Re: John the ripper rules!

[Sherif El-Deeb <archeldeeb () gmail com>]

We did one C program that does all the appending using lots of nested
"for" loops, we just had worries about resuming since this might take
a while and interruptions are highly probable, added to the fact that
we were challenged by "how to do it in john" :).

creating a .chr file won't help since the letters are not repeated,
only the "look" of the password.

[Incremental Mode]
==============
Incremental mode has the default limitation of "MaxLen=8"
(CHARSET_LENGTH as defined in src/params.h at compile time) to enable
cracking passwords that are more than 8 characters we have to modify
params.h&&recompile john, but this initial limitation to 8 characters
is very reasonably set because of the way "incremental" mode works, it
would be impractical to crack passwords larger than 8 with this mode
"take a look at john.conf, no Incremental mode has MaxLen greater than
8".

Thank you so much for the time you spent writing the reply.

Best regards,
Sherif Eldeeb


On Wed, Nov 3, 2010 at 12:02 PM, Anders Thulin <anders.thulin () sentor se> wrote:
> On 2010-11-01 12:41, Sherif El-Deeb wrote:
>
> > I went through john's documentation and realized there's support for
> > what I want, I just want the "correct" way to do it
>
>  Don't know about the log file problem -- but I don't think the best
> way of doing what you want to do is by using john rules.
>
>  The rules are for relatively minor modifications to a long list of
> password. You use the rules to generate entirely new passwords, and
> on a scale that causes johns log files to overflow.  That in itself
> should be an indication that you're not doing things the right way.
>
>
>  I think that the correct way to do what you are after is to
> generate the passwords separately, and then feed the generated file as
> wordlist to john (or pipe them in directly, if you want to avoid large files)
>
>  When I attack this kind of situation  I create small C programs that
> read one password from stdin, and then outputs all variations to stdout.
> I would probably use:
>
>  a) a program that reads a password from stdin, appends three digits and outputs the result to stdout
>
>  b) a program that appends the three letters
>
>  c) a program that appends the special characters
>
> Then "% echo 'ahm' | add999 | addAAA | add# > wordlist1", and feed that list to john as usual.
> You can also pipe it directly into john if you like, using --stdin instead of --wordlist=file. This
> avoids large passwords files.
>
> Then, I'd probably create versions that added four digits, characters and two special characters
> and combine these in all reasonable ways.  And so on for longer combinations.
>
>  I think there may be generating programs where you just feed a pattern to them, and they
> produce the full list -- I have no experience with those, though, so I don't have anything
> to recommend, but perhaps others can.
>
>
>  If you have a few dozen passwords cracked already, you could also try creating
> a new character file (.chr) from those passwords, and let that drive an incremental crack
> attack, of course limiting passwords lengths to whatever seemed reasonable, adding something
> like this to the conf file:
>
> [Incremental:ahm]
> File = $JOHN/ahm.chr
> MinLen = 7
> MaxLen = 10 (or 11 or 12 ...)
> CharCount = 95 (or whatever seems reasonable...)
>
> That avoids creating huge files, but is still easy to stop and restart.
>
> It is often useful to run multiple processes with different settings of MinLen and maxLen.
>
>
>
> --
> Anders Thulin      anders.thulin () sentor se      070-757 36 10 / Intl. +46 70 757 36 10

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------