Date: Fri, 1 Jan 2010 14:42:53 -0500 From: Charles Weir <cweir@...edu> To: john-users@...ts.openwall.com Subject: Re: Rule AN"STR" Hey W.A., I don't have an elegant solution, but I have a good idea what's happening, and have a kludge. Referring to your original command: :[lc] A[0-12],[ a-z!@€#$%^&*\-=_+.?|)(:'"], The problem is the A[0-12]. The rule preprocessor essentially treats this as A[0-1] + A, since the '-' only works with one character values. So that's the problem you are having. Normally you could use A-Z to specify the numbers 10-35, but playing around with it, when I tried to use A[0-C], I received the error: "Invalid position code". I tried to assign a numerical variable, using the vVNM command but still received the same error when I ran the command using A[0-a]. On a side note, I realize that you were probably using your examples to demonstrate the idea of what you were trying to do, vs your actual output, but I have to admit that it caused me a bit of confusion. Aka, your rule will never create the actual guess "evoluzio99ne". Just to help anyone else reading this reply, here is a rule breakdown, (and please note this only works for version 1.7.4 and not earlier versions of JtR). : //No-op, necessary since we are starting the rule with a pre-processor variable [lc] //preprocessor, to create two rules, first lowercase the guess, and then create another guess capitalized, aka password, and Password A[0-9],[ a-z!@€#$%^&*\-=_+.?|)(:'"], //this whole command can be broken down into several parts following the rule: AN"STR" //where: A //insert a string [0-9] //the range to insert the string, aka 0password, p0assword, ... , password0 " // the delimitating character for the string, in the above example a comma ',' was used which is why we need the comma at the end of the command. [ a-z!@€#$%^&*\-=_+.?|)(:'"] //the string to insert. In this case we are using a preprocessor command to insert the individual characters into the string. Unlike in the examples you gave, this will not insert any numbers into the string, just lowercase letters and special characters. If you wanted to only insert 1 digit you could use [0-9] instead. Wrapping it all up, it will create the guesses 'apassword', 'paassword', 'pasasword' ... 'aPassword', 'Paassword', 'Pasasword' ... Ok, so here is the kludge. There's almost certainly a more elegant way to do this. :[lc] A[0-9A-C],[ a-z!@€#$%^&*\-=_+.?|)(:'"], Using this, the rule-preprocessor was able to sort it out and insert everything between 0-12, with the [0-9] handling the first 0-9 spots, and the [A-C] handling the 10-12 positions. I hope this helps, and once again, the above only works with John the Ripper 1.7.4 Matt Weir weir@...fsu.edu http://reusablesec.blogspot.com
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.