Date: Fri, 17 Oct 2008 05:22:36 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: wordlist rules for known elements of password On Sun, Oct 05, 2008 at 08:18:05AM -0700, William wrote: > I'm trying to recover a forgotten password Do you have a specific reason for recovering as opposed to resetting it? The latter is often easier to do. > and I need some help creating a rule. I know the password is a combination of several words, but, while I know the list of words the password is drawn from, I don't know exact combination. How long is that list? Is it the same list for all "word positions"? How many words form the "password"? > For example, I have the list > > cat > dog > bird > cow > > and I want to create a rule that will try all possible combinations of the words, for example: Wordlist rules are only usable for this when your list of words is very short - or, if you have different lists for different "word positions", when all but one list are very short (it is OK for one of these lists to be long - you'd place that one in your wordlist file). > catdog > dogcat > catbird > birdcat > catcow ...and so on for two-word combinations. For that, you'll need to place your "first" words into a wordlist file, one per line: cat dog bird cow and you need to create wordlist rules out of your "second" words, using the "append character" command: [List.Rules:Wordlist] $c$a$t $d$o$g $b$i$r$d $c$o$w Then running JtR produces: $ john -w=w --rules --stdout catcat dogcat birdcat cowcat catdog dogdog ... cowcow words: 16 time: 0:00:00:00 100% w/s: 1600 current: cowcow > catdogbird > catbirddog > dogcatbirdcow > cowbirddogcat > etc For three-word combinations, you may have JtR apply the rules for a second time: $ john -w=w --rules --stdout > w2 words: 16 time: 0:00:00:00 100% w/s: 1600 current: cowcow $ john -w=w2 --rules --stdout catcatcat dogcatcat birdcatcat cowcatcat catdogcat ... birdcowcow cowcowcow words: 64 time: 0:00:00:00 100% w/s: 6400 current: cowcowcow Of course, in practice your final invocation of "john" won't use the "--stdout" option, but it will instead include the filename for your file with the password hash. I am using "--stdout" in these examples to show what candidate "passwords" would be tried. If you have a significantly larger number of words to try (for more than one "word position"), then your best bet is to use a Perl script, such as one of those found on this older john-users posting: http://www.openwall.com/lists/john-users/2006/10/19/4 > Some rules I've tried in the John.conf file: > :+: > :+:+: > :+:+:+: (etc) The ":" command is a no-op - and it really is, so there's no point in using it. The "+" command is specific to "single crack" mode and it is only relevant when a "1" or "2" is found earlier on the same rule. With "single crack", JtR will try various combinations of two "words" out of those "words" that it determines are relevant to the target account (e.g., a user's first and last name). A rule may use "1" or "2" to temporarily restrict further commands to apply to the "first" or the "second" "word" only, respectively. Then a "+" will remove that restriction, making further commands apply to the concatenation of both "words" again. Thus, the rules above make no sense (and are not valid for wordlist mode). > $cat > ^cat > $catdog > ^catdog The "$" and "^" commands apply to individual characters only. So you'll need to use them per-character to append or prepend entire words. Also note that with "^" you'll have to put your characters in reverse order - but you probably don't need this. > I know that some of the elements are upper-case (but I don't know which ones), so I also need to toggle between upper and lower case, so I also need to try: > DOGcat > dogCAT > DOGcatCOW > dogCATCOW You may achieve this with rules like: [List.Rules:Wordlist] $c$a$t $d$o$g $b$i$r$d $c$o$w $C$A$T $D$O$G $B$I$R$D $C$O$W and with the same words, in both lower and upper case, in your input wordlist. You may use the "l" and "u" commands to simplify generating that wordlist initially. Of course, this gets nasty; wordlist rules were never meant for dealing with multiple words at a time (except in "single crack" mode), so using a Perl script may be your best bet. A multi-word "passphrase" cracking mode, or an enhancement to the wordlist mode, might be added in a future version of JtR. Alexander -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.