Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 18 Apr 2014 13:05:15 +0400
From: Aleksey Cherepanov <lyosha@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: proof of concept converter of rexgen-like syntax into
 john rules

On Fri, Apr 18, 2014 at 12:05:37AM +0200, magnum wrote:
> On 2014-04-17 23:58, magnum wrote:
> >On 2014-04-15 21:26, Rich Rumble wrote:
> >>On Tue, Apr 15, 2014 at 3:11 PM, magnum <john.magnum@...hmail.com> wrote:
> >>
> >>>One side effect when working with this is it makes me want a sed2rules
> >>>generator too, perhaps even in combination with rexgen ;-)  This would
> >>>finally solve the "complex leet permutations" problem (like "replace
> >>>any of
> >>>[aA] with any of [aA4@] *and* any of [eE] with any of [eE3] *and* any of
> >>>...").
> >>>
> >>Just a quick note, I have great success with "1337" rules that don't
> >>replace ALL instances... But I get what you were saying :)
> >>http://www.openwall.com/lists/john-users/2010/08/03/4
> >
> >I bet that's very common. Doing what I describe above, we will create
> >all combinations of "only some instances" as well as "all instances".
> >But it would result in a large number of rules I guess.
> 
> On second thought that won't happen they way I described it. This is a
> complex issue!

I've wrote a script to generate the rules. It is a proof of concept
again.

It creates replacements for some instances, not for all instances.
$max_count controls amount of replacements of one letter.
$max_pos controls variety of positions of the letter.
If $max_count is higher than amount of letters in the word than we
replace all but we could be sure about the condition. Replace all rule
(s) is not used.

Thanks!

-- 
Regards,
Aleksey Cherepanov

View attachment "t.pl" of type "text/x-perl" (2479 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ