Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Tue, 22 Mar 2011 20:25:16 +0100
From: magnum <rawsmooth@...dband.net>
To: john-users@...ts.openwall.com
Subject: Re: single mode

On 2011-03-20 21:06, I wrote:
> I feel I lack some details about single mode. Actually the best would be
> if one could use --stdout together with a [small] input file, for
> studying/tweaking rules. But it's not important enough to call for so
> maybe I should just hack in an fprintf somewhere and study it.

I did that fprintf hack so I can answer most of this myself. Here is 
what it looks like:

1. From the user's line in the input file, the following are taken as 
'words':

* The username, verbatim
* All words from the GECOS field that starts with a letter and consists 
of alphanumeric only (anything else is scrapped)
* The last part of the home directory (/usr/home/alpha becoms "alpha")

2. Even with no rules (or actually when using the ':' no-op rule), all 
words alone plus all possible pairs of these words (concatenated with no 
delimiter) are tried. Also, another similar set of pairs is tried with 
*first* word truncated to one character.

Words: john, doe
Candidates:
   john      <- alone
   doe
   johndoe   <- pairs
   doejohn
   jdoe      <- truncated pairs
   djohn

However, only the first four words are allowed as the first half of a 
pair. If there are five words, the fifth will only ever be the second 
half of a pair. This is to limit the number of combinations and this 
limit can be changed by altering SINGLE_WORDS_PAIR_MAX in params.h and 
recompiling.

3. Using rules (with "1", "2" and/or "+" in them), all the word pairs we 
just saw will be available to your own rules. So if you have a rule saying

   -p1$_2

you will have the following candidates in addition to the ones we got 
just from the no-op rule:

   john_doe
   doe_john
   j_doe
   d_john

The SINGLE_WORDS_PAIR_MAX limit applies here too.


> Would I ever need to swap 1 and 2 in  rules? I mean, if I have this rule:
>
> -p 1 $@ 2
>
> is there any reason to also have:
>
> -p 2 $@ 1
>
> or will that be tried anyway?

It will be tried anyway unless one of the words is word #5 or higher on 
the input line.

There may be a little more to this that I haven't noticed but this is 
the gist of it.

magnum

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ