Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 2 Feb 2018 21:12:40 +0100
From: Solar Designer <>
Subject: Re: making wordlist rules

On Mon, Jan 29, 2018 at 04:50:10PM -0800, jeff wrote:
> I want to make a rule to prepend and append punctuation and symbols to
> words from a wordlist.
> My passwords are limited to 8 characters, so I am also truncating the
> words to 7 characters.
> I tried:
> [List.Rules:pre_post_1]
> # truncate to 7, then prefix or append with punct or special
> '7^?p
> '7^?s
> '7$?p
> '7$?s
> That didn't work, as the ?p and ?s didn't seem to be interpreted.

The "character classes" are only for matching of characters (in other
words, "any of these"), not for generating them (as in "all of these").

> So I tried:
> [List.Rules:pre_post_1]
> # truncate to 7, then prefix or append with punct or special
> '7^$
> '7$$
> '7^[%^&*()-_+=|\<>{}#@...
> '7$[%^&*()-_+=|\<>{}#@...
> This half worked. It seems I could not put in [ or ].

Yes, this is better, but you didn't need to special-case the
prefixing/suffixing with '$' yet you needed to escape the characters
that are special to the preprocessor - in your case, that's '-', which
signifies a range.  Thus, something like this:


Here we make even greater use of the preprocessor to also compact the
two commands (prepend and append) onto one line, and we use the ranges
(assuming ASCII).  Note that the opening square bracket (which we use as
start of a range) is escaped with a backslash.

Alternatively, you may want to skip longer input words instead of
truncating them.  You do this with:


I based these on the following examples found in the default john.conf:

# Now to the suffix stuff...
<* l $[1-9!0a-rt-z"-/:-@...`{-~]
-c <* (?a c $[1-9!0a-rt-z"-/:-@...`{-~]

# Now to the prefix stuff...
l ^[1a-z2-90]
-c l Q ^[A-Z]
l ^["-/:-@...`{-~]

So this is where you could have found this somewhat compact encoding of
the special characters into the preprocessor, too.

> Also some characters in the dictionary get uppercased and 0-9 seems to
> be substituted in.

That's puzzling.  Maybe it's specific to your hash type?  What is it?

> Clearly some characters need to be escaped in order to work properly,
> but I didn't see rules
> for escaping or quoting characters at

In doc/RULES:

There are some special characters in rules ("[" starts a preprocessor
character list, "-" marks a range inside the list, etc.)  You should
prefix them with a backslash ("\") if you want to put them inside a rule
without using their special meaning.  Of course, the same applies to "\"

I admit this doesn't specifically talk about escaping inside a
preprocessor character list, though.


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ