Date: Tue, 2 Mar 2021 16:20:56 +0100 From: Marek Wrzosek <marek.wrzosek@...il.com> To: john-users@...ts.openwall.com Subject: Re: Implementing mixed mask attack There is more than one way to skin a cat in JtR. I don't know, if policies are better or not in your case. I thought it would be easier with regex mode to define just one regular expression, that will generate all passwords the 16 masks would, but I've found out it's harder to build rexgen these days, that it was before. I don't think the current rexgen will work with JtR now, you would need the correct version of rexgen and its requirements. I wouldn't say it is a dependency hell, but more like a dependency purgatory. So, never mind. According to: https://www.openwall.com/john/doc/EXTERNAL.shtml "To define an external cracking mode you need to create a configuration file section called [List.External:MODE], where MODE is any name that you assign to the mode. The section should contain some functions programmed in a C-like language. John will compile and use the functions if you enable this cracking mode via the command line." If I were you, I would copy the [List.External:Policy] section with modified name (e.g. [List.External:MyPolicy]) to your john-local.conf (or john.local.conf) because otherwise you won't be able to pull a newer version from git. Modify the required functions and run john with option --external=MyPolicy (I don't know if the name of external mode is case sensitive). But I haven't done anything like this, yet. W dniu 02.03.2021 o 13:45, Michał Majchrowicz pisze: > If policies are not for that than what do you use them for ? I have > seen some "C-like" code in john.conf for filtering but couldn't find > an info on how it is used. Do you implement is as part of your own > tool? As part of john? Is it automagically compiled at runtime ? :D > Regards. > > On Tue, Mar 2, 2021 at 12:06 PM Marek Wrzosek <marek.wrzosek@...il.com> wrote: >> Hi, >> >> I think that regex mode would be more appropiate for this job. I don't know if this mode is still in JtR, it required some additional library and wasn't enabled by default. Also, there were some issues with session restoring, when it was in use. >> >> Best regards, >> Marek >> >> Dnia 2 marca 2021 11:28:16 CET, "Michał Majchrowicz" <sectroyer@...il.com> napisał(a): >>> Hello. >>> I would like to ask about a possibility of making a attack with mask >>> based on some password patterns. I have described the idea here: >>> https://github.com/openwall/john/issues/4576#issuecomment-788100874 >>> solardiz for such approach Policy might be useful. So i would like to >>> repeat my question on how can this be utilised? Can create my own >>> policy to filter only "good" pw candidates in mask mode? >>> Regards. >> -- >> Marek Wrzosek >> marek.wrzosek@...il.com >> >> -- Wysłane za pomocą K-9 Mail.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.