rule for password with control characters

On Sun, Sep 15, 2024 at 06:23:40PM -0700, jeff wrote:
> I used these rules to either insert or substitute a control character 
> into a wordlist when I was
> cracking descrypt hashes.
> 
> Now I am cracking NTLM hashes, and there is no limit on the length of a 
> potential password.

There is a limit - it's just much higher.

> I was wondering if there was a way to modify the insertion and 
> substitution rules to not be limited to 8 chars.

Sure.  I suggest that you start with the rules already in our default
john.conf, I mean these:

$ grep -n '^\[List.Rules:[oi]' john.conf
1130:[List.Rules:o1]
1137:[List.Rules:o2]
1159:[List.Rules:o]
1164:[List.Rules:i1]
1171:[List.Rules:i2]
1194:[List.Rules:i]
1199:[List.Rules:oi]

They currently use [ -~] as the range of characters to substitute or
insert, which covers printable ASCII.  You'll want to replace that with
[\x7f\x01-\x1f] or add the control character codes to the printable
range making it e.g. [\x01-\x7f].  You can also add 8-bit characters,
making the range e.g. [\x01-\xff].  The rest can be kept intact.

These rules are written such that they accommodate lengths up to 35 or
36, which is beyond the default NT format's limit of 27, but is below
--format=nt-long limit of 110.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.