[john-users] making wordlist rules

Discussion:

jeff

2018-01-30 00:50:10 UTC

I want to make a rule to prepend and append punctuation and symbols to
words from a wordlist.
My passwords are limited to 8 characters, so I am also truncating the
words to 7 characters.
I tried:

[List.Rules:pre_post_1]
# truncate to 7, then prefix or append with punct or special
'7^?p
'7^?s
'7$?p
'7$?s

That didn't work, as the ?p and ?s didn't seem to be interpreted.

So I tried:

[List.Rules:pre_post_1]
# truncate to 7, then prefix or append with punct or special
'7^$
'7$$
'7^[%^&*()-_+=|\<>{}#@/~]
'7$[%^&*()-_+=|\<>{}#@/~]

This half worked. It seems I could not put in [ or ].
Also some characters in the dictionary get uppercased and 0-9 seems to
be substituted in.
Clearly some characters need to be escaped in order to work properly,
but I didn't see rules
for escaping or quoting characters at
http://www.openwall.com/john/doc/RULES.shtml
I would like to get all the punctuation and symbols prepended or
appended to my dictionary
rules. I would appreciate the correct way to escape the needed characters.

thanks in advance

Solar Designer

2018-02-02 20:12:40 UTC

Permalink

Post by jeff
I want to make a rule to prepend and append punctuation and symbols to
words from a wordlist.
My passwords are limited to 8 characters, so I am also truncating the
words to 7 characters.
[List.Rules:pre_post_1]
# truncate to 7, then prefix or append with punct or special
'7^?p
'7^?s
'7$?p
'7$?s
That didn't work, as the ?p and ?s didn't seem to be interpreted.

The "character classes" are only for matching of characters (in other
words, "any of these"), not for generating them (as in "all of these").

Post by jeff
[List.Rules:pre_post_1]
# truncate to 7, then prefix or append with punct or special
'7^$
'7$$
This half worked. It seems I could not put in [ or ].

Yes, this is better, but you didn't need to special-case the
prefixing/suffixing with '$' yet you needed to escape the characters
that are special to the preprocessor - in your case, that's '-', which
signifies a range. Thus, something like this:

[List.Rules:pre_post_1]
'7[^$]["-/:-@\[-`{-~]

Here we make even greater use of the preprocessor to also compact the
two commands (prepend and append) onto one line, and we use the ranges
(assuming ASCII). Note that the opening square bracket (which we use as
start of a range) is escaped with a backslash.

Alternatively, you may want to skip longer input words instead of
truncating them. You do this with:

[List.Rules:pre_post_1]
<8[^$]["-/:-@\[-`{-~]

I based these on the following examples found in the default john.conf:

# Now to the suffix stuff...
<* l $[1-9!0a-rt-z"-/:-@\[-`{-~]
-c <* (?a c $[1-9!0a-rt-z"-/:-@\[-`{-~]

# Now to the prefix stuff...
l ^[1a-z2-90]
-c l Q ^[A-Z]
^[A-Z]
l ^["-/:-@\[-`{-~]

So this is where you could have found this somewhat compact encoding of
the special characters into the preprocessor, too.

Post by jeff
Also some characters in the dictionary get uppercased and 0-9 seems to
be substituted in.

That's puzzling. Maybe it's specific to your hash type? What is it?

Post by jeff
Clearly some characters need to be escaped in order to work properly,
but I didn't see rules
for escaping or quoting characters at
http://www.openwall.com/john/doc/RULES.shtml

In doc/RULES:

There are some special characters in rules ("[" starts a preprocessor
character list, "-" marks a range inside the list, etc.) You should
prefix them with a backslash ("\") if you want to put them inside a rule
without using their special meaning. Of course, the same applies to "\"
itself.

I admit this doesn't specifically talk about escaping inside a
preprocessor character list, though.

Alexander

jeff

2018-02-03 03:21:38 UTC

Permalink

I got my append and prepend special character rule working.
I am now having trouble prepending and append 2 numbers.
My max password length is 8, because I am using des.

I have tried:
[List.Rules:a2n]
# add numbers to the front and end of a password
'6[^$]"[0-9][0-9]"

That produced:
Invalid rule in JohnTheRipper-bleeding-jumbo/run/john.conf at line 712:
Unknown command
(where line 712 is '6[^$]"[0-9][0-9]"
I tried
6"[^$][0-9][0-9]"

but that didn't work either.

How can I prepend and append 2 digits to my dictionary words?

Solar Designer

2018-02-03 12:58:28 UTC

Permalink

Post by jeff
I got my append and prepend special character rule working.
I am now having trouble prepending and append 2 numbers.
My max password length is 8, because I am using des.
[List.Rules:a2n]
# add numbers to the front and end of a password
'6[^$]"[0-9][0-9]"

This won't work because the ^ and $ commands only expect one character.
For multi-character strings, the command is A:

'6 A[0z]"[0-9][0-9]"

where its first parameter 0 means prepend and z means append (and other
characters would mean insert).

If you insist on using the ^ and $ commands, you may use e.g.:

'6 ^[0-9] ^[0-9]
'6 $[0-9] $[0-9]

or combining them onto one line with some preprocessor magic:

'6 [^$][0-9] \1[0-9]

where \1 means "same as the first preprocessor expansion" - in this
case, repeating the same command, ^ or $.

Post by jeff
How can I prepend and append 2 digits to my dictionary words?

Please see above, and please also see the many examples in the default
john.conf, which includes such rules:

# More suffix stuff...
<- l Az"[190][0-9]"
-c <- (?a c Az"[190][0-9]"
<- l Az"[782][0-9]"
-c <- (?a c Az"[782][0-9]"

# The rest of two-digit suffix stuff, less common numbers...
<- l Az"[63-5][0-9]"
-c <- (?a c Az"[63-5][0-9]"

In fact, if you're cracking descrypt hashes, the speed is probably high
enough that you can simply run --rules=jumbo as-is.

Alexander