Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 18 Apr 2014 09:28:33 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: proof of concept converter of rexgen-like syntax into john rules

This could actually be a 'mode' within the rexgen lib.   -i is actually very trivial.   What happens, is rexgen converts an input like password into [pP][aA]...[oO][dD] and then simply runs it.  It could be that a mode is added to that lib, -e that does elite, or simply add methods that allow setting what sets of characters get replaced, so the -i code (case=true) works differently.   We might bring this to Jan. That way, the case code is pre-seeded with a=aA A=aA, b=bB B=bB, etc.  But if we have an interface that allows setting a=aA4@&  b=bB86  s=sS$5, o=oO0, etc, then rexgen could easily do complex leet stuff

I am pretty sure that rexgen dynamically recomputes this  for each \0    

I know we have hit up Jan quite a bit the last few weeks, getting rexgen stabilized (it is close, but still needs some things), and I know this may be a 'one-off' request for JtR. This may be that the regex.c code within JtR (where the callback function is), will have to be enhanced to do this form of 'super-elite' work.  It would not be too hard there. For each word read, the word itself is converted into the [first_letters][second_letters]...[last_letters] format, and then a new iterator created within rexgen based upon this word and the possibilities.  This actually 'should' be sort of easy to do.  Simply find the original regex string, replace all \0 values with the proper character classes, and send that string to create a new iterator.  Then when we read the next word, replace the original \0 again with the recomputed character classes for this next word, etc. 

Jim.

-----Original Message-----
From: magnum [mailto:john.magnum@...hmail.com] 
Sent: Thursday, April 17, 2014 17:06
To: john-dev@...ts.openwall.com
Subject: Re: [john-dev] proof of concept converter of rexgen-like syntax into john rules

On 2014-04-17 23:58, magnum wrote:
> On 2014-04-15 21:26, Rich Rumble wrote:
>> On Tue, Apr 15, 2014 at 3:11 PM, magnum <john.magnum@...hmail.com> wrote:
>>
>>> One side effect when working with this is it makes me want a 
>>> sed2rules generator too, perhaps even in combination with rexgen ;-)  
>>> This would finally solve the "complex leet permutations" problem 
>>> (like "replace any of [aA] with any of [aA4@] *and* any of [eE] with 
>>> any of [eE3] *and* any of ...").
>>>
>> Just a quick note, I have great success with "1337" rules that don't 
>> replace ALL instances... But I get what you were saying :)
>> http://www.openwall.com/lists/john-users/2010/08/03/4
>
> I bet that's very common. Doing what I describe above, we will create 
> all combinations of "only some instances" as well as "all instances".
> But it would result in a large number of rules I guess.

On second thought that won't happen they way I described it. This is a complex issue!

magnum


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ