Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 19 Apr 2009 06:30:43 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: New john.conf rules (Part 1 of 9999)

First of all, thank you for posting this and for linking to it from the
wiki.  Maybe this will encourage others to contribute as well.

On Fri, Mar 27, 2009 at 12:52:16PM -0500, Minga Minga wrote:
> I'm sure there are already john.conf rules that tackle some of these - but
> having specific rules really helped me to crack as many passwords as
> possible. Im also "new" at writing john.conf - so Im sure some of them
> aren't done the "best' way and could be minimized. But I like having them in
> a readable and easier to understand format.

Understood, yet I'll point out how some of these can be written in what
I think is a more readable and easier to understand way.

> Ill try to post more and more rules each week.

Well, it's been three weeks already... ;-)

> # KoreLogic - prepends 2008 (and variations) to the beginning of each word.
> # This cracks passwords such as 2008Sep! 2008Sep$ 2008Sep* 2008Sep. 2008Sept
> i[0][2]i[1][0]i[2][0]i[3][0123456789]

This can be written as:

i02i10i20i3[0123456789]

I don't see how the extra square brackets make it more readable.

It can also be changed to:

^[0123456789]^0^0^2

This will produce the same set of candidate passwords, but their order
will be different (not necessarily better or worse - just different).

> # KoreLogic - Capitalize pure alphabetic words and PREPENDS 2000,2001 up to
> 2009
> # This is ONLY really useful if your dictionary is all lower case - and you
> KNOW your users
> # capitalize the first character of their passwords (That part stolen from
> other lines in john.conf)

Somehow when you post to this list, you first write lengthy lines -
wrapped at around 100 chars - but then they get wrapped for a second
time at under 80 chars.  You could want to fix this on your end -
I suggest that you wrap them just once, at around 72 chars (good for
quoting and display on 80 character wide terminals).

> -c <*>2!?Aci[0][2]i[1][0]i[2][0]i[3][0123456789]

Similarly to the above, this can be simplified to:

-c <*>2!?Ac^[0123456789]^0^0^2

> # Many people prepend passwords with ABC, abc, abcd, etc. This prepends
> those strings to your dictionary
> # Good for  Abc123$$ Abc12309 abc12333 aBCd12345
> i[0][aA]i[1][bB]i[2][cC]
> i[0][aA]i[1][bB]i[2][cC]i[3][dD]

This can be simplified to:

i0[aA]i1[bB]i2[cC]
i0[aA]i1[bB]i2[cC]i3[dD]

or even to:

^[cC]^[bB]^[aA]
^[dD]^[cC]^[bB]^[aA]

Which of these are more readable is debatable.

Thanks again,

Alexander

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.