Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Thu, 4 Mar 2010 01:30:41 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Question about Az and the use the commas

On Wed, Mar 03, 2010 at 01:50:34PM -0600, Minga Minga wrote:
> Trying to learn the new/better syntax of using Az in a rule:
> 
> I have the line:
> cAz,[!@...%^&()_+\-={}|\\;':"./\<\>?`~][0123456789]

You're using a comma as your quote character, but this line is missing a
final comma at the end.  I assume that the line you actually have in
your john.conf does have a comma at the end.

> Which:
> 1) Capitalizes the first character
> 2) Adds a special character to the end of the word
> 3) Adds a number to the end of word (after the special char)
[...]

> Questions:
> 
> 1) Is there a better way to append special characters ?
>     - besides listing all of them in a giant ugly [!@#] command?

Yes, you can specify ranges of characters, as long as you're OK with
them being tried in ASCII code order.

> 2) is there a better way to append the number 0 1 2 3 4 ... 9 ?
>     - besides [0123456789]

Sure, just use [0-9].  Please read the default rulesets in john.conf
supplied with JtR - there are plenty of examples of this (and more).

> 3) Is there a way (using the new Az syntax to append a 'comma' to a string?

Sure.  There's no reason to use specifically a comma as your quote
character.  In fact, doc/RULES and the default john.conf use the
double-quote character most of the time.  Here's an example that uses
the letter "q" as the quote character:

c Azq[!-/:-@...{-~][0-9]q

This produces all the same candidate passwords that your line does and
more: it also tries appending a comma and square brackets.

I think the comma became "so popular" due to W.A.'s postings.  I would
recommend that you use the double-quote character by default instead,
although in this specific case we needed to avoid all of those symbols,
which is why I used a letter instead.

Alexander

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ