Date: Mon, 24 Aug 2015 17:27:24 +0200 From: Frank Dittrich <frank.dittrich@...lbox.org> To: john-dev@...ts.openwall.com Subject: Re: New single mode rules On 08/24/2015 04:55 PM, JimF wrote: > # this is a good rule on larger sites where a user ID may already be used, > # so a user simply appends numbers to create his loginID, but then uses the > # login name he wanted as basis for password. Just strip off digits and > treat > # the base-word to some manipulation. These rules found from the Asley > # Madison leak. Only adds about 30 tests and only to user names that have > # digits contained within them, and cracks quite a few. > /?d @?d Good rule when users are allowed to pick their own user name, but their favorite name has already been used by someone else. But I would require a min length that has to remain after removing the digits. > /?d @?d M [lc] Q Similar here, require min length. > /?d M @?d [lc] $[0-9] Q These are 20 different rules! With a large list of users and a slow hash format, I would definitely try this one first: @?D Q >4 And I would make adjust your rules to /?d @?d >3 <* $[0-9] Q /?d @?d >3 M [lc] Q <* $[0-9] > /?d M @?d [lc] Q Az"12" /?d @?d [lc] <- Az"12" Q > /?d M @?d [lc] Q Az"123" /?d @?d [lc] Az"123" <+ Q We should also add a rule which checks whether a word (user name) starts with a letter, ends with a digit, and switches digits and letters. E.g., transform michael6789 into 6789michael. Not sure if this is good enough: (?a )?d /?d 'p Xpz0 $ cat test testtest12345 Test1234test2 $ ./john --wordlist=test --rules=test --stdout 12345testtest 1234test2Test Frank
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.