Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAJ9ii1GciQdHteq4B8JO0u0hfcG7pHnm2G9i6cNbMQFtyqcL9A@mail.gmail.com>
Date: Wed, 26 Mar 2025 22:23:42 -0400
From: Matt Weir <cweir@...edu>
To: john-users@...ts.openwall.com
Subject: Re: Issue Applying Rules to Tokenized in John the Ripper

Hi,
    The challenge is that tokenizer uses --incremental mode and I don't
think you can combine that with --rules in a single running instance of
John the Ripper.

What I've done in the past when applying additional mangeling to
--incremental runs (regardless of it is a tokenizer attack or not) is to
pipe an instance of the incremental attack into another JtR process that
applies the rules to it.  For example:

./john --incremental=Tokenize --extneral=Untokenize --stdout | ./john
--pipe --rules= KoreLogic,Best64  --format=raw-md5  md5.hash

Here is a writeup I did on running the tokenizer attack:
https://reusablesec.blogspot.com/2024/10/running-jtrs-tokenizer-attack.html
You'll need to update your john-local.conf file with the results of your
tokenizer attack along with your generated tokenizer incremental character
set.

I hope this help!
Matt / @Lakiw

On Wed, Mar 26, 2025 at 8:01 PM Pentester LAB <pentesterlab3@...il.com>
wrote:

> I am reaching out to seek assistance regarding an issue I encountered while
> attempting to apply rules to a tokenized  using John the Ripper (JtR).
> Steps Taken:
>
>    1.
>
>    I created a test input file named test.txt with the following content:
>
> abc
> @
> 123
>
>
>    2.
>
>    I used JtR's default tokenizer to process the file:
>
> perl tokenize.pl test.txt > test_token.txt
>
>
>    3.
>
>    The content of test_token.txt is as follows:
>
> # sed '/[^ -~]/d; s/123/\x1/g; s/abc/\x2/g; s/12/\x3/g; s/bc/\x4/g;
> s/23/\x5/g; s/ab/\x6/g; s/a/\x7/g; s/1/\x8/g; s/b/\x9/g; s/2/\xb/g;
> s/@/\xc/g; s/c/\xe/g; s/3/\xf/g; s/^/:/'
>
> [List.External:Untokenize]
> int mod[0x100];
>
> void init() {
>     for (int i = 0; i < 0x100; ++i) mod[i] = i;
>     mod[1] = 0x333231; // "123"
>     mod[2] = 0x636261; // "abc"
>     mod[3] = 0x3231;   // "12"
>     mod[4] = 0x6362;   // "bc"
>     mod[5] = 0x3332;   // "23"
>     mod[6] = 0x6261;   // "ab"
>     mod[7] = 0x61;     // "a"
>     mod[8] = 0x31;     // "1"
>     mod[9] = 0x62;     // "b"
>     mod[11] = 0x32;    // "2"
>     mod[12] = 0x40;    // "@"
>     mod[14] = 0x63;    // "c"
>     mod[15] = 0x33;    // "3"
> }
>
> void filter() {
>     int i = 0, j = 0, k = 0, save[0x80];
>     while (save[i] = word[i]) i++;
>     while (int m = mod[save[j++]]) {
>         word[k++] = m;
>         while (m >>= 8) word[k++] = m;
>     }
>     word[k] = 0;
> }
>
>
>    4.
>
>    I attempted to crack the hash using the following command:
>
> john --format=raw-md5 --wordlist=test_token.txt
> --rules=KoreLogic,Best64 md5.hash
>
> Issue Observed:
>
>    -
>
>    JtR correctly loaded the tokenized wordlist, but it appears that the
>    selected rules (KoreLogic, Best64) were not applied during the cracking
>    attempt.
>    -
>
>    The session completed without any successful cracks, and no rule-based
>    transformations seemed to have been executed on the tokenized input.
>
> Request for Assistance:
>
> I would appreciate guidance on:
>
>    -
>
>    Ensuring that rules are correctly applied to tokenized.
>    -
>
>    Identifying if there are any misconfigurations or additional parameters
>    needed.
>
> Thank you for your support.
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.