Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 22 Mar 2014 11:56:43 -0400
From:  <jfoug@....net>
To: john-users@...ts.openwall.com
Cc: magnum <john.magnum@...hmail.com>
Subject: Re: Question on Wordlist Combinatorials


---- magnum <john.magnum@...hmail.com> wrote: 
> On 2014-03-22 05:09, Nima Talebi wrote:
> > I'm wondering if there is an efficient way to achieve the following:
> >
> > Given the word "password123", I would like a single rule to produce:
> >   clip
> I think doing that with Jtr rules would be theoretically possible but 
> currently not feasible. Have a look at rexgen - this tool is fantastic, 
> especially if you're used to regular expressions:
> https://code.google.com/p/rexgen/

I pulled this lib, and with some blood/sweat, was able to build it.  Nice in concept, but yes magnum, it is woefully buggy.
 
> Here's an example (somewhat trimmed from the above):
> $ echo password | rexgen -f - '\0([123]|[oO]ne|[tT](wo|hree))'
> password1
> password2
> password3
> passwordOne
> passwordTwo
> passwordthree
> passwordThree
> 
> I'm not sure why my example did not produce "passwordone" nor 
> "passwordtwo" but my version is not updated in a while - might be a 

I see the same thing.  I just pulled the current source, and it still fails.  I also tried the original example, given by Nima, i,e, {1,{o,O}ne,ONE}{2,{T,t}wo,TWO}{3,{T,t}hree,THREE}, but changed to (1|[oO]no|ONE)(2|[tT]wo|TWO)(3|[tH]hree|THREE) an it also shows the same problem (only getting some of the dual characters:

$ rexgen -t '(1|[oO]no|ONE)(2|[tT]wo|TWO)(3|[tT]hree|THREE)'
123
12Three
12THREE
1Two3
1TwoThree
1TwoTHREE
1TWO3
1TWOThree
1TWOTHREE
Ono23
Ono2Three
Ono2THREE
OnoTwo3
OnoTwoThree
OnoTwoTHREE
OnoTWO3
OnoTWOThree
OnoTWOTHREE
ONE23
ONE2Three
ONE2THREE
ONETwo3
ONETwoThree
ONETwoTHREE
ONETWO3
ONETWOThree
ONETWOTHREE

NOTE, there should be 64 combinations (but all one, two and three are missing).  So in theory, would be a nice lib, IF it could be written to work properly.  I am sure it is simply in the bison/flex source that needs fixed.  I simply do not have time to look at that.

But I think adding this to a c project should not be hard.  The rexgen.c is a c program, using the C version of the API.  It is C++ 'ish', but things like iterators, new, etc are hidden behind C functions.  Getting this jammed into JtR should not be all that hard.  Getting it to be highly usable (used as some rule, tied in with other rules, and or where wordlist is the feeder source), is a harder thing, lol.  This summer, after I get settled into the new house, if this has not been implemented by some other dev, I might have a look at hooking this into JtR.  I agree with Magnum, this could add a heck of a good word building engine into JtR!

Jim.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.