Hi :[lc] A[0-9],[ a-z! <at> €#$%^&*\-=_+.?|)(:'"], works fine, (insert a letters/digits/symbols between letters 0 to letters 9) but not :[lc] A[0-12],[ a-z! <at> €#$%^&*\-=_+.?|)(:'"], will generate (for example with words "evoluzione") 99evoluzione, e99voluzione, ev99oluzione (then stop) and not 99evoluzione ..... to evoluzio99ne, evoluzion99e, evoluzione99 How to do with words with more than 9 letters ? Help needed, Thanks, W.A.
Hey W.A., I don't have an elegant solution, but I have a good idea what's happening, and have a kludge. Referring to your original command: :[lc] A[0-12],[ a-z! <at> €#$%^&*\-=_+.?|)(:'"], The problem is the A[0-12]. The rule preprocessor essentially treats this as A[0-1] + A[2], since the '-' only works with one character values. So that's the problem you are having. Normally you could use A-Z to specify the numbers 10-35, but playing around with it, when I tried to use A[0-C], I received the error: "Invalid position code". I tried to assign a numerical variable, using the vVNM command but still received the same error when I ran the command using A[0-a]. On a side note, I realize that you were probably using your examples to demonstrate the idea of what you were trying to do, vs your actual output, but I have to admit that it caused me a bit of confusion. Aka, your rule will never create the actual guess "evoluzio99ne". Just to help anyone else reading this reply, here is a rule breakdown, (and please note this only works for version 1.7.4 and not earlier versions of JtR). : //No-op, necessary since we are starting the rule with a pre-processor variable [lc] //preprocessor, to create two rules, first lowercase the guess, and then create another guess capitalized, aka password, and Password A[0-9],[ a-z! <at> €#$%^&*\-=_+.?|)(:'"], //this whole command can be broken down into several parts following the rule:(Continue reading)
On Fri, Jan 01, 2010 at 02:42:53PM -0500, Charles Weir wrote: > :[lc] A[0-12],[ a-z! <at> ?#$%^&*\-=_+.?|)(:'"], > > The problem is the A[0-12]. The rule preprocessor essentially treats > this as A[0-1] + A[2], since the '-' only works with one character > values. So that's the problem you are having. Normally you could use > A-Z to specify the numbers 10-35, but playing around with it, when I > tried to use A[0-C], I received the error: "Invalid position code". That's because the preprocessor works with ASCII codes. It does not know anything about character position codes (and it is not specific to those). For a range specified as [0-C], it will generate many rules with characters with ASCII codes from that of '0' to that of 'C' in that character position. Some of those characters won't be valid position codes (and not what you want anyway), resulting in the error message. > I tried to assign a numerical variable, using the vVNM command but still > received the same error when I ran the command using A[0-a]. That's because the preprocessor is just that. It is invoked per config file line prior to any other parsing, and its output is a set of rules. The numeric variables, on the other hand, exist during actual processing of the rules with specific input words. The "v" command assigns value to such a numeric variable separately for each rule and for each input word. There's no way such a variable could affect the number of rules the preprocessor would generate for a given config file line. In fact, there's currently no way to have a non-constant number of rules, except that some rules could be rejected or effectively turned into no-ops (or worse - into duplicates - but you should avoid that when you can) under some conditions.(Continue reading)
Hi I try to append severals digits after a word test0000 test1111 test2222 test3333 etc... test9999 I try /a sa[eiouy]$[0123456789]$[0123456789]$[0123456789]$[0123456789] but this rule do test0000 -> test0001 -> test0002 ... test9999 It's not what I want. As you can see I change swap letters also in this rule. what is the right syntax ? I read the john'rules without success. thanks, W.A.(Continue reading)
On Sun, Jan 03, 2010 at 06:36:12PM +0100, websiteaccess@... wrote: > I try to append severals digits after a word > > test0000 > test1111 > test2222 > test3333 > etc... > test9999 > > I try > > /a sa[eiouy]$[0123456789]$[0123456789]$[0123456789]$[0123456789] > > but this rule do test0000 -> test0001 -> test0002 ... test9999 Not exactly: this line rejects words not containing an "a", so it outputs nothing for "test". It does generate candidate passwords like those you mentioned above for words containing the letter "a". > It's not what I want. > > As you can see I change swap letters also in this rule. > > what is the right syntax ? With 1.7.4+, you can use: /a sa[eiouy] Az"[0-9]\0\0\0"(Continue reading)
Regarding Matt's benchmark (of 1.7.3.4's rules engine vs. 1.7.4's), which revealed a bug in 1.7.4: On Sun, Dec 27, 2009 at 08:01:42PM -0500, Charles Weir wrote: > A copy of the config file can be obtained from the following link: > > http://sites.google.com/site/reusablesec/Home/john-the-ripper-files/john-the-ripper-sample-configs-1 > > For the input dictionary I used one of the lowercase English > dictionaries available on the openwall ftp site, (I think it was the > large one). The dictionary contained 444,678 words. /pub/wordlists/languages/English/4-extra/lower.gz contains 444,678 lines (a few of which are comments rather than words), so I think it was this one. The -extra wordlists don't encompass the smaller and higher quality ones, so they contain relatively obscure and questionable "words" only. It is not a good idea to use one of them on its own (other than after having run through one or more of the higher quality wordlists, such as those found under -large). I thought this was obvious from the naming ("extra" is just that), the comments in the files, and the actual content, but perhaps this needs to be documented explicitly. Anyhow, the -extra wordlist is OK for a test run when there's no goal to actually crack passwords. > Running JtR version 1.7.3.4 > Ryoki:run cweir$ ./john > -wordlist=../../../custom/dictionaries/english-lower -rules -stdout > /dev/null [...](Continue reading)
Matt, all - This is a late reply, yet I think it is currently relevant. We're speaking about Matt's tutorial at: http://sites.google.com/site/reusablesec/Home/john-the-ripper-files/tutorials which is linked from: http://openwall.info/wiki/john/tutorials On Fri, Nov 20, 2009 at 07:12:40PM -0500, Charles Weir wrote: > I just updated my copy of the installation guide for John the Ripper version > 1.7.3.4 on a Mac OSX Snow Leopard. The main imporvements are: > > 1) Added information on how to download a pre-built exectutable from the ftp > site, (I didn't even know there were pre-built exectutables before Solar let > me know) Thanks. I think that your FTP download instructions are overly complicated, though. I imagine that most Mac OS X users will access the FTP server with their web browser, not with a command-line FTP client. (The command-line works better when there's a more convenient and more powerful FTP client installed, such as lftp.) Although it is OK to explicitly login as "anonymous" as you wrote, it is also OK to login as "ftp" with any password, and the web browser (or lftp) would not even ask for a username/password. There's no "strict idle timeout" on the FTP server (there is a default timeout, which I would not call strict), and there's no "banning" (except that if you keep lots of sessions open at once, you'll hit the per-source-address limit). The "timeouts" and(Continue reading)
Is it possible to copy the /etc/passwd and /etc/shadow files from solaris, and save them as files in windows and run unshadow. Or does unshadow only work in unix/linux with root user? I've got the files but want to run john from windows, and I have saved the /etc/shadow as etcshadow and /etc/passwd as etcpasswd in windows but when supplying the command unshadow etcpasswd etcshadow > mypasswd I am informed fopen: etcshadow No such file or directory I suspect maybe unshadow does not work in windows but hopefully someone can provide a solution? _________________________________________________________________ Send us your Hotmail stories and be featured in our newsletter http://clk.atdmt.com/UKM/go/195013117/direct/01/
Paul, On Wed, Jan 13, 2010 at 12:24:37PM +0000, Paul Needham wrote: > Is it possible to copy the /etc/passwd and /etc/shadow files from solaris, and save them as files in windows and run unshadow. Yes, and that's why the unshadow program is available on Windows builds. > I've got the files but want to run john from windows, and I have saved the /etc/shadow as etcshadow and /etc/passwd as etcpasswd in windows but when supplying the command unshadow etcpasswd etcshadow > mypasswd I am informed > > fopen: etcshadow No such file or directory The approach you've described above and the specific command look fine to me. This should have worked. My guess is that you made a typo on the command line. Please try again. If you continue to run into this problem, please copy & paste an excerpt of your shell session into a followup posting to this mailing list. The excerpt should show the specific filenames you have (e.g., run "dir" in a "DOS window", or "ls -l" in bash if you have Cygwin installed), your "unshadow ..." command, and its exact output (please do use copy & paste, don't just re-type what you see into an e-mail message). I hope this helps. Alexander
Thanks for the reply Alexander - much appreciated. Could have been a simple typo, mindyou I did relocate the solaris files to a new directory so perhaps that affected it. Anyway, now I have a file that is in the following format: username: hash For the record, could I not have just pasted the username hash and created my own file, as the unshadow command only seems to have taken the username and hash and put it in the correct format? Regards, Paul > Date: Wed, 13 Jan 2010 16:42:44 +0300 > From: solar@... > To: john-users@... > Subject: Re: [john-users] UNSHADOW from Windows > > Paul, > > On Wed, Jan 13, 2010 at 12:24:37PM +0000, Paul Needham wrote: > > Is it possible to copy the /etc/passwd and /etc/shadow files from solaris, and save them as files in windows and run unshadow. > > Yes, and that's why the unshadow program is available on Windows builds.(Continue reading)
RSS Feed52 | |
|---|---|
72 | |
63 | |
146 | |
104 | |
138 | |
177 | |
78 | |
109 | |
168 | |
177 | |
175 | |
103 | |
150 | |
106 | |
87 | |
122 | |
90 | |
74 | |
47 | |
119 | |
186 | |
121 | |
56 | |
90 | |
53 | |
112 | |
129 | |
58 | |
50 | |
51 | |
53 | |
98 | |
94 | |
52 | |
47 | |
26 | |
39 | |
160 | |
99 | |
29 | |
70 | |
20 | |
38 | |
75 | |
52 | |
114 | |
49 | |
10 | |
14 | |
13 | |
43 | |
37 | |
19 | |
21 | |
54 | |
34 | |
36 | |
42 | |
46 | |
22 | |
37 | |
31 | |
51 | |
68 | |
10 | |
35 | |
10 | |
47 | |
10 | |
25 | |
19 | |
30 | |
39 | |
65 | |
38 | |
56 | |
47 | |
10 | |
55 | |
34 | |
40 | |
40 | |
82 | |
125 | |
148 | |
76 | |
80 | |
56 | |
52 | |
38 | |
41 | |
46 | |
42 | |
11 | |
47 | |
36 | |
2 | |
1 |
