|
Message-ID: <20100102041757.GA27698@openwall.com> Date: Sat, 2 Jan 2010 07:17:57 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Rule AN"STR" On Fri, Jan 01, 2010 at 02:42:53PM -0500, Charles Weir wrote: > :[lc] A[0-12],[ a-z!@...%^&*\-=_+.?|)(:'"], > > The problem is the A[0-12]. The rule preprocessor essentially treats > this as A[0-1] + A[2], since the '-' only works with one character > values. So that's the problem you are having. Normally you could use > A-Z to specify the numbers 10-35, but playing around with it, when I > tried to use A[0-C], I received the error: "Invalid position code". That's because the preprocessor works with ASCII codes. It does not know anything about character position codes (and it is not specific to those). For a range specified as [0-C], it will generate many rules with characters with ASCII codes from that of '0' to that of 'C' in that character position. Some of those characters won't be valid position codes (and not what you want anyway), resulting in the error message. > I tried to assign a numerical variable, using the vVNM command but still > received the same error when I ran the command using A[0-a]. That's because the preprocessor is just that. It is invoked per config file line prior to any other parsing, and its output is a set of rules. The numeric variables, on the other hand, exist during actual processing of the rules with specific input words. The "v" command assigns value to such a numeric variable separately for each rule and for each input word. There's no way such a variable could affect the number of rules the preprocessor would generate for a given config file line. In fact, there's currently no way to have a non-constant number of rules, except that some rules could be rejected or effectively turned into no-ops (or worse - into duplicates - but you should avoid that when you can) under some conditions. > Ok, so here is the kludge. There's almost certainly a more elegant way > to do this. > > :[lc] A[0-9A-C],[ a-z!@...%^&*\-=_+.?|)(:'"], Actually, [0-9A-C] is the correct way to do it. That's what I do in such cases. For example, the default john.conf included with JtR 1.7.4 contains: # Toggle case... -c <+ )?u l Tm -c T0 Q M c Q l Q u Q C Q X0z0 'l -c T[1-9A-E] Q M l Tm Q C Q u Q l Q c Q X0z0 'l -c l Q T[1-9A-E] Q M T\0 Q l Tm Q C Q u Q X0z0 'l -c >2 <G %2?a [lu] T0 M T2 T4 T6 T8 TA TC TE Q M l Tm Q X0z0 'l -c >2 /?l /?u t Q M c Q C Q l Tm Q X0z0 'l # Deleting chars... >[2-8] D\p[1-7] >[8-9A-E] D\1 -c /?u >[2-8] D\p[1-7] l -c /?u >[8-9A-E] D\1 l =1?a \[ M c Q -c (?a >[1-9A-E] D\1 c Notice how length checks, back-references, and parallel ranges are used to avoid producing duplicate candidate passwords in case the character position being dealt with is beyond the end of the input word. In some other cases, the "Q" command (memory query) is used for a similar purpose. john.conf as updated in 1.7.4 could be an interesting read if you're into the rules. You could also want to check out the CVS log and diffs of the individual commits: http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/john/john/run/john.conf I have in fact spent extra time to commit different kinds of changes separately, documenting them in the commit messages quite well. > Using this, the rule-preprocessor was able to sort it out and insert > everything between 0-12, with the [0-9] handling the first 0-9 spots, > and the [A-C] handling the 10-12 positions. Right. > I hope this helps, and once again, the above only works with John the > Ripper 1.7.4 Yes, but the newly-introduced "A" command is being misused here. The same could be written in a form understood by older versions of JtR: : [lc] i[0-9A-C][ a-z!@...%^&*\-=_+.?|)(:'"] We use the "i" command here (insert a character) instead of "A" (insert a string). There's no point in using "A" when we know we're only inserting one character. To avoid producing duplicates with short input words or/and with length-limited or case-insensitive hashes, use: -[:c] \p1[lc] ^[ a-z!@...%^&*\-=_+.?|)(:'"] -[:c] >[0-9A-B] \p1[lc] M i\p2[1-9A-C][ a-z!@...%^&*\-=_+.?|)(:'"] Q Now this actually requires 1.7.4+. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.