Penetration Testing mailing list archives
Re: John the ripper rules!
From: Sherif El-Deeb <archeldeeb () gmail com>
Date: Wed, 3 Nov 2010 12:31:16 +0300
We did one C program that does all the appending using lots of nested "for" loops, we just had worries about resuming since this might take a while and interruptions are highly probable, added to the fact that we were challenged by "how to do it in john" :). creating a .chr file won't help since the letters are not repeated, only the "look" of the password. [Incremental Mode] ============== Incremental mode has the default limitation of "MaxLen=8" (CHARSET_LENGTH as defined in src/params.h at compile time) to enable cracking passwords that are more than 8 characters we have to modify params.h&&recompile john, but this initial limitation to 8 characters is very reasonably set because of the way "incremental" mode works, it would be impractical to crack passwords larger than 8 with this mode "take a look at john.conf, no Incremental mode has MaxLen greater than 8". Thank you so much for the time you spent writing the reply. Best regards, Sherif Eldeeb On Wed, Nov 3, 2010 at 12:02 PM, Anders Thulin <anders.thulin () sentor se> wrote:
On 2010-11-01 12:41, Sherif El-Deeb wrote:I went through john's documentation and realized there's support for what I want, I just want the "correct" way to do itDon't know about the log file problem -- but I don't think the best way of doing what you want to do is by using john rules. The rules are for relatively minor modifications to a long list of password. You use the rules to generate entirely new passwords, and on a scale that causes johns log files to overflow. That in itself should be an indication that you're not doing things the right way. I think that the correct way to do what you are after is to generate the passwords separately, and then feed the generated file as wordlist to john (or pipe them in directly, if you want to avoid large files) When I attack this kind of situation I create small C programs that read one password from stdin, and then outputs all variations to stdout. I would probably use: a) a program that reads a password from stdin, appends three digits and outputs the result to stdout b) a program that appends the three letters c) a program that appends the special characters Then "% echo 'ahm' | add999 | addAAA | add# > wordlist1", and feed that list to john as usual. You can also pipe it directly into john if you like, using --stdin instead of --wordlist=file. This avoids large passwords files. Then, I'd probably create versions that added four digits, characters and two special characters and combine these in all reasonable ways. And so on for longer combinations. I think there may be generating programs where you just feed a pattern to them, and they produce the full list -- I have no experience with those, though, so I don't have anything to recommend, but perhaps others can. If you have a few dozen passwords cracked already, you could also try creating a new character file (.chr) from those passwords, and let that drive an incremental crack attack, of course limiting passwords lengths to whatever seemed reasonable, adding something like this to the conf file: [Incremental:ahm] File = $JOHN/ahm.chr MinLen = 7 MaxLen = 10 (or 11 or 12 ...) CharCount = 95 (or whatever seems reasonable...) That avoids creating huge files, but is still easy to stop and restart. It is often useful to run multiple processes with different settings of MinLen and maxLen. -- Anders Thulin anders.thulin () sentor se 070-757 36 10 / Intl. +46 70 757 36 10
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- John the ripper rules! Sherif El-Deeb (Nov 01)
- Re: John the ripper rules! Anders Thulin (Nov 04)
- Re: John the ripper rules! Sherif El-Deeb (Nov 04)
- Re: John the ripper rules! Anders Thulin (Nov 04)