Date: Wed, 9 Mar 2016 16:32:56 +0100 From: Marek Wrzosek <marek.wrzosek@...il.com> To: john-users@...ts.openwall.com Subject: Re: Johnny's "Guess password" button W dniu 09.03.2016 o 14:44, Shinnok pisze: > Hi Marek, > > >> On Mar 4, 2016, at 6:57 PM, Marek Wrzosek <marek.wrzosek@...il.com> wrote: >> >> Hi list >> >> How does "Guess password" work? Does it use john at all? There is no >> sign of it in the console log. Were there any plans of adding similar >> function to john? I mean e.g.: >> $./john --guess=foo ... >> >> instead of something like this: >> >> $ echo foo|./john --stdin ... >> > > Indeed Johnny is using --stdin for Guess. > >> or: >> >> $ echo foo > single_word >> $ ./john --wordlist=single_word ... >> >> It would be easier to use rexgen with alphabet like this: >> >> $ ./john --guess=624686 --regex=alpha:T9='\0' --stdout > > There is no option --guess to john. I'm not sure how useful this could be in the main tool. > >> >> instead of: >> >> $ echo 624686 | ./john --stdin --regex=alpha:T9='\0' --stdout >> >> or even; >> >> $ ./john --regex='[mno6][abc2][ghi4][mno6][tuv8][mno6]' --stdout >> >> Instead of applying regex mode, it could be hybrid mask or word mangling >> rules (just like for wordlist mode). > > The rexgen approach is indeed interesting, though it would be a jumbo specific implementation. I don't remember it being proposed when Guess was being discussed, do you see any specific benefits for considering this with a jumbo detection? (we already have some jumbo specific functionality in Johnny) > > Shinnok > Hi Shinnok If Johnny is using --stdin for "Guess password" function, then where is it in a "Console log"? ;-) I assume, that --stdin option was created for more complex command in mind, than "echo foo". In fact, it is for commands, that would generate way too long wordlists, that are practical to store uncompressed, because using wordlist mode is more practical. "Guess password" in Johnny is very poor comparing to using "echo foo|./john --stdin ...", because in john, user could do everything with that single word. In Johnny only this one word will be checked, it's closer to "./john --mask=foo ...". The downside of using mask mode is that mask mode is last in a chain, so you can't apply rules or anything else. Using "guess mode", which would be simply nameless wordlist with only one word, would require less typing. That's all. Maybe would be wise to add the "Advanced options" button to the "Password Guessing" window, that would allow user to apply rules, mask, external filters, etc. Best Regards, Marek -- Marek Wrzosek marek.wrzosek@...il.com
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.