Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 22 Mar 2014 12:11:56 +0100
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
CC: Jan Starke <jan.starke@...ofbed.org>
Subject: Re: Question on Wordlist Combinatorials

On 2014-03-22 05:09, Nima Talebi wrote:
> I'm wondering if there is an efficient way to achieve the following:
>
> Given the word "password123", I would like a single rule to produce:
>
> password 123
> passwordOneTwo3
> passwordOne2Three
> password1TwoThree
> passwordOne23
> password1Two3
> password12Three
> passwordOneTwoThree
>
> ..plus all the various casings such as all lower-case for each spelled out
> numeric token, plus all upper case for example, but say not "OnE" or "OnE".
(...)
>
> I'm hoping there is a nice way to do this in JtR - is there?

I think doing that with Jtr rules would be theoretically possible but 
currently not feasible. Have a look at rexgen - this tool is fantastic, 
especially if you're used to regular expressions:
https://code.google.com/p/rexgen/

Here's an example (somewhat trimmed from the above):
$ echo password | rexgen -f - '\0([123]|[oO]ne|[tT](wo|hree))'
password1
password2
password3
passwordOne
passwordTwo
passwordthree
passwordThree

I'm not sure why my example did not produce "passwordone" nor 
"passwordtwo" but my version is not updated in a while - might be a 
fixed bug. Anyway the c00lest part is that this is planned to be 
built-in as a new mode to JtR at some point in the future! Sadly I 
haven't heard about that for half a year. It would be a milestone in JtR 
Jumbo development imho.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.