Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <df39e166-2be2-4cde-bfff-74091c1166f8@jeffunit.com>
Date: Wed, 18 Sep 2024 14:07:41 -0700
From: jeff <jeff@...funit.com>
To: john-users@...ts.openwall.com
Subject: Re: rule for password with control characters

That is 90% of what I need. Based on your advice I made these rules:
[List.Rules:rep_control_1]
# Trivial
o[0-9A-Z][\x7f\x80\x01-\x1f]


[List.Rules:ins_control_1]
# Trivial
i[0-9A-Z][\x7f\x80\x01-\x1f]

This will work when the input word character is 0-9 A-Z, but not with 
other characters.
I am finding passwords of the form <tab>word and word<cr> ,
where <tab> is the tab character and <cr> is a carriage-return character.

What I need are two rules that will do the following.
I am using numbers just as placeholders, and ^ as a control character.
If the dictionary word is 1234
For replace_ccontrol I need to generate
^234
1^34
12^4
123^

and for insert_control I need to generate
^1234
1^234
12^34
123^4
1234^

Is there a way to do that?

thanks in advance,
jeff


On 9/18/2024 05:08, Solar Designer wrote:
> On Sun, Sep 15, 2024 at 06:23:40PM -0700, jeff wrote:
>> I used these rules to either insert or substitute a control character
>> into a wordlist when I was
>> cracking descrypt hashes.
>>
>> Now I am cracking NTLM hashes, and there is no limit on the length of a
>> potential password.
> There is a limit - it's just much higher.
>
>> I was wondering if there was a way to modify the insertion and
>> substitution rules to not be limited to 8 chars.
> Sure.  I suggest that you start with the rules already in our default
> john.conf, I mean these:
>
> $ grep -n '^\[List.Rules:[oi]' john.conf
> 1130:[List.Rules:o1]
> 1137:[List.Rules:o2]
> 1159:[List.Rules:o]
> 1164:[List.Rules:i1]
> 1171:[List.Rules:i2]
> 1194:[List.Rules:i]
> 1199:[List.Rules:oi]
>
> They currently use [ -~] as the range of characters to substitute or
> insert, which covers printable ASCII.  You'll want to replace that with
> [\x7f\x01-\x1f] or add the control character codes to the printable
> range making it e.g. [\x01-\x7f].  You can also add 8-bit characters,
> making the range e.g. [\x01-\xff].  The rest can be kept intact.
>
> These rules are written such that they accommodate lengths up to 35 or
> 36, which is beyond the default NT format's limit of 27, but is below
> --format=nt-long limit of 110.
>
> Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.