Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 9 Nov 2016 09:09:19 -0600
From: jfoug <jfoug@...nwall.net>
To: john-users@...ts.openwall.com
Subject: Re: alter default rules or filter, best way to focus on
 proper candidates?

What you need to do is look in the "Character class and similar 
commands" section of ./doc/RULES file.  Specifically the 'reject the 
word ...." rules.

!X    reject the word if it contains character X
!?C    reject the word if it contains a character in class C
/X    reject the word unless it contains character X
/?C    reject the word unless it contains a character in class C
=NX    reject the word unless character in position N is equal to X
=N?C    reject the word unless character in position N is in class C
(X    reject the word unless its first character is X
(?C    reject the word unless its first character is in class C
)X    reject the word unless its last character is X
)?C    reject the word unless its last character is in class C
%NX    reject the word unless it contains at least N instances of X
%N?C    reject the word unless it contains at least N characters of class C
U       reject the word unless it is valid UTF-8 (use with -u rule reject)


So if you wanted to test every candidate that are lower case, then add 
this to your rule (put it as the VERY first thing in the rule)

!?L  rest_of_rule

If you want to exclude any with digits:

!?D  rest_of_rule

If you want words that END with a digit:
=m?d  rest_of_rule

If you want words that END with a digit:
=m?d  rest_of_rule

etc.   You can have more than one reject rule primitive added to a 
single rule.

NOTE, this may make things appear to slow down (in fast formats). This 
is because the rejections do not get counted in the crack stats in any 
way, but they take time. They do however take a whole lot less time than 
even fast formats, thus the wordlist+rules gets completed much faster 
than it would have without the reject, even though the ending speed 
appears to be slower.

Hope that helps some.  Jim.

On 11/9/2016 7:50 AM, p+password@...atpro.net wrote:
> Hello,
>
> I would like to use mangling rules with --wordlist or --loopback in a way they produce a reduced set of candidates, like "every candidates that are lowercase", "every candidates that have no digits", etc.
>
> What would be the best way to use (jumbo's) wordlist rules that come with John but without any of them that creates candidates featuring upper case characters (or lower case, or digits…). I guess I could use a john process to create candidates then filter out those that don't match my criteria, but on fast hash I'm not sure it's interesting.
> I'm currently trying to modify every single rule that can produce upper case characters, but it's a lost battle: so many different rules, so many possibilities, and in the end work has to be re-done when I want to get rid of candidates including digits or whatever other type of character.
>
> I've made a few test with/without --external :
>

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.