Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 3 Oct 2008 21:37:58 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: wordlist rules for leet speak (was: how to do that)

On Thu, Oct 02, 2008 at 06:09:59PM +0200, websiteaccess wrote:
>  I would like apply a rule in JTR able to change a vowel with digit.
> 
>  Example: adoption -> ad0ption
>   or carnage -> carn4ge
> 
>  How to do that with jtr's rules ?

The default john.conf includes some rules like that, enabled for "single
crack" mode only by default.  You may copy the lines between these two
comments:

# The following 3l33t rules are based on original Crack's dicts.rules
l/asa4[:c]
l/ese3[:c]
l/lsl1[:c]
l/oso0[:c]
l/sss$[:c]
...
l/asa4/ese3/lsl1/oso0/sss$[:c]
# Now to the prefix stuff...

into the [List.Rules:Wordlist] section to have them enabled for wordlist
mode as well.  (I have replaced some of the rules with "..." above.)

As to your specific examples, replacing o's with 0's is done with the
"so0" command, and a's with 4's with the "sa4" command.  To discard
duplicate candidate passwords that would be produced on input words that
lack the characters to be replaced, either the approach seen above can
be used (e.g., the command "/a" rejects the word unless it contains "a")
or the "M" and "Q" commands can be used as follows:

[List.Rules:Wordlist]
so0Q
sa4Q
so0QMsa4Q

This may produce the following candidate passwords:

$ cat w
adoption
carnage
$ john -w=w --rules --stdout
ad0pti0n
4doption
c4rn4ge
4d0pti0n
words: 4  time: 0:00:00:00 100%  w/s: 400  current: 4d0pti0n

Notice that all of the rules mentioned above will replace _all_
instances of the characters to be replaced.  This is different from your
examples where only some instances of o's and a's were replaced.
Unfortunately, there's no good way to achieve the latter with wordlist
rules, although it can be achieved if you really want to.  For example,
these rules:

[List.Rules:Wordlist]
=0oo00 
=1oo10
=2oo20
=3oo30
=4oo40
=5oo50
=6oo60
=7oo70
=0ao04
=1ao14
=2ao24
=3ao34
=4ao44
=5ao54
=6ao64
=7ao74

will produce:

$ john -w=w --rules --stdout
ad0ption
adopti0n
4doption
c4rnage
carn4ge
words: 5  time: 0:00:00:00 100%  w/s: 500  current: carn4ge

Alexander

P.S. Please use short yet descriptive message Subjects.  Yours was not
descriptive at all; I had to change it.

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.