Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 26 Mar 2009 06:21:39 +0300
From: Solar Designer <>
Subject: Re: Adding Characters to the end of strings inside of DumbForce?

On Wed, Mar 25, 2009 at 09:52:53AM -0500, Minga Minga wrote:
> I am using a 'DumbForce' section of john.conf to brute force ALL possible 6
> character passwords,

Why not just use an "incremental" mode such as? -

File = $JOHN/all.chr
MinLen = 6
MaxLen = 6
CharCount = 95

That would be more efficient.

> But I want to ADD the string '2008' to the end of each
> password generated.
> (I want it to try aaaaaa2008 aaaaab2008 aaaaac2008 ... ... ..)
> Is there a way to do this in john.conf?

Yes.  The most efficient and easiest way to do it is with the All6
"incremental" mode defined above, in combination with:

void init()
	word[10] = 0;

void filter()
	word[6] = '2';
	word[7] = '0';
	word[8] = '0';
	word[9] = '8';

You invoke this as follows:

./john -i=All6 -e=6plus2008 passwd

>         i = 0;
>         charset[i++] = 65;

Why are you appending the ASCII code for letter 'A' here?

>         c = ' ';
>         while (c < '~')
>                 charset[i++] = c++;

This is almost the entire printable ASCII charset, less the '~' character.

>         c = '~' + 1;
>         while (c <= 0x7e)
>                 charset[i++] = c++;

This is nothing, because the ASCII code for the '~' character is exactly
0x7e, so the "while" loop condition is never true.

The result is that your charset contains two instances of 'A', but does
not contain '~'.

>         c++;

This is probably a no-op as well.

Instead of all the lines quoted above, you should have used:

	i = 0;
	c = ' ';			// Start with space (ASCII 32) and
	while (c <= 0x7e)		// proceed for all printable ASCII
		charset[i++] = c++;

That's all.

Now, in case you still don't want to use the combination of "incremental"
mode with an external filter() suggested above, as well as to illustrate
things, I am attaching a modification of the DumbForce mode and a
modification of the KnownForce mode to this message.  Either achieves
what you asked for, and additionally the modification of DumbForce is
capable of trying a range of password lengths.

Notice how with DumbForce I had to modify not only init(), but also
generate() and restore().  I could avoid modifying init() and
generate(), though, but instead introduce a filter() similar to one
shown above.

Also notice how with KnownForce my modifications are limited to init().
That's because what you asked for matches that mode better - you have a
portion of the password that is known ("2008" at the end), and there's a
way to specify that (which is why the mode is called KnownForce).
Perhaps the special-purpose modified DumbForce mode is faster, though.

I am also attaching .diff files between the original definitions for
these modes in JtR and the modified versions described above.
This is to illustrate the changes I've made.

All of these attachments use the text/plain MIME type, so they should be
visible in web archives of this mailing list.


View attachment "DumbForce-All6plus2008" of type "text/plain" (1790 bytes)

View attachment "KnownForce-All6plus2008" of type "text/plain" (1755 bytes)

View attachment "DumbForce-All6plus2008.diff" of type "text/plain" (2834 bytes)

View attachment "KnownForce-All6plus2008.diff" of type "text/plain" (1356 bytes)

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.