headers
Solar Designer | 1 Apr 2010 23:20
Favicon

Re: rule and encoding wordlist

On Wed, Mar 31, 2010 at 09:23:47PM +0200, websiteaccess@... wrote:
> I use JTR 1.7.5 with latest patches, os X, terminal is UTF-8.
> 
>  With following rule (below) and a wordlist (1 word "tro") encoded 
> Western (Windows Latin 1) , end of line Windows (CRLF)
> 
>  >\r[00-9A-C] A\p0[0-9A-D],him, $1
> 
>  I get 
> 
> iMac-de-xxx-xx:run xxxxx$ ./john -w:testmot.txt -rules -stdout
> himtro1
> thimro1
> trhimo1
> trohim1
> words: 4  time: 0:00:00:00 100.00% (ETA: Wed Mar 31 21:10:40

Looks good.  However, if you actually have any 8-bit character of the
iso-8859-1 encoding in a wordlist entry, then it may/will be displayed
improperly on your UTF-8 terminal, and indeed it will be tested in the
iso-8859-1 encoding against your hashes (which may or may not be what
you want).

> With the same rule but this time my wordlist is unicode UTF-8 , end of 
> line Windows (CRLF) or Unix (LF)
> 
>  I get :
> 
> john -w:testmot.txt -rules -stdout
> himtro1
(Continue reading)

Permalink | Reply | 0 comments |
headers
websiteaccess-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org | 3 Apr 2010 10:54
Picon

JTR rule - insert digits/chars from start to end

Hi

 I would like change vowels by others vowels, the insert digits/chars 
from start to end.

 example with "john":

 jyhn 
 juhn
 jehn
 jahn
 jihn 

0jyhn -> j0yhn -> jy0hn -> jyh0n -> jyhn0

etccccc

I try 

 /a sa[eiouy] :[:c] >\r[00-9A-C] A\p0[0-9A-D],[ 
0-9?&%^*)(_=><:#- <at> /~.!:],
 /e se[aiouy] :[:c] >\r[00-9A-C] A\p0[0-9A-D],[ 
0-9?&%^*)(_=><:#- <at> /~.!:],
 /i si[aeouy] :[:c] >\r[00-9A-C] A\p0[0-9A-D],[ 
0-9?&%^*)(_=><:#- <at> /~.!:],
 /o so[aieuy] :[:c] >\r[00-9A-C] A\p0[0-9A-D],[ 
0-9?&%^*)(_=><:#- <at> /~.!:],
 /u su[aeioy] :[:c] >\r[00-9A-C] A\p0[0-9A-D],[ 
0-9?&%^*)(_=><:#- <at> /~.!:],
 /y sy[aeiou] :[:c] >\r[00-9A-C] A\p0[0-9A-D],[
(Continue reading)

Permalink | Reply | 1 comment |
headers
websiteaccess-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org | 3 Apr 2010 17:43
Picon

remplace all vowels in a word

Hi

 I want to change all vowels in a word by all others vowels. my 
wordlist is 1 word "bardine"

 I try /?v s?v[aeiouy]

 the result is

bardana
berdene
birdini
bordono
burdunu
byrdyny

 lot of variation are missing  :(

 some help please,

 Thanks,

 W.A.
Permalink | Reply | 1 comment |
headers
Solar Designer | 3 Apr 2010 18:10
Favicon

Re: remplace all vowels in a word

On Sat, Apr 03, 2010 at 05:43:21PM +0200, websiteaccess@... wrote:
>  I want to change all vowels in a word by all others vowels. my 
> wordlist is 1 word "bardine"
> 
>  I try /?v s?v[aeiouy]
> 
>  the result is
> 
> bardana
> berdene
> birdini
> bordono
> burdunu
> byrdyny
> 
> 
>  lot of variation are missing  :(

Indeed.  Your ruleset line expands to 6 rules after preprocessing, and
each rule can output at most 1 candidate password for 1 wordlist line.

>  some help please,

With 1.7.5-jumbo-2 (and newer, when available) you can do something like:

/?v op[aeiou] Q
%2?v op[aeiou] Q /?v op[aeiou]
%3?v op[aeiou] Q %2?v op[aeiou] /?v op[aeiou]
%4?v op[aeiou] Q %3?v op[aeiou] %2?v op[aeiou] /?v op[aeiou]
(Continue reading)

Permalink | Reply | 0 comments |
headers
Solar Designer | 3 Apr 2010 18:36
Favicon

Re: JTR rule - insert digits/chars from start to end

On Sat, Apr 03, 2010 at 10:54:08AM +0200, websiteaccess@... wrote:
>  /a sa[eiouy] :[:c] >\r[00-9A-C] A\p0[0-9A-D],[ 
> 0-9?&%^*)(_=><:#- <at> /~.!:],

Assuming that the line was indeed not wrapped in your config file
(unlike it is in your message), your problem was that you did not escape
the second "-" character in your set of punctuation characters, so it
was interpreted as indicating a range of characters (all ASCII codes
from that of "#" through " <at> ").  This range includes "," - your quoting
character - so you get incorrect syntax in one of the rules.

Prefixing that "-" character with a backslash solves the problem:

/a sa[eiouy] :[:c] >\r[00-9A-C] A\p0[0-9A-D],[0-9?&%^*)(_=><:#\- <at> /~.!:],

However, this can be optimized to:

/a sa[eiouy] [:c] >\r[00-9A-C] i\p0[0-9A-D][0-9?&%^*)(_=><:#\- <at> /~.!:]

BTW, changing from the "A" (insert string) to the "i" (insert character)
command also eliminates the potential issue with you inadvertently
"hitting" the quoting character again (the "i" command does not use a
quoting character).  You can further clean things up by encoding all
punctuation characters in a compact form:

/a sa[eiouy] [:c] >\r[00-9A-C] i\p0[0-9A-D][0-9!-/:- <at> [-`{-~]

If you did this with the "A" command, you'd need to use another quoting
character (not a comma).  I recommend that you use "q" for the quoting
character in such cases, e.g.:
(Continue reading)

Permalink | Reply | 0 comments |
headers
Hank Leininger | 5 Apr 2010 16:52
Favicon

RC2 hash type

Has anyone got a good source of documentation (or better a john patch ;)
for the {RC2} hash type?

I see it in certain flavors of LDAP server, such as iPlanet, and/or
SiteMinder LDAP backends--most user accounts will be {SHA} or {SSHA}
(salted SHA), both of which John can crack, but some interesting
accounts will be {RC2} and they remain opaque to me.  Every once in a
while, the only hashes I can recover from an LDAP server are {RC2} type,
so I'm stuck.  Of course "RC2 the cipher" is easy enough, but how is
that stirred into {RC2} password hashes?

Googling results in an endless stream of "release candidate 2"-related
false positives, so I always eventually give up.  Has anybody ever been
curious about this long enough to reverse-engineer the way these {RC2}
password hashes are generated?

Thanks,

--

-- 

Hank Leininger <hlein@...>
BE5D FCCA 673B D18B 98A9  3175 896E 3D4A 1B4D C5AC
Permalink | Reply | 1 comment |
headers
ddd | 5 Apr 2010 18:39

GECOS-based single-mode (or possibly wordlist) rule help needed

What is the syntax for a rule that would extract a user's initials from their GECOS field and append a string
to it?

e.g. John Smith -> jsfoo
Permalink | Reply | 1 comment |
headers
bartavelle | 5 Apr 2010 19:54

Re: RC2 hash type

Hank Leininger a écrit :
> Has anyone got a good source of documentation (or better a john patch ;)
> for the {RC2} hash type?

Lotus passwords are hashed that way. IIRC the init table is not standard 
while the algorithm is.

http://en.wikipedia.org/wiki/RC2
Permalink | Reply | 0 comments |
headers
Solar Designer | 6 Apr 2010 01:16
Favicon

Re: GECOS-based single-mode (or possibly wordlist) rule help needed

On Mon, Apr 05, 2010 at 12:39:56PM -0400, ddd@... wrote:
> What is the syntax for a rule that would extract a user's initials from their GECOS field and append a string
to it?

The rules don't "extract" anything from anywhere other than the input
"word" (or in some rare cases two input "words") that they're invoked
to operate on.

When running in "single crack" mode, JtR itself takes the login name,
the home directory name, extracts "words" from the GECOS field, and it
uses all of these as input to "single crack" mode rules.  It also tests
any two of these "words" concatenated (in either order), as well as
picking the first character (possibly an initial) of one word and
appending the other word to that (also in either order).  This logic is
hard-coded in single.c.

For example, with this being the only password file line:

john:rEK1ecacw.7.c:0:0:John Smith:/home/john:/bin/sh

and this being the only rule (a no-op):

[List.Rules:Single]
:

JtR will test the following candidate passwords in "single crack" mode:

john
johnJohn
jJohn
(Continue reading)

Permalink | Reply | 0 comments |
headers
Yuri Tavares dos Santos Eastwood | 13 Apr 2010 07:51
Picon
Favicon

About JtR Domain Cached Hashes Cracking System [1.7.5 + jumbo patch revision 1 build for Win32 (1.8 MB) by Erik Winkler]


Hello,
I just wanted to know which charset does JtR uses to crack those hashes.Does it use special characters aswell?
Thanks in advance, 		 	   		  
_________________________________________________________________
Hotmail: Free, trusted and rich email service.
https://signup.live.com/signup.aspx?id=60969
Permalink | Reply | 2 comments |

Gmane