Date: Mon, 1 Mar 2010 04:01:58 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Special character (like TAB) in rules On Fri, Feb 26, 2010 at 09:12:16AM +0100, Magnum, P.I. wrote: > Is there a way to specify specific non-printables in rules? Say I want > to prepend a TAB, or match a TAB and replace with a BEL, just as > examples. The documentation does not mention any way to do this. There's no JtR-specific way to do it. You may embed those characters in the config file literally if your text editor permits you to do so - e.g., in VIM to enter a TAB you simply press the Tab key, and to enter a BEL you may press Ctrl-V Ctrl-G. I understand that this is not pretty. Also, it won't work for CR, LF, and NUL, because they will affect the config file parsing (and more). > In external modes, I can use 0x09 of course. > > A generic way to specify *any* non-printable, like \x09 or something to > that effect, would be very usable. OK, I've added your request to my ever-growing to-do list. I think people might also find this useful to specify 8-bit and utf-8 characters when their native character set is different - e.g., I might have my terminal and keyboard layout configured for koi8-r, yet have some of the rules append iso-8859-1 characters. > I thought of placing this > functionality in the preprocessor but keep in mind you may want to use > it in a PP list (like [0-9\x09] for digits + TAB) too. That's precisely the reason to have it in the preprocessor and not somewhere else. > Or even a CR or LF for that matter. That's tricky. Perhaps the new escape sequence will allow you to specify those characters without affecting the config file parsing, but if you get a password cracked with one or both of those characters it will violate the john.pot file format. So a certain escaping mechanism would need to be introduced into the john.pot file format before it possibly becomes reasonable to include those control characters in candidate passwords. > I haven't looked into it yet, any comments off the top of your head? I doubt that you'd crack many passwords with non-printable characters. You could start by embedding the characters literally (as I explained above) and/or by adjusting the DumbForce external mode sample to include control characters and using that. Thanks, Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.