Openwall GNU/*/Linux 3.0 - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 19 Oct 2010 19:04:52 -0400
From: Brad Tilley <brad@...ystems.com>
To: john-users@...ts.openwall.com
Subject: Re: Solution to this 'l33t' rules problem?

On 10/19/2010 05:52 PM, Minga Minga wrote:
> So heres something that I can't figure out, take the word:
> 
>    neglected
> 
> And place it into a wordlist.
> 
> and run a command such as:
> 
> # ./john -w:neglected.dic --rules:korelogicrulesl33t -stdout | grep -i ^n3gl3
> 
> You get words such as :
> 
> n3gl3ct3d  N3gl3ct3d  n3gl3c+3d  N3gl3c+3d
> 
> But how would you go about cracking the passwords:
> 
> N3gl3cted  n3gl3cted Negl3cted Negl3ct3d

Seems you would need a Cartesian product to cover all possibilities
(what about NegL3ctEd):

1 = nN
2 = eE3
3 = gG6
4 = lL17|
5 = eE3
6 = cC[
7 = tT+7
8 = eE3
9 = dD

Depending on you definition of leet, the sets may be bigger than what I
listed above, but you would want a CP of those sets to fully enumerate
the word "neglected" I think. I'm not sure JTR does this.

Brad

> Notice that _NOT_ all of the e's are turned into 3s. I've started to see a few
> of these passwords that Ive missed previously, and I totally should have been
> able to crack them.
> 
> Any ideas?  The problem obviously isn't with just 'e's  but _all_
> "l33t" translations.
> 
> What about 'mississippi' ? The 'l33t' rules should be able to generate
> passes like;
> mis$iss1ppi   (Notice how one of the s's is changed - and only one of
> the i's is changed
> as well).
> 
> I got the idea for this from the list of NTLM hashes not cracked from the DEFCON
> contest.
> 
> -Rick / Minga
> KoreLogic

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ