Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20180202201240.GA10244@openwall.com>
Date: Fri, 2 Feb 2018 21:12:40 +0100
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: making wordlist rules

On Mon, Jan 29, 2018 at 04:50:10PM -0800, jeff wrote:
> I want to make a rule to prepend and append punctuation and symbols to
> words from a wordlist.
> My passwords are limited to 8 characters, so I am also truncating the
> words to 7 characters.
> I tried:
> 
> 
> [List.Rules:pre_post_1]
> # truncate to 7, then prefix or append with punct or special
> '7^?p
> '7^?s
> '7$?p
> '7$?s
> 
> 
> That didn't work, as the ?p and ?s didn't seem to be interpreted.

The "character classes" are only for matching of characters (in other
words, "any of these"), not for generating them (as in "all of these").

> So I tried:
> 
> 
> [List.Rules:pre_post_1]
> # truncate to 7, then prefix or append with punct or special
> '7^$
> '7$$
> '7^[%^&*()-_+=|\<>{}#@/~]
> '7$[%^&*()-_+=|\<>{}#@/~]
> 
> 
> This half worked. It seems I could not put in [ or ].

Yes, this is better, but you didn't need to special-case the
prefixing/suffixing with '$' yet you needed to escape the characters
that are special to the preprocessor - in your case, that's '-', which
signifies a range.  Thus, something like this:

[List.Rules:pre_post_1]
'7[^$]["-/:-@\[-`{-~]

Here we make even greater use of the preprocessor to also compact the
two commands (prepend and append) onto one line, and we use the ranges
(assuming ASCII).  Note that the opening square bracket (which we use as
start of a range) is escaped with a backslash.

Alternatively, you may want to skip longer input words instead of
truncating them.  You do this with:

[List.Rules:pre_post_1]
<8[^$]["-/:-@\[-`{-~]

I based these on the following examples found in the default john.conf:

# Now to the suffix stuff...
<* l $[1-9!0a-rt-z"-/:-@\[-`{-~]
-c <* (?a c $[1-9!0a-rt-z"-/:-@\[-`{-~]

# Now to the prefix stuff...
l ^[1a-z2-90]
-c l Q ^[A-Z]
^[A-Z]
l ^["-/:-@\[-`{-~]

So this is where you could have found this somewhat compact encoding of
the special characters into the preprocessor, too.

> Also some characters in the dictionary get uppercased and 0-9 seems to
> be substituted in.

That's puzzling.  Maybe it's specific to your hash type?  What is it?

> Clearly some characters need to be escaped in order to work properly,
> but I didn't see rules
> for escaping or quoting characters at
> http://www.openwall.com/john/doc/RULES.shtml

In doc/RULES:

There are some special characters in rules ("[" starts a preprocessor
character list, "-" marks a range inside the list, etc.)  You should
prefix them with a backslash ("\") if you want to put them inside a rule
without using their special meaning.  Of course, the same applies to "\"
itself.

I admit this doesn't specifically talk about escaping inside a
preprocessor character list, though.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.