Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CANWtx03g+d0FyNZr1MSRKRhidc0K_1LyWd93Va-Jwb-MEJU2ug@mail.gmail.com>
Date: Thu, 25 Apr 2013 22:04:23 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Charset filters and options

On Thu, Apr 25, 2013 at 9:37 PM, Rich Rumble <richrumble@...il.com> wrote:

> On Thu, Dec 20, 2012 at 1:43 PM, Stephen John Smoogen <smooge@...il.com>wrote:
>
>> On 20 December 2012 09:03, Rich Rumble <richrumble@...il.com> wrote:
>> > I've searched all over, but can't exactly find the answer. If I want
>> > to make rockyou.txt into my own chr file (I'm increasing from 8 to 12
>> > length), and I use
>> > --external=filter_alnum, it yields the following:
>> >
>> > Successfully written charset file: alnum_12.chr (36 characters)
>> >
>> > Should I modify the external filter to also include Uppercase letters?
>> > It seems on the surface that only lower will be tried since it's a-z
>> > 0-9 (36).
>> > I've made this modification but so far I can't tell (1hour) if it's
>> > had an effect...
>> > if ((c < 'a' || c > 'z') && (c < '0' || c > '9') && (c < 'A' || c >
>> 'Z')) {
>> > Naturally I've increased the CharCount to 62 after creating the chr
>> file.
>> > I assume incremental mode takes CASE into account, all.chr seems to
>> > use uppercase characters, but the modified (the line above) doesn't
>> > seem to even though the charcount went from 36 to 62 after recreating.
>>
>> It will only affect things to the probability that A-Z were used in
>> the rockyou which isn't a lot.. so you are going to have wait until
>> the first 35 characters are run or so before you start seeing a lot of
>> caps being checked . I have tried the following to various effects:
>>
>> 1) Build a filter and run rockyou.txt through it and then grep for
>> output which matches what I want. [EG if every password starts with a
>> capital.. grep '^[A-Z].*$' and then use that output to create a
>> trained file. This increases the chance of caps showing up in the
>> first letter before others.. but it is not going to stop showing up
>> test candidates like abcdefdg.
>>
>> 2) Run a long filter chain.. john --session=A --stdout --inc:alnum |
>> python filter.py | john --session=B --stdin --format=blah pwd.foo
>>
>> > It's been discussed previously, but would it be possible to
>> > "artifically" pad the pot file with at least one uppercase character
>> > in each line so that incremental would be more likely to include an
>> > uppercase in each try? Or should I use my all lower alpha_num to
>> > stdout and use a mangling rule (NT) to make that happen. I'm sure I
>> > could use all.chr and specify the external filter, but that seems like
>> > it'd be slower than incremental "trained" to use at least 1 upper and
>> > 1 special or what have you.
>> > -rich
>>
> Sorry to dredge this one back up, but the more recent thread about the new
> charset lengths (super excited about that), and I think it applies to this
> previous thread more than the new one. All.chr is 96 characters, but alnum
> is 36, as far as i can tell it never tries any capitals at all:
> c:\JohnTheRipper\run>john-any.exe -i=alnum c:\temp\alnum-test.txt
> Loaded 3 password hashes with no different salts (NT MD4 [32/32])
> guesses: 0  time: 0:00:00:08 DONE (Thu Apr 25 21:25:48 2013)  c/s: 21453K
> trying: x9wql - x9wvx
> (maxlen=5, charcount=36)
> ---
> c:\cygwin\JohnTheRipper\run>john-any.exe -i=all5 C:\temp\alnum-test.txt
> Loaded 3 password hashes with no different salts (NT MD4 [32/32])
> BbB              (bbb)
> AaA              (aaa)
> aaB              (aab)
> guesses: 3  time: 0:00:00:05 DONE (Thu Apr 25 21:29:49 2013)  c/s: 5426K
> trying: asM - jfM
>
> I find alnum.chr a very useful character set even if it's all lower, but I
> might find it more useful if it were 62 characters. While RockYou is an
> outstanding file to train the charset's on, I am often re-training mine of
> the passwords I'm finding, and more an more they are containing Alpha with
> CaMElcAse. I have been able to compensate using stdout/pipe+nt, the changes
> I made to the filter was correct, I'm going to try to test that again now.
> -rich
>
Also shouldn't Alpha be 27 and Alnum 37 for 0x32? I see the filters don't
have space in them, so i understand why they aren't, never noticed before...
-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.