|
Message-ID: <20090326032139.GA5491@openwall.com> Date: Thu, 26 Mar 2009 06:21:39 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Adding Characters to the end of strings inside of DumbForce? On Wed, Mar 25, 2009 at 09:52:53AM -0500, Minga Minga wrote: > I am using a 'DumbForce' section of john.conf to brute force ALL possible 6 > character passwords, Why not just use an "incremental" mode such as? - [Incremental:All6] File = $JOHN/all.chr MinLen = 6 MaxLen = 6 CharCount = 95 That would be more efficient. > But I want to ADD the string '2008' to the end of each > password generated. > > (I want it to try aaaaaa2008 aaaaab2008 aaaaac2008 ... ... ..) > > Is there a way to do this in john.conf? Yes. The most efficient and easiest way to do it is with the All6 "incremental" mode defined above, in combination with: [List.External:6plus2008] void init() { word[10] = 0; } void filter() { word[6] = '2'; word[7] = '0'; word[8] = '0'; word[9] = '8'; } You invoke this as follows: ./john -i=All6 -e=6plus2008 passwd > i = 0; > charset[i++] = 65; Why are you appending the ASCII code for letter 'A' here? > c = ' '; > while (c < '~') > charset[i++] = c++; This is almost the entire printable ASCII charset, less the '~' character. > c = '~' + 1; > while (c <= 0x7e) > charset[i++] = c++; This is nothing, because the ASCII code for the '~' character is exactly 0x7e, so the "while" loop condition is never true. The result is that your charset contains two instances of 'A', but does not contain '~'. > c++; This is probably a no-op as well. Instead of all the lines quoted above, you should have used: i = 0; c = ' '; // Start with space (ASCII 32) and while (c <= 0x7e) // proceed for all printable ASCII charset[i++] = c++; That's all. Now, in case you still don't want to use the combination of "incremental" mode with an external filter() suggested above, as well as to illustrate things, I am attaching a modification of the DumbForce mode and a modification of the KnownForce mode to this message. Either achieves what you asked for, and additionally the modification of DumbForce is capable of trying a range of password lengths. Notice how with DumbForce I had to modify not only init(), but also generate() and restore(). I could avoid modifying init() and generate(), though, but instead introduce a filter() similar to one shown above. Also notice how with KnownForce my modifications are limited to init(). That's because what you asked for matches that mode better - you have a portion of the password that is known ("2008" at the end), and there's a way to specify that (which is why the mode is called KnownForce). Perhaps the special-purpose modified DumbForce mode is faster, though. I am also attaching .diff files between the original definitions for these modes in JtR 1.7.3.1 and the modified versions described above. This is to illustrate the changes I've made. All of these attachments use the text/plain MIME type, so they should be visible in web archives of this mailing list. Alexander View attachment "DumbForce-All6plus2008" of type "text/plain" (1790 bytes) View attachment "KnownForce-All6plus2008" of type "text/plain" (1755 bytes) View attachment "DumbForce-All6plus2008.diff" of type "text/plain" (2834 bytes) View attachment "KnownForce-All6plus2008.diff" of type "text/plain" (1356 bytes) -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.