Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 25 Apr 2013 22:04:23 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Charset filters and options

On Thu, Apr 25, 2013 at 9:37 PM, Rich Rumble <richrumble@...il.com> wrote:

> On Thu, Dec 20, 2012 at 1:43 PM, Stephen John Smoogen <smooge@...il.com>wrote:
>
>> On 20 December 2012 09:03, Rich Rumble <richrumble@...il.com> wrote:
>> > I've searched all over, but can't exactly find the answer. If I want
>> > to make rockyou.txt into my own chr file (I'm increasing from 8 to 12
>> > length), and I use
>> > --external=filter_alnum, it yields the following:
>> >
>> > Successfully written charset file: alnum_12.chr (36 characters)
>> >
>> > Should I modify the external filter to also include Uppercase letters?
>> > It seems on the surface that only lower will be tried since it's a-z
>> > 0-9 (36).
>> > I've made this modification but so far I can't tell (1hour) if it's
>> > had an effect...
>> > if ((c < 'a' || c > 'z') && (c < '0' || c > '9') && (c < 'A' || c >
>> 'Z')) {
>> > Naturally I've increased the CharCount to 62 after creating the chr
>> file.
>> > I assume incremental mode takes CASE into account, all.chr seems to
>> > use uppercase characters, but the modified (the line above) doesn't
>> > seem to even though the charcount went from 36 to 62 after recreating.
>>
>> It will only affect things to the probability that A-Z were used in
>> the rockyou which isn't a lot.. so you are going to have wait until
>> the first 35 characters are run or so before you start seeing a lot of
>> caps being checked . I have tried the following to various effects:
>>
>> 1) Build a filter and run rockyou.txt through it and then grep for
>> output which matches what I want. [EG if every password starts with a
>> capital.. grep '^[A-Z].*$' and then use that output to create a
>> trained file. This increases the chance of caps showing up in the
>> first letter before others.. but it is not going to stop showing up
>> test candidates like abcdefdg.
>>
>> 2) Run a long filter chain.. john --session=A --stdout --inc:alnum |
>> python filter.py | john --session=B --stdin --format=blah pwd.foo
>>
>> > It's been discussed previously, but would it be possible to
>> > "artifically" pad the pot file with at least one uppercase character
>> > in each line so that incremental would be more likely to include an
>> > uppercase in each try? Or should I use my all lower alpha_num to
>> > stdout and use a mangling rule (NT) to make that happen. I'm sure I
>> > could use all.chr and specify the external filter, but that seems like
>> > it'd be slower than incremental "trained" to use at least 1 upper and
>> > 1 special or what have you.
>> > -rich
>>
> Sorry to dredge this one back up, but the more recent thread about the new
> charset lengths (super excited about that), and I think it applies to this
> previous thread more than the new one. All.chr is 96 characters, but alnum
> is 36, as far as i can tell it never tries any capitals at all:
> c:\JohnTheRipper\run>john-any.exe -i=alnum c:\temp\alnum-test.txt
> Loaded 3 password hashes with no different salts (NT MD4 [32/32])
> guesses: 0  time: 0:00:00:08 DONE (Thu Apr 25 21:25:48 2013)  c/s: 21453K
> trying: x9wql - x9wvx
> (maxlen=5, charcount=36)
> ---
> c:\cygwin\JohnTheRipper\run>john-any.exe -i=all5 C:\temp\alnum-test.txt
> Loaded 3 password hashes with no different salts (NT MD4 [32/32])
> BbB              (bbb)
> AaA              (aaa)
> aaB              (aab)
> guesses: 3  time: 0:00:00:05 DONE (Thu Apr 25 21:29:49 2013)  c/s: 5426K
> trying: asM - jfM
>
> I find alnum.chr a very useful character set even if it's all lower, but I
> might find it more useful if it were 62 characters. While RockYou is an
> outstanding file to train the charset's on, I am often re-training mine of
> the passwords I'm finding, and more an more they are containing Alpha with
> CaMElcAse. I have been able to compensate using stdout/pipe+nt, the changes
> I made to the filter was correct, I'm going to try to test that again now.
> -rich
>
Also shouldn't Alpha be 27 and Alnum 37 for 0x32? I see the filters don't
have space in them, so i understand why they aren't, never noticed before...
-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.