Date: Wed, 4 Aug 2010 00:35:32 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: 1337 aka Leet Rules I'll quote a little bit more context this time: On Mon, Aug 02, 2010 at 09:52:04AM -0400, Rich Rumble wrote: > >> r3member, rem3mber, rememb3r, r3memb3r, r3m3mber, rem3mb3r, r3m3mb3r > > > > Here's how you can do it: > > > > /e op3 > > %2e op3 /e op[e3] > > %3e op3 %2e op[e3] /e op[e3] > > %4e op3 %3e op[e3] %2e op[e3] /e op[e3] > > Thanks! This cracked many of the passes I failed to in the last audit, > I created other rules that mirror this with o,i,a,s and g. > What is the best method to combine such rules, e.g. > %2e op3 /e op[e3] %2o op0 /o op[e0] > or is there a more efficient way to do this variation of leet replacement? Your suggested line is not very inefficient, but it does not "fully" do what you might have expected it to. To produce all combinations of "e" to "3" and "o" to "0" replacements in a word containing 2 instances of each of these characters, you can use: %2e vap0 %2o vbp0 /e vcp0 /o op[o0] oc[e3] ob[o0] oa[e3] For "goodbeef", it produces: goodbeef goodbe3f go0dbeef go0dbe3f goodb3ef goodb33f go0db3ef go0db33f g0odbeef g0odbe3f g00dbeef g00dbe3f g0odb3ef g0odb33f g00db3ef g00db33f words: 16 time: 0:00:00:00 100% w/s: 1600 current: g00db33f Notice that it includes the original word as well (obviously, that's one of the 16 combinations). To avoid that in the trivial way, add "Q" to the end of the line, but that's currently inefficient (one of the 16 rules generated by the preprocessor will be a reject-all rule then, which would cause JtR to freeze for a little while when it goes through the wordlist rejecting every word until it gets to the next rule). Also, this will reject all input words that don't contain at least two instances of each of the letters to replace. This may or may not be as desired (depends on what other rules you have). An alternative that does not require 2 instances of each letter may be: /e op[e3] /o op[o0] %2[eo] op\p /\r[eeo] op\p[e30] %2[eo] op\p /e op3 /o op0 %2e op3 %2o op0 /e op[e3] /o op[o0] For "goodbeef", it produces the same 16 candidate passwords as above, but it will also produce some for words with fewer letters to replace. It requires at least one "e" and at least one "o". To avoid producing an unmodified instance of the word, this may be further revised to: /[eo] op\p /e op3 /o op0 %2[eo] op\p /\r[eeo] op\p[e30] %2[eo] op\p /e op3 /o op0 %2e op3 %2o op0 /e op[e3] /o op[o0] (the first line was replaced with two different ones). For "goodbeef", it produces just 15 candidate passwords (no "goodbeef" itself). This gets tricky as you can see, and the choice depends on what other rules you have. > I'm sure my additional leet rules can be optimized as well? > .... > l/a/e/l/o/ssa4se3sl1so0ss5 > l/a/e/l/o/ssa4se3sl|so0ss5 > l/a/e/l/o/ssa@...sl1so0ss$ > l/a/e/l/o/ssa@...sl1so0ss5 The four lines above can be shortened to: l /a /e /l /o /s sa4 se3 sl[1|] so0 ss5 l /a /e /l /o /s sa@ se3 sl1 so0 ss[$5] This produces exactly the same candidate passwords as your lines did. Since you'll likely want to try more combinations (which was merely inconvenient for you to specify without making use of the preprocessor), you can use this single line instead: l /a /e /l /o /s sa[4@] se3 sl[1|] so0 ss[$5] > I personally think they should be in the default rules list, but I'm biased :p I think there should be multiple default rulesets, for use on different occasions. There may also be a top-level cracking mode that will list combinations of wordlists and rulesets to try (small wordlists with large rulesets and large wordlists with small rulesets), as well as other things. > Thanks again, I had a great time with this contest, let me know > if there are any additional stats you want from me, I only ended up using > 8 of my 14 available processors. Yeah, we lacked people who would figure out and implement patterns to test, so many CPUs remained idle. I don't think we need more stats from you, unless we're unable to answer a specific question we're asked without that. Thank you for your participation! Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.