Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 26 Mar 2009 06:21:39 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Adding Characters to the end of strings inside of DumbForce?

On Wed, Mar 25, 2009 at 09:52:53AM -0500, Minga Minga wrote:
> I am using a 'DumbForce' section of john.conf to brute force ALL possible 6
> character passwords,

Why not just use an "incremental" mode such as? -

[Incremental:All6]
File = $JOHN/all.chr
MinLen = 6
MaxLen = 6
CharCount = 95

That would be more efficient.

> But I want to ADD the string '2008' to the end of each
> password generated.
> 
> (I want it to try aaaaaa2008 aaaaab2008 aaaaac2008 ... ... ..)
> 
> Is there a way to do this in john.conf?

Yes.  The most efficient and easiest way to do it is with the All6
"incremental" mode defined above, in combination with:

[List.External:6plus2008]
void init()
{
	word[10] = 0;
}

void filter()
{
	word[6] = '2';
	word[7] = '0';
	word[8] = '0';
	word[9] = '8';
}

You invoke this as follows:

./john -i=All6 -e=6plus2008 passwd

>         i = 0;
>         charset[i++] = 65;

Why are you appending the ASCII code for letter 'A' here?

>         c = ' ';
>         while (c < '~')
>                 charset[i++] = c++;

This is almost the entire printable ASCII charset, less the '~' character.

>         c = '~' + 1;
>         while (c <= 0x7e)
>                 charset[i++] = c++;

This is nothing, because the ASCII code for the '~' character is exactly
0x7e, so the "while" loop condition is never true.

The result is that your charset contains two instances of 'A', but does
not contain '~'.

>         c++;

This is probably a no-op as well.

Instead of all the lines quoted above, you should have used:

	i = 0;
	c = ' ';			// Start with space (ASCII 32) and
	while (c <= 0x7e)		// proceed for all printable ASCII
		charset[i++] = c++;

That's all.

Now, in case you still don't want to use the combination of "incremental"
mode with an external filter() suggested above, as well as to illustrate
things, I am attaching a modification of the DumbForce mode and a
modification of the KnownForce mode to this message.  Either achieves
what you asked for, and additionally the modification of DumbForce is
capable of trying a range of password lengths.

Notice how with DumbForce I had to modify not only init(), but also
generate() and restore().  I could avoid modifying init() and
generate(), though, but instead introduce a filter() similar to one
shown above.

Also notice how with KnownForce my modifications are limited to init().
That's because what you asked for matches that mode better - you have a
portion of the password that is known ("2008" at the end), and there's a
way to specify that (which is why the mode is called KnownForce).
Perhaps the special-purpose modified DumbForce mode is faster, though.

I am also attaching .diff files between the original definitions for
these modes in JtR 1.7.3.1 and the modified versions described above.
This is to illustrate the changes I've made.

All of these attachments use the text/plain MIME type, so they should be
visible in web archives of this mailing list.

Alexander

View attachment "DumbForce-All6plus2008" of type "text/plain" (1790 bytes)

View attachment "KnownForce-All6plus2008" of type "text/plain" (1755 bytes)

View attachment "DumbForce-All6plus2008.diff" of type "text/plain" (2834 bytes)

View attachment "KnownForce-All6plus2008.diff" of type "text/plain" (1356 bytes)

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.