search

openwall / john

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
https://www.openwall.com/john/
Other
10.11k stars 2.08k forks source link

mask stretching differs custom placeholders and regular placeholders #4118

Open AlekseyCherepanov opened 4 years ago

AlekseyCherepanov commented 4 years ago

That's like #3165 but with custom placeholder (e.g. ?1) or explicit ranges.

When --mask='?l123' --min-length=4 --max-length=5 produces ?l123 and ?l?l123. Replace ?l with ?1 and add --1='?l', it produces ?1123 and '?11233'. Same with explicit ranges.

I bump into that quite often when I stretch masks with constant suffix and try to reduce charset in ranges based on cracks.

Examples:

$ ./JohnTheRipper/run/john --stdout --mask='?l123' --min-length=4 --max-length=5
0p 0:00:00:00 0.00% (4) 0p/s
a123
[...]
q123
26p 0:00:00:00 3.70% (5) (ETA: 00:20:39) 371.4p/s q123
aa123
[...]
qq123
702p 0:00:00:00 100.00% (5) (2019-10-13 00:20) 10028p/s qq123

$ ./JohnTheRipper/run/john --stdout --mask='?1123' --min-length=4 --max-length=5 --1='?l'
0p 0:00:00:00 0.00% (4) 0p/s
a123
[...]
q123
26p 0:00:00:00 50.00% (5) (ETA: 00:20:51) 520.0p/s q123
a1233
q1233
52p 0:00:00:00 100.00% (5) (2019-10-13 00:20) 1040p/s q1233

$ ./JohnTheRipper/run/john --stdout --mask='[a-z]123' --min-length=4 --max-length=5
0p 0:00:00:00 0.00% (4) 0p/s
a123
[...]
z123
26p 0:00:00:00 50.00% (5) (ETA: 00:30:12) 260.0p/s z123
a1233
[...]
z1233
52p 0:00:00:00 100.00% (5) (2019-10-13 00:30) 520.0p/s z1233

john is quite fresh (has opencl; openmp is disabled):

Version: 1.9.0-jumbo-1+bleeding-ea33667eb 2019-09-23 12:43:34 +0200
Build: linux-gnu 64-bit x86_64 AVX2 AC
magnumripper commented 4 years ago

I've actually had the idea to add some option like --mask-stretch-left for when you want that. Or perhaps better --mask-stretch=n where n is the position in the supplied mask.

Example: --mask=?l?l?d?u?u?u --mask-stretch=3 would run ?l?l?d?u?u?u, then ?l?l?d?d?u?u?u, ?l?l?d?d?d?u?u?u and so on.

AlekseyCherepanov commented 4 years ago

I like the idea with position. I missed such option a few times and had to rewrite attack in different manner (either feeding masks in a loop, or with 2 sessions in chain: ?l?l?d?u?u?u would be ?l?l?d with stretching and stdout, then ?w?u?u?u).

Even more general way might be implemented to allow specification of position and a range of repeats. It would allow stretching in hybrid masks. Also it might be interesting to allow stretching at multiple positions with different settings: ?w?d?l, pos 2 repeat 2-3 times, pos 3 repeat 1-2 times would give: ?w?d?d?l, ?w?d?d?d?l, ?w?d?d?l?l, ?w?d?d?d?l?l.

OTOH it could be implemented as support for mask files and a tool to produce such sets (either using separate options, or even inline with syntax similar to rexgen).