Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 8 Oct 2010 17:04:50 -0500
From: Minga Minga <mingakore@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Rule to replace strings

On Fri, Oct 8, 2010 at 3:03 PM, Solar Designer <solar@...nwall.com> wrote:
> Here's a curious alternative along the lines of Matt's original question
> and Rich's line:
> /?d Dp =p?d Dp =p?d Dp =p?d Dp Ap"[0-9][0-9][0-9][0-9]"

That is really cool. It took me a while to completely understand it.
My only question is, why is there not a 4th   =p?d      ? If you add
it, there is no output so its obviously correct.

/?d        -> reject the word if it doesn't have any digits
Dp         -> Delete the character at position 'p'
=p?d      -> reject the letter at position 'p' if its not a digit

Ap"[0-9][0-9][0-9][0-9]"   -> add 4 numbers at location 'p' where you just
                                       removed 4 numbers

------
Fyi: I used your rule on some NTLMs that I've been cracking a LOOONG time
using    'cut -d: -f2- john.pot | sort -u > john.pot.dic'  as my wordlist. And
I cracked some good passwords that I previously missed that were just 4-digits
different that previous passwords.

-----

I created these for my own use:

# This is based off of a rule by Solar Designer - Oct 2010
# http://marc.info/?l=john-users&m=128656827426797&w=2
[List.Rules:KoreLogicRulesReplace3Digits]
/?d Dp =p?d Dp =p?d Dp Ap"[0-9][0-9][0-9]"

# This is based off of a rule by Solar Designer - Oct 2010
# http://marc.info/?l=john-users&m=128656827426797&w=2
[List.Rules:KoreLogicRulesReplace2Digits]
/?d Dp =p?d Dp Ap"[0-9][0-9]"

# This is based off of a rule by Solar Designer - Oct 2010
# http://marc.info/?l=john-users&m=128656827426797&w=2
[List.Rules:KoreLogicRulesReplace2LowerLetters]
/?l Dp =p?l Dp Ap"[a-z][a-z]"

# This is based off of a rule by Solar Designer - Oct 2010
# http://marc.info/?l=john-users&m=128656827426797&w=2
[List.Rules:KoreLogicRulesReplace2Letters]
/?a Dp =p?a Dp Ap"[A-Za-z][A-Za-z]"

# This is based off of a rule by Solar Designer - Oct 2010
# http://marc.info/?l=john-users&m=128656827426797&w=2
[List.Rules:KoreLogicRulesReplace3LowerLetters]
/?l Dp =p?l Dp =p?l Dp Ap"[a-z][a-z][a-z]"

# This is based off of a rule by Solar Designer - Oct 2010
# http://marc.info/?l=john-users&m=128656827426797&w=2
[List.Rules:KoreLogicRulesReplace3Letters]
/?a Dp =p?a Dp =p?a Dp Ap"[A-Za-z][A-Za-z][A-Za-z]"

# This is based off of a rule by Solar Designer - Oct 2010
# http://marc.info/?l=john-users&m=128656827426797&w=2
[List.Rules:KoreLogicRulesReplace4LowerLetters]
/?l Dp =p?l Dp =p?l Dp =p?l Dp Ap"[a-z][a-z][a-z][a-z]"


-Rick / Minga
KoreLogic

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.