Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 13 Jan 2014 14:20:52 -0700
From: Jack Wilborn <>
Subject: Re: Rules-101 (was: How to use Wordlists with John The Ripper)

Rich...  Thanks that makes it much more simple to learn how the rules
work.  I've written docs for certain software packages that I've written
and it seems that I always left out some fundamental operations.  I
appreciate your time and I will make a test file and whatever to test this
epiphany (so to speak).

I hope you find time to follow through and modify the Wiki page(s) as this
was very helpful and will stimulate me to continue on with JtR and try some
more ideas.

Thanks again...,


On Mon, Jan 13, 2014 at 6:34 AM, Rich Rumble <> wrote:

> On Sun, Jan 12, 2014 at 9:09 PM, Jack Wilborn <> wrote:
> > Reading these questions and using JtR on my Linux box, I've had some
> > trouble understanding the 'rules'.  I think it would help a lot to
> simplfy
> > the initial intro text on making rules.  I'm a retired programmer, so I
> > have some knowledge, but it's actual syntax and use is still evading me.
> The Rules inside the john.conf are mostly commented on what they do
> and even some examples given too:
> # johnsmith -> JohnSmith, johnSmith
> -p-c (?a 2 (?a c 1 [cl]
> # JohnSmith -> john smith, john_smith, john-smith
> -p 1 <- $[ _\-] + l
> # JohnSmith -> John smith, John_smith, John-smith
> -p-c 1 <- (?a c $[ _\-] 2 l
> I know how to write some basic rules, but folks on here know how to
> write much better ones, and I've asked for some pretty complex stuff
> in the past. I understand the RULES file pretty well up to the point
> of memorizing words (M,Q and X). But you can certainly "reverse" the
> rules in John.conf already pretty simply by using the RULES file. We
> should have some kind of primer on the Wiki
> I may try to add what little I know soon.
> > My suggestion would be to take a simple password, that is know the 'jack'
> > is the start of it, but it can be any of 10,000
> >  iteration such as 'john0000' to 'john9999' and show how the 'rule' is
> for
> > that specific example.
> From RULES
> AN"STR"    insert string STR into the word at position N
> To append a string, specify "z" for the position.  To prefix the word
> with a string, specify "0" for the position.
> Az[0-9][0-9][0-9][0-9]
> A0[0-9][0-9][0-9][0-9]
> or
> $X    append character X to the word
> ^X    prefix the word with character X
> $[0-9] $[0-9] $[0-9] $[0-9]
> ^[0-9] ^[0-9] ^[0-9] ^[0-9]
> And have a wordlist that had "jack" as the only entry (or many more words)
> I'm sure I'll be corrected in a few, and that there are even more ways
> to write that rule, perhaps more efficient ways, I believe the "AN"
> rules are more ?efficient?
> You can also run incremental and external together!!
> > Of course when you mix alpha numerics such as
> > 'john0000' through 'johnFFFF' (hex range and not the complete alpha
> group.
> > Show that and you could see what's up with the rules.  Then the other
> would
> > be the flip of it, like '0000john' to '9999john' and you may not need the
> > hex range, but it's inclusion would help show the patter of what's
> > happening.  The rules would have no more than what's necessary for the
> > example.  I believe that I would have a much faster learning rate with
> > simple starting examples.
> You can use external modes too, JtR has a few, knownforce springs to
> mind where you know "jack" is part of the pass, and you can increment
> through the rest. I believe the incremental+external example I linked
> above is more effecient.
> There are many questions that have been asked before, a targeted
> google search typically helps.
> There is also the wiki:
> We always need more folks actively participating on the wiki.
> -rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.