Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 1 Jan 2010 14:42:53 -0500
From: Charles Weir <cweir@...edu>
To: john-users@...ts.openwall.com
Subject: Re: Rule AN"STR"

Hey W.A.,
   I don't have an elegant solution, but I have a good idea what's
happening, and have a kludge. Referring to your original command:

:[lc] A[0-12],[ a-z!@€#$%^&*\-=_+.?|)(:'"],

The problem is the A[0-12]. The rule preprocessor essentially treats
this as A[0-1] + A[2], since the '-' only works with one character
values. So that's the problem you are having. Normally you could use
A-Z to specify the numbers 10-35, but playing around with it, when I
tried to use A[0-C], I received the error: "Invalid position code". I
tried to assign a numerical variable, using the vVNM command but still
received the same error when I ran the command using A[0-a].

On a side note, I realize that you were probably using your examples
to demonstrate the idea of what you were trying to do, vs your actual
output, but I have to admit that it caused me a bit of confusion. Aka,
your rule will never create the actual guess "evoluzio99ne". Just to
help anyone else reading this reply, here is a rule breakdown, (and
please note this only works for version 1.7.4 and not earlier versions
of JtR).

:  //No-op, necessary since we are starting the rule with a
pre-processor variable

[lc]  //preprocessor, to create two rules, first lowercase the guess,
and then create another guess capitalized, aka password, and Password

A[0-9],[ a-z!@€#$%^&*\-=_+.?|)(:'"],  //this whole command can be
broken down into several parts following the rule:

AN"STR"  //where:

A     //insert a string
[0-9]   //the range to insert the string, aka 0password, p0assword,
... , password0

"   // the delimitating character for the string, in the above example
a comma  ',' was used which is why we need the comma at the end of
the command.

[ a-z!@€#$%^&*\-=_+.?|)(:'"]  //the string to insert. In this case we
are using a preprocessor command to insert the individual characters
into the string. Unlike in the examples you gave, this will not insert
any numbers into the string, just lowercase letters and special
characters. If you wanted to only insert 1 digit you could use [0-9]
instead.

Wrapping it all up, it will create the guesses 'apassword',
'paassword', 'pasasword' ... 'aPassword', 'Paassword', 'Pasasword' ...

Ok, so here is the kludge. There's almost certainly a more elegant way
to do this.

:[lc] A[0-9A-C],[ a-z!@€#$%^&*\-=_+.?|)(:'"],

Using this, the rule-preprocessor was able to sort it out and insert
everything between 0-12, with the [0-9] handling the first 0-9 spots,
and the [A-C] handling the 10-12 positions.

I hope this helps, and once again, the above only works with John the
Ripper 1.7.4

Matt Weir
weir@...fsu.edu
http://reusablesec.blogspot.com

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.