1617 lines
40 KiB
Plaintext
1617 lines
40 KiB
Plaintext
|
#
|
||
|
# This file is part of John the Ripper password cracker,
|
||
|
# Copyright (c) 1996-2006,2008-2012 by Solar Designer
|
||
|
#
|
||
|
# ...with changes in the jumbo patch, by various authors
|
||
|
#
|
||
|
|
||
|
# The [Options] section is for general options only.
|
||
|
# Note that MPI specific options have been moved
|
||
|
# to [Options.MPI]
|
||
|
# There is also a new section [Options.OpenCL]
|
||
|
# for OpenCL specific options
|
||
|
# Default settings for Markov mode have been moved
|
||
|
# to [Markov.Default], but you can define other
|
||
|
# Markov modes as well, see ../doc/MARKOV
|
||
|
[Options]
|
||
|
# Wordlist file name, to be used in batch mode
|
||
|
Wordlist = $JOHN/password.lst
|
||
|
# Use idle cycles only
|
||
|
Idle = Y
|
||
|
# Crash recovery file saving delay in seconds
|
||
|
Save = 600
|
||
|
# Beep when a password is found (who needs this anyway?)
|
||
|
Beep = N
|
||
|
|
||
|
# Time formatting string used in status ETA.
|
||
|
# %c means 'local' specific canonical form, such as:
|
||
|
# 05/06/11 18:10:34
|
||
|
#
|
||
|
# Other examples
|
||
|
# %d/%m/%y %H:%M (day/mon/year hour:min)
|
||
|
# %m/%d/%y %H:%M (mon/day/year hour:min)
|
||
|
# %Y-%m-%d %H:%M (ISO 8601 style, 2011-05-06 18:10)
|
||
|
TimeFormat = %c
|
||
|
|
||
|
# Threshold for showing ETA, in percent. ETA will not be
|
||
|
# shown if progress is less than this. If too low, early
|
||
|
# reported figures will be less accurate (default 0.05%)
|
||
|
ETAthreshold = 0.05%
|
||
|
|
||
|
# Emit a status line whenever a password is cracked (this is the same as
|
||
|
# passing the --crack-status option flag to john). NOTE: if this is set
|
||
|
# to true here, --crack-status will toggle it back to false.
|
||
|
CrackStatus = N
|
||
|
|
||
|
# When printing status, show number of candidates tried (eg. 1/43210 for one
|
||
|
# guess out of 43 thousand candidates). Note that the number is not equal to
|
||
|
# "words tried" but rather "words x hash" combinations so if you are attacking
|
||
|
# 1000 hashes, "43210" means you have tried about 43 words from your wordlist.
|
||
|
StatusShowCandidates = N
|
||
|
|
||
|
# Always report (to screen and log) cracked passwords as UTF-8, regardless of
|
||
|
# input encoding. This is recommended if you have your terminal set for UTF-8.
|
||
|
AlwaysReportUTF8 = N
|
||
|
|
||
|
# Always store Unicode (UTF-16) passwords as UTF-8 in john.pot, regardless
|
||
|
# of input encoding. This prevents john.pot from being filled with mixed
|
||
|
# and eventually unknown encodings. This is recommended if you have your
|
||
|
# terminal set for UTF-8.
|
||
|
UnicodeStoreUTF8 = N
|
||
|
|
||
|
# Always report/store non-Unicode formats as UTF-8, regardless of input
|
||
|
# encoding. This is NOT recommended unless you REALLY understand the
|
||
|
# implications. The actual codepage that was used is not stored anywhere
|
||
|
# except in the log file.
|
||
|
CPstoreUTF8 = N
|
||
|
|
||
|
# Write cracked passwords to the log file (default is just the user name)
|
||
|
LogCrackedPasswords = N
|
||
|
|
||
|
|
||
|
[Options:MPI]
|
||
|
# Automagically disable OMP if MPI is used (set to N if
|
||
|
# you want to run one MPI process per multi-core host)
|
||
|
MPIOMPmutex = Y
|
||
|
|
||
|
# Print a notice if disabling OMP (when MPIOMPmutex = Y)
|
||
|
# or when running OMP and MPI at the same time
|
||
|
MPIOMPverbose = Y
|
||
|
|
||
|
|
||
|
[Options:OpenCL]
|
||
|
# Set default OpenCL platform and/or device. Command line options will
|
||
|
# override these. If neither is set, we will search for a GPU or fall-back
|
||
|
# to platform 0, device 0.
|
||
|
#Platform = 0
|
||
|
#Device = 0
|
||
|
|
||
|
# Format-specific settings for Local Work Size and Global Work Size call.
|
||
|
# An LWS or GWS of zero will initiate auto enumeration. The environment
|
||
|
# variables LWS and/or GWS will override these figures.
|
||
|
#ssha_LWS = 512
|
||
|
#ssha_GWS = 8192
|
||
|
|
||
|
# For RAR format. MaxDuration (seconds) can be used to limit run time in case
|
||
|
# there is a watch-dog time-out.
|
||
|
#rar_LWS = 128
|
||
|
#rar_GWS = 8192
|
||
|
rar_MaxDuration = 5
|
||
|
|
||
|
# For crypt SHA-512.
|
||
|
#sha512crypt_LWS = 64
|
||
|
#sha512crypt_GWS = 8192
|
||
|
|
||
|
|
||
|
# Markov modes, see ../doc/MARKOV for more information
|
||
|
[Markov:Default]
|
||
|
# Default Markov mode settings
|
||
|
#
|
||
|
# Statsfile cannot be specified on the command line, so
|
||
|
# specifying it here is mandatory
|
||
|
Statsfile = $JOHN/stats
|
||
|
# MkvLvl and MkvMaxLen should also be specified here, as a fallback for
|
||
|
# --markov usage without specifying LEVEL and/or LENGTH on the command line
|
||
|
MkvLvl = 200
|
||
|
MkvMaxLen = 12
|
||
|
# MkvMinLvl and MkvMinLen should not be specified at all in [Markov:Default],
|
||
|
# or they should be equal to 0 (which is the default if not specified.
|
||
|
# MkvMinLvl and MkvMinLen can be used in other Markov mode sections
|
||
|
# except [Markov:Default]
|
||
|
; MkvMinLvl = 0
|
||
|
; MkvMinLen = 0
|
||
|
|
||
|
# A user defined character class is named with a single digit, ie. 0..9. After
|
||
|
# the equal-sign, just list all characters that this class should match. You
|
||
|
# can specify ranges within brackets, much like pre-processor ranges in rules.
|
||
|
# BEWARE of encoding if using non-ASCII characters. If you put UTF-8 characters
|
||
|
# here, it will *not* work! You must use a singlebyte encoding and it should
|
||
|
# be the same here as you intend to use for your dictionary.
|
||
|
# You can however put characters here in \xA3 format (for codepoint 0xA3 - in
|
||
|
# many iso-8859-x codepages that would mean a pound sign). This works in ranges
|
||
|
# too but NOTE that this syntax does NOT work in any other section of john.conf
|
||
|
#
|
||
|
# This is a couple of example classes:
|
||
|
# ?0 matches (one version of) base64 characters
|
||
|
# ?1 matches hex digits
|
||
|
# ?2 matches the TAB character (never try to use \x00!)
|
||
|
[UserClasses]
|
||
|
0 = [a-zA-Z0-9/.]
|
||
|
1 = [0-9a-fA-F]
|
||
|
2 = \x09
|
||
|
|
||
|
|
||
|
# "Single crack" mode rules
|
||
|
[List.Rules:Single]
|
||
|
# Simple rules come first...
|
||
|
:
|
||
|
-s x**
|
||
|
-c (?a c Q
|
||
|
-c l Q
|
||
|
-s-c x** /?u l
|
||
|
# These were not included in crackers I've seen, but are pretty efficient,
|
||
|
# so I include them near the beginning
|
||
|
>6 '6
|
||
|
>7 '7 l
|
||
|
-c >6 '6 /?u l
|
||
|
>5 '5
|
||
|
# Weird order, eh? Can't do anything about it, the order is based on the
|
||
|
# number of successful cracks...
|
||
|
<* d
|
||
|
r c
|
||
|
-c <* (?a d c
|
||
|
-c >5 '5 /?u l
|
||
|
-c u Q
|
||
|
-c )?a r l
|
||
|
-[:c] <* !?A \p1[lc] p
|
||
|
-c <* c Q d
|
||
|
-c >7 '7 /?u
|
||
|
>4 '4 l
|
||
|
-c <+ (?l c r
|
||
|
-c <+ )?l l Tm
|
||
|
>3 '3
|
||
|
-c >4 '4 /?u
|
||
|
-c >3 '3 /?u l
|
||
|
-c u Q r
|
||
|
<* d M 'l f Q
|
||
|
-c <* l Q d M 'l f Q
|
||
|
# About 50% of single-mode-crackable passwords get cracked by now...
|
||
|
# >2 x12 ... >8 x18
|
||
|
>[2-8] x1\1
|
||
|
>9 \[
|
||
|
# >3 x22 ... >9 x28
|
||
|
>[3-9] x2\p[2-8]
|
||
|
# >4 x32 ... >9 x37
|
||
|
>[4-9] x3\p[2-7]
|
||
|
# >2 x12 /?u l ... >8 x18 /?u l
|
||
|
-c >[2-8] x1\1 /?u l
|
||
|
-c >9 \[ /?u l
|
||
|
# >3 x22 /?u l ... >9 x28 /?u l
|
||
|
-c >[3-9] x2\p[2-8] /?u l
|
||
|
# >4 x32 /?u l ... >9 x37 /?u l
|
||
|
-c >[4-9] x3\p[2-7] /?u l
|
||
|
# Now to the suffix stuff...
|
||
|
<* l $[1-9!0a-rt-z"-/:-@\[-`{-~]
|
||
|
-c <* (?a c $[1-9!0a-rt-z"-/:-@\[-`{-~]
|
||
|
-[:c] <* !?A (?\p1[za] \p1[lc] $s M 'l p Q X0z0 'l $s
|
||
|
-[:c] <* /?A (?\p1[za] \p1[lc] $s
|
||
|
<* l r $[1-9!]
|
||
|
-c <* /?a u $[1-9!]
|
||
|
-[:c] <- (?\p1[za] \p1[lc] Az"'s"
|
||
|
-[:c] <- (?\p1[za] \p1[lc] Az"!!"
|
||
|
-[:c] (?\p1[za] \p1[lc] $! <- Az"!!"
|
||
|
# Removing vowels...
|
||
|
-[:c] /?v @?v >2 (?\p1[za] \p1[lc]
|
||
|
/?v @?v >2 <* d
|
||
|
# crack -> cracked, crack -> cracking
|
||
|
<* l [PI]
|
||
|
-c <* l [PI] (?a c
|
||
|
# mary -> marie
|
||
|
-[:c] <* (?\p1[za] \p1[lc] )y omi $e
|
||
|
# marie -> mary
|
||
|
-[:c] <* (?\p1[za] \p1[lc] )e \] )i val1 oay
|
||
|
# The following are some 3l33t rules
|
||
|
-[:c] l /[aelos] s\0\p[4310$] (?\p1[za] \p1[:c]
|
||
|
-[:c] l /a /[elos] sa4 s\0\p[310$] (?\p1[za] \p1[:c]
|
||
|
-[:c] l /e /[los] se3 s\0\p[10$] (?\p1[za] \p1[:c]
|
||
|
-[:c] l /l /[os] sl1 s\0\p[0$] (?\p1[za] \p1[:c]
|
||
|
-[:c] l /o /s so0 ss$ (?\p1[za] \p1[:c]
|
||
|
-[:c] l /a /e /[los] sa4 se3 s\0\p[10$] (?\p1[za] \p1[:c]
|
||
|
-[:c] l /a /l /[os] sa4 sl1 s\0\p[0$] (?\p1[za] \p1[:c]
|
||
|
-[:c] l /a /o /s sa4 so0 ss$ (?\p1[za] \p1[:c]
|
||
|
-[:c] l /e /l /[os] se3 sl1 s\0\p[0$] (?\p1[za] \p1[:c]
|
||
|
-[:c] l /[el] /o /s s\0\p[31] so0 ss$ (?\p1[za] \p1[:c]
|
||
|
-[:c] l /a /e /l /[os] sa4 se3 sl1 s\0\p[0$] (?\p1[za] \p1[:c]
|
||
|
-[:c] l /a /[el] /o /s sa4 s\0\p[31] so0 ss$ (?\p1[za] \p1[:c]
|
||
|
-[:c] l /e /l /o /s se3 sl1 so0 ss$ (?\p1[za] \p1[:c]
|
||
|
-[:c] l /a /e /l /o /s sa4 se3 sl1 so0 ss$ (?\p1[za] \p1[:c]
|
||
|
# Now to the prefix stuff...
|
||
|
l ^[1a-z2-90]
|
||
|
-c l Q ^[A-Z]
|
||
|
^[A-Z]
|
||
|
l ^["-/:-@\[-`{-~]
|
||
|
-[:c] <9 (?a \p1[lc] A0"[tT]he"
|
||
|
-[:c] <9 (?a \p1[lc] A0"[aA]my"
|
||
|
-[:c] <9 (?a \p1[lc] A0"[mdMD]r"
|
||
|
-[:c] <9 (?a \p1[lc] A0"[mdMD]r."
|
||
|
-[:c] <9 (?a \p1[lc] A0"__"
|
||
|
<- !?A l p ^[240-9]
|
||
|
# Some word pair rules...
|
||
|
# johnsmith -> JohnSmith, johnSmith
|
||
|
-p-c (?a 2 (?a c 1 [cl]
|
||
|
# JohnSmith -> john smith, john_smith, john-smith
|
||
|
-p 1 <- $[ _\-] + l
|
||
|
# JohnSmith -> John smith, John_smith, John-smith
|
||
|
-p-c 1 <- (?a c $[ _\-] 2 l
|
||
|
# JohnSmith -> john Smith, john_Smith, john-Smith
|
||
|
-p-c 1 <- l $[ _\-] 2 (?a c
|
||
|
# johnsmith -> John Smith, John_Smith, John-Smith
|
||
|
-p-c 1 <- (?a c $[ _\-] 2 (?a c
|
||
|
# Applying different simple rules to each of the two words
|
||
|
-p-[c:] 1 \p1[ur] 2 l
|
||
|
-p-c 2 (?a c 1 [ur]
|
||
|
-p-[c:] 1 l 2 \p1[ur]
|
||
|
-p-c 1 (?a c 2 [ur]
|
||
|
# jsmith -> smithj, etc...
|
||
|
-[:c] (?a \p1[lc] [{}]
|
||
|
-[:c] (?a \p1[lc] [{}] \0
|
||
|
# Toggle case...
|
||
|
-c <+ )?u l Tm
|
||
|
-c T0 Q M c Q l Q u Q C Q X0z0 'l
|
||
|
-c T[1-9A-E] Q M l Tm Q C Q u Q l Q c Q X0z0 'l
|
||
|
-c l Q T[1-9A-E] Q M T\0 Q l Tm Q C Q u Q X0z0 'l
|
||
|
-c >2 <G %2?a [lu] T0 M T2 T4 T6 T8 TA TC TE Q M l Tm Q X0z0 'l
|
||
|
-c >2 /?l /?u t Q M c Q C Q l Tm Q X0z0 'l
|
||
|
# Deleting chars...
|
||
|
>[2-8] D\p[1-7]
|
||
|
>[8-9A-E] D\1
|
||
|
-c /?u >[2-8] D\p[1-7] l
|
||
|
-c /?u >[8-9A-E] D\1 l
|
||
|
=1?a \[ M c Q
|
||
|
-c (?a >[1-9A-E] D\1 c
|
||
|
# Inserting a dot...
|
||
|
-[:c] >3 (?a \p1[lc] i[12].
|
||
|
# More suffix stuff...
|
||
|
<- l Az"[190][0-9]"
|
||
|
-c <- (?a c Az"[190][0-9]"
|
||
|
<- l Az"[782][0-9]"
|
||
|
-c <- (?a c Az"[782][0-9]"
|
||
|
<* l $[A-Z]
|
||
|
-c <* (?a c $[A-Z]
|
||
|
# cracking -> CRACKiNG
|
||
|
-c u /I sIi
|
||
|
# Crack96 -> cRACK96
|
||
|
%2?a C Q
|
||
|
# Crack96 -> cRACK(^
|
||
|
/?A S Q
|
||
|
# Crack96 -> CRaCK96
|
||
|
-c /?v V Q
|
||
|
# Really weird charset conversions, like "england" -> "rmh;smf"
|
||
|
:[RL] Q
|
||
|
l Q [RL]
|
||
|
-c (?a c Q [RL]
|
||
|
:[RL] \0 Q
|
||
|
# Both prefixing and suffixing...
|
||
|
<- l ^[1!@#$%^&*\-=_+.?|:'"] $\1
|
||
|
<- l ^[({[<] $\p[)}\]>]
|
||
|
# The rest of two-digit suffix stuff, less common numbers...
|
||
|
<- l Az"[63-5][0-9]"
|
||
|
-c <- (?a c Az"[63-5][0-9]"
|
||
|
# Some multi-digit numbers...
|
||
|
-[:c] (?a \p1[lc] Az"007" <+
|
||
|
-[:c] (?a \p1[lc] Az"123" <+
|
||
|
-[:c] (?a \p1[lc] Az"[0-9]\0\0" <+
|
||
|
-[:c] (?a \p1[lc] Az"1234" <+
|
||
|
-[:c] (?a \p1[lc] Az"[0-9]\0\0\0" <+
|
||
|
-[:c] (?a \p1[lc] Az"12345" <+
|
||
|
-[:c] (?a \p1[lc] Az"[0-9]\0\0\0\0" <+
|
||
|
-[:c] (?a \p1[lc] Az"123456" <+
|
||
|
-[:c] (?a \p1[lc] Az"[0-9]\0\0\0\0\0" <+
|
||
|
# Some [birth] years...
|
||
|
l Az"19[7-96-0]" <+ >-
|
||
|
l Az"20[01]" <+ >-
|
||
|
l Az"19[7-9][0-9]" <+
|
||
|
l Az"20[01][0-9]" <+
|
||
|
l Az"19[6-0][9-0]" <+
|
||
|
|
||
|
[List.Rules:Extra]
|
||
|
# Insert/overstrike some characters...
|
||
|
!?A >[1-6] l i\0[a-z]
|
||
|
!?A l o0[a-z]
|
||
|
!?A >[1-7] l o\0[a-z]
|
||
|
# Toggle case everywhere (up to length 8), assuming that certain case
|
||
|
# combinations were already tried.
|
||
|
-c T1 Q M T0 Q
|
||
|
-c T2 Q M T[z0] T[z1] Q
|
||
|
-c T3 Q M T[z0] T[z1] T[z2] Q
|
||
|
-c T4 Q M T[z0] T[z1] T[z2] T[z3] Q
|
||
|
-c T5 Q M T[z0] T[z1] T[z2] T[z3] T[z4] Q
|
||
|
-c T6 Q M T[z0] T[z1] T[z2] T[z3] T[z4] T[z5] Q
|
||
|
-c T7 Q M T[z0] T[z1] T[z2] T[z3] T[z4] T[z5] T[z6] Q
|
||
|
# Very slow stuff...
|
||
|
l Az"[1-90][0-9][0-9]" <+
|
||
|
-c (?a c Az"[1-90][0-9][0-9]" <+
|
||
|
<[\-9] l A\p[z0]"[a-z][a-z]"
|
||
|
<- l ^[a-z] $[a-z]
|
||
|
|
||
|
# Wordlist mode rules
|
||
|
[List.Rules:Wordlist]
|
||
|
# Try words as they are
|
||
|
:
|
||
|
# Lowercase every pure alphanumeric word
|
||
|
-c >3 !?X l Q
|
||
|
# Capitalize every pure alphanumeric word
|
||
|
-c (?a >2 !?X c Q
|
||
|
# Lowercase and pluralize pure alphabetic words
|
||
|
<* >2 !?A l p
|
||
|
# Lowercase pure alphabetic words and append '1'
|
||
|
<* >2 !?A l $1
|
||
|
# Capitalize pure alphabetic words and append '1'
|
||
|
-c <* >2 !?A c $1
|
||
|
# Duplicate reasonably short pure alphabetic words (fred -> fredfred)
|
||
|
<7 >1 !?A l d
|
||
|
# Lowercase and reverse pure alphabetic words
|
||
|
>3 !?A l M r Q
|
||
|
# Prefix pure alphabetic words with '1'
|
||
|
>2 !?A l ^1
|
||
|
# Uppercase pure alphanumeric words
|
||
|
-c >2 !?X u Q M c Q u
|
||
|
# Lowercase pure alphabetic words and append a digit or simple punctuation
|
||
|
<* >2 !?A l $[2!37954860.?]
|
||
|
# Words containing punctuation, which is then squeezed out, lowercase
|
||
|
/?p @?p >3 l
|
||
|
# Words with vowels removed, lowercase
|
||
|
/?v @?v >3 l
|
||
|
# Words containing whitespace, which is then squeezed out, lowercase
|
||
|
/?w @?w >3 l
|
||
|
# Capitalize and duplicate short pure alphabetic words (fred -> FredFred)
|
||
|
-c <7 >1 !?A c d
|
||
|
# Capitalize and reverse pure alphabetic words (fred -> derF)
|
||
|
-c <+ >2 !?A c r
|
||
|
# Reverse and capitalize pure alphabetic words (fred -> Derf)
|
||
|
-c >2 !?A l M r Q c
|
||
|
# Lowercase and reflect pure alphabetic words (fred -> fredderf)
|
||
|
<7 >1 !?A l d M 'l f Q
|
||
|
# Uppercase the last letter of pure alphabetic words (fred -> freD)
|
||
|
-c <+ >2 !?A l M r Q c r
|
||
|
# Prefix pure alphabetic words with '2' or '4'
|
||
|
>2 !?A l ^[24]
|
||
|
# Capitalize pure alphabetic words and append a digit or simple punctuation
|
||
|
-c <* >2 !?A c $[2!3957468.?0]
|
||
|
# Prefix pure alphabetic words with digits
|
||
|
>2 !?A l ^[379568]
|
||
|
# Capitalize and pluralize pure alphabetic words of reasonable length
|
||
|
-c <* >2 !?A c p
|
||
|
# Lowercase/capitalize pure alphabetic words of reasonable length and convert:
|
||
|
# crack -> cracked, crack -> cracking
|
||
|
-[:c] <* >2 !?A \p1[lc] M [PI] Q
|
||
|
# Try the second half of split passwords
|
||
|
-s x**
|
||
|
-s-c x** M l Q
|
||
|
|
||
|
# Case toggler for cracking MD4-based NTLM hashes (with the contributed patch)
|
||
|
# given already cracked DES-based LM hashes.
|
||
|
# Rename this section to [List.Rules:Wordlist] to activate it.
|
||
|
[List.Rules:NT]
|
||
|
:
|
||
|
-c T0Q
|
||
|
-c T1QT[z0]
|
||
|
-c T2QT[z0]T[z1]
|
||
|
-c T3QT[z0]T[z1]T[z2]
|
||
|
-c T4QT[z0]T[z1]T[z2]T[z3]
|
||
|
-c T5QT[z0]T[z1]T[z2]T[z3]T[z4]
|
||
|
-c T6QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]
|
||
|
-c T7QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]
|
||
|
-c T8QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]
|
||
|
-c T9QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]
|
||
|
-c TAQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]
|
||
|
-c TBQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]
|
||
|
-c TCQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]T[zB]
|
||
|
-c TDQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]T[zB]T[zC]
|
||
|
|
||
|
# For Single Mode against fast hashes
|
||
|
[List.Rules:Single-Extra]
|
||
|
.include [List.Rules:Single]
|
||
|
.include [List.Rules:Extra]
|
||
|
|
||
|
# For Wordlist mode and very fast hashes
|
||
|
[List.Rules:Jumbo]
|
||
|
.include [List.Rules:Wordlist]
|
||
|
.include [List.Rules:Single]
|
||
|
.include [List.Rules:Extra]
|
||
|
.include [List.Rules:NT]
|
||
|
|
||
|
# Incremental modes
|
||
|
[Incremental:All]
|
||
|
File = $JOHN/all.chr
|
||
|
MinLen = 0
|
||
|
MaxLen = 8
|
||
|
CharCount = 95
|
||
|
|
||
|
[Incremental:All5]
|
||
|
.include [Incremental:All]
|
||
|
MaxLen = 5
|
||
|
|
||
|
[Incremental:All6]
|
||
|
.include [Incremental:All]
|
||
|
MaxLen = 6
|
||
|
MinLen = 6
|
||
|
|
||
|
[Incremental:All7]
|
||
|
.include [Incremental:All]
|
||
|
MinLen = 7
|
||
|
MaxLen = 7
|
||
|
|
||
|
[Incremental:All8]
|
||
|
.include [Incremental:All]
|
||
|
MinLen = 8
|
||
|
|
||
|
[Incremental:Alpha]
|
||
|
File = $JOHN/alpha.chr
|
||
|
MinLen = 1
|
||
|
MaxLen = 8
|
||
|
CharCount = 26
|
||
|
|
||
|
[Incremental:Digits]
|
||
|
File = $JOHN/digits.chr
|
||
|
MinLen = 1
|
||
|
MaxLen = 8
|
||
|
CharCount = 10
|
||
|
|
||
|
[Incremental:Digits8]
|
||
|
File = $JOHN/digits.chr
|
||
|
MinLen = 8
|
||
|
MaxLen = 8
|
||
|
CharCount = 10
|
||
|
|
||
|
[Incremental:Alnum]
|
||
|
File = $JOHN/alnum.chr
|
||
|
MinLen = 1
|
||
|
MaxLen = 8
|
||
|
CharCount = 36
|
||
|
|
||
|
[Incremental:LanMan]
|
||
|
File = $JOHN/lanman.chr
|
||
|
MinLen = 0
|
||
|
MaxLen = 7
|
||
|
CharCount = 69
|
||
|
|
||
|
# Some pre-defined word filters
|
||
|
[List.External:Filter_Alpha]
|
||
|
void filter()
|
||
|
{
|
||
|
int i, c;
|
||
|
|
||
|
i = 0;
|
||
|
while (c = word[i++])
|
||
|
if (c < 'a' || c > 'z') {
|
||
|
word = 0; return;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
[List.External:Filter_Digits]
|
||
|
void filter()
|
||
|
{
|
||
|
int i, c;
|
||
|
|
||
|
i = 0;
|
||
|
while (c = word[i++])
|
||
|
if (c < '0' || c > '9') {
|
||
|
word = 0; return;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
[List.External:Filter_Alnum]
|
||
|
void filter()
|
||
|
{
|
||
|
int i, c;
|
||
|
|
||
|
i = 0;
|
||
|
while (c = word[i++])
|
||
|
if ((c < 'a' || c > 'z') && (c < '0' || c > '9')) {
|
||
|
word = 0; return;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
[List.External:Filter_No_Cap_or_Symbols]
|
||
|
void filter()
|
||
|
{
|
||
|
int i, c;
|
||
|
|
||
|
i = 0;
|
||
|
while (c = word[i++])
|
||
|
if ((c < 'a' || c > 'z') && (c < '0' || c > '9')) {
|
||
|
return;
|
||
|
}
|
||
|
word = 0; return;
|
||
|
}
|
||
|
|
||
|
[List.External:Filter_LanMan]
|
||
|
void filter()
|
||
|
{
|
||
|
int i, c;
|
||
|
|
||
|
word[7] = 0; // Truncate at 7 characters
|
||
|
|
||
|
i = 0; // Convert to uppercase
|
||
|
while (c = word[i]) {
|
||
|
if (c >= 'a' && c <= 'z') word[i] &= 0xDF;
|
||
|
i++;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
# A simple cracker for LM hashes
|
||
|
[List.External:LanMan]
|
||
|
int length; // Current length
|
||
|
|
||
|
void init()
|
||
|
{
|
||
|
word[0] = 'A' - 1; // Start with "A"
|
||
|
word[length = 1] = 0;
|
||
|
}
|
||
|
|
||
|
void generate()
|
||
|
{
|
||
|
int i;
|
||
|
|
||
|
i = length - 1; // Start from the last character
|
||
|
while (++word[i] > 'Z') // Try to increase it
|
||
|
if (i) // Overflow here, any more positions?
|
||
|
word[i--] = 'A'; // Yes, move to the left, and repeat
|
||
|
else // No
|
||
|
if (length < 7) {
|
||
|
word[i = ++length] = 0; // Switch to the next length
|
||
|
while (i--)
|
||
|
word[i] = 'A';
|
||
|
return;
|
||
|
} else {
|
||
|
word = 0; return; // We're done
|
||
|
}
|
||
|
}
|
||
|
|
||
|
void restore()
|
||
|
{
|
||
|
length = 0; // Calculate the length
|
||
|
while (word[length]) length++;
|
||
|
}
|
||
|
|
||
|
# Simple and well-commented, yet useful external mode example
|
||
|
# NOTE, this has now been 'split' up into a base extern, 'base', and then
|
||
|
# multiple External:double functions. It still has same code as original
|
||
|
# double, but now can be easily expanded.
|
||
|
[List.External_base:Double]
|
||
|
/*
|
||
|
* This cracking mode tries all the possible duplicated lowercase alphabetic
|
||
|
* "words" of up to 8 characters long. Since word halves are the same, it
|
||
|
* only has to try about 500,000 words.
|
||
|
*/
|
||
|
|
||
|
/* Global variables: current length and word */
|
||
|
/* make this 'long' enough for other externs that include this one */
|
||
|
/* (up to 14 bytes long) We currently have double and double10 defined, */
|
||
|
/* but could add more, up to double14 */
|
||
|
|
||
|
int length, current[15], max;
|
||
|
|
||
|
/* this new 'type' variable, is used to tell double what character set to
|
||
|
* use. It can use the original (alpha). If type is 0 (i.e. unset), then
|
||
|
* a-z (alpha) character set is used. If type is '0' (a zero ascii byte)
|
||
|
* then alnum charset is used, a-z0-9. If type is a space char, then all
|
||
|
* charset is used [space - tilde] or [ -~]. This required setting the
|
||
|
* type var in the init() of alnum or all doubles (it can be left unset
|
||
|
* in the alpha versions). It also requires some if logic in generate.
|
||
|
* other than that, it works the same, with almost no performance hit */
|
||
|
int type;
|
||
|
|
||
|
/* Generates a new word */
|
||
|
void generate()
|
||
|
{
|
||
|
int i;
|
||
|
|
||
|
/* Export last generated word, duplicating it at the same time; here "word"
|
||
|
* is a pre-defined external variable. */
|
||
|
word[(i = length) << 1] = 0;
|
||
|
while (i--) word[length + i] = word[i] = current[i];
|
||
|
|
||
|
/* Generate a new word */
|
||
|
i = length - 1; // Start from the last character
|
||
|
if (type == 0) {
|
||
|
/* alpha */
|
||
|
while (++current[i] > 'z') // Try to increase it
|
||
|
if (i) // Overflow here, any more positions?
|
||
|
current[i--] = 'a'; // Yes, move to the left, and repeat
|
||
|
else { // No
|
||
|
current = 0; // Request a length switch
|
||
|
break; // Break out of the loop
|
||
|
}
|
||
|
} else if (type == '0') {
|
||
|
/* alnum */
|
||
|
if (current[i] == 'z') current[i] = '0'-1;
|
||
|
while (++current[i] == '9') { // Try to increase it
|
||
|
if (i) // Overflow here, any more positions?
|
||
|
current[i--] = 'a'; // Yes, move to the left, and repeat
|
||
|
else { // No
|
||
|
current = 0; // Request a length switch
|
||
|
break; // Break out of the loop
|
||
|
}
|
||
|
if (current[i] == 'z') current[i] = '0'-1;
|
||
|
}
|
||
|
} else if (type == ' ') {
|
||
|
/* all */
|
||
|
while (++current[i] > '~') { // Try to increase it
|
||
|
if (i) // Overflow here, any more positions?
|
||
|
current[i--] = ' '; // Yes, move to the left, and repeat
|
||
|
else { // No
|
||
|
current = 0; // Request a length switch
|
||
|
break; // Break out of the loop
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
/* else ????? wtf?? */
|
||
|
|
||
|
/* Switch to the next length, unless we were generating 8 character long
|
||
|
* words already. */
|
||
|
if (!current && length < max) {
|
||
|
i = ++length;
|
||
|
if (type == 0 || type == '0')
|
||
|
while (i--) current[i] = 'a';
|
||
|
else if (type == ' ')
|
||
|
while (i--) current[i] = ' ';
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/* Called when restoring an interrupted session */
|
||
|
void restore()
|
||
|
{
|
||
|
int i;
|
||
|
|
||
|
/* Import the word back */
|
||
|
i = 0;
|
||
|
while (current[i] = word[i]) i++;
|
||
|
|
||
|
/* ...and calculate the half-word length */
|
||
|
length = i >> 1;
|
||
|
}
|
||
|
|
||
|
[List.External:Double]
|
||
|
.include [List.External_base:Double]
|
||
|
|
||
|
/* Called at startup to initialize the global variables */
|
||
|
void init()
|
||
|
{
|
||
|
int i;
|
||
|
|
||
|
i = length = 2; // Start with 4 character long words
|
||
|
while (i--) current[i] = 'a'; // Set our half-word to "aa"
|
||
|
max = 4;
|
||
|
}
|
||
|
|
||
|
[List.External:Double_alnum]
|
||
|
.include [List.External_base:Double]
|
||
|
|
||
|
/* Called at startup to initialize the global variables */
|
||
|
void init()
|
||
|
{
|
||
|
int i;
|
||
|
|
||
|
i = length = 2; // Start with 4 character long words
|
||
|
while (i--) current[i] = 'a'; // Set our half-word to "aa"
|
||
|
max = 4;
|
||
|
|
||
|
type = '0';
|
||
|
}
|
||
|
|
||
|
[List.External:Double_all]
|
||
|
.include [List.External_base:Double]
|
||
|
void init()
|
||
|
{
|
||
|
int i;
|
||
|
|
||
|
i = length = 2; // Start with 4 character long words
|
||
|
while (i--) current[i] = ' '; // Set our half-word to " "
|
||
|
max = 4;
|
||
|
|
||
|
type = ' ';
|
||
|
}
|
||
|
|
||
|
[List.External:Double10]
|
||
|
.include [List.External_base:Double]
|
||
|
|
||
|
/* Called at startup to initialize the global variables */
|
||
|
void init()
|
||
|
{
|
||
|
int i;
|
||
|
|
||
|
i = length = 5; // Start with 10 character long words (we assume double has already been run)
|
||
|
while (i--) current[i] = 'a'; // Set our half-word to "aaaaa"
|
||
|
max = 5;
|
||
|
}
|
||
|
|
||
|
[List.External:Double10_alnum]
|
||
|
.include [List.External_base:Double]
|
||
|
void init()
|
||
|
{
|
||
|
int i;
|
||
|
|
||
|
i = length = 5; // Start with 4 character long words
|
||
|
while (i--) current[i] = 'a'; // Set our half-word to "aaaaa"
|
||
|
max = 5;
|
||
|
|
||
|
type = '0';
|
||
|
}
|
||
|
|
||
|
# Strip 0.5 ("Secure Tool for Recalling Important Passwords") cracker,
|
||
|
# based on analysis done by Thomas Roessler and Ian Goldberg. This will
|
||
|
# crack passwords you may have generated with Strip; other uses of Strip
|
||
|
# are unaffected.
|
||
|
[List.External:Strip]
|
||
|
int minlength, maxlength, mintype, maxtype;
|
||
|
int crack_seed, length, type;
|
||
|
int count, charset[128];
|
||
|
|
||
|
void init()
|
||
|
{
|
||
|
int c;
|
||
|
|
||
|
/* Password lengths to try; Strip can generate passwords of 4 to 16
|
||
|
* characters, but traditional crypt(3) hashes are limited to 8. */
|
||
|
minlength = 4; // 4
|
||
|
maxlength = 8; // 16
|
||
|
|
||
|
/* Password types to try (Numeric, Alpha-Num, Alpha-Num w/ Meta). */
|
||
|
mintype = 0; // 0
|
||
|
maxtype = 2; // 2
|
||
|
|
||
|
crack_seed = 0x10000;
|
||
|
length = minlength - 1;
|
||
|
type = mintype;
|
||
|
|
||
|
count = 0;
|
||
|
c = '0'; while (c <= '9') charset[count++] = c++;
|
||
|
}
|
||
|
|
||
|
void generate()
|
||
|
{
|
||
|
int seed, random;
|
||
|
int i, c;
|
||
|
|
||
|
if (crack_seed > 0xffff) {
|
||
|
crack_seed = 0;
|
||
|
|
||
|
if (++length > maxlength) {
|
||
|
length = minlength;
|
||
|
|
||
|
if (++type > maxtype) {
|
||
|
word[0] = 0;
|
||
|
return;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
count = 10;
|
||
|
if (type >= 1) {
|
||
|
c = 'a'; while (c <= 'f') charset[count++] = c++;
|
||
|
c = 'h'; while (c <= 'z') charset[count++] = c++;
|
||
|
c = 'A'; while (c <= 'Z') charset[count++] = c++;
|
||
|
}
|
||
|
if (type == 2) {
|
||
|
charset[count++] = '!';
|
||
|
c = '#'; while (c <= '&') charset[count++] = c++;
|
||
|
c = '('; while (c <= '/') charset[count++] = c++;
|
||
|
c = '<'; while (c <= '>') charset[count++] = c++;
|
||
|
charset[count++] = '?'; charset[count++] = '@';
|
||
|
charset[count++] = '['; charset[count++] = ']';
|
||
|
charset[count++] = '^'; charset[count++] = '_';
|
||
|
c = '{'; while (c <= '~') charset[count++] = c++;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
seed = (crack_seed++ << 16 >> 16) * 22695477 + 1;
|
||
|
|
||
|
i = 0;
|
||
|
while (i < length) {
|
||
|
random = ((seed = seed * 22695477 + 1) >> 16) & 0x7fff;
|
||
|
word[i++] = charset[random % count];
|
||
|
}
|
||
|
|
||
|
word[i] = 0;
|
||
|
}
|
||
|
|
||
|
# Try sequences of adjacent keys on a keyboard as candidate passwords
|
||
|
[List.External:Keyboard]
|
||
|
int maxlength, length; // Maximum password length to try, current length
|
||
|
int fuzz; // The desired "fuzz factor", either 0 or 1
|
||
|
int id[15]; // Current character indices for each position
|
||
|
int m[0x800], mc[0x100];// The keys matrix, counts of adjacent keys
|
||
|
int f[0x40], fc; // Characters for the first position, their count
|
||
|
|
||
|
void init()
|
||
|
{
|
||
|
int minlength;
|
||
|
int i, j, c, p;
|
||
|
int k[0x40];
|
||
|
|
||
|
minlength = 1; // Initial password length to try
|
||
|
maxlength = 15; // Maximum password length to try, up to 15
|
||
|
fuzz = 1; // "Fuzz factor", set to 0 for much quicker runs
|
||
|
|
||
|
/*
|
||
|
* This defines the keyboard layout, by default for a QWERTY keyboard.
|
||
|
*/
|
||
|
i = 0; while (i < 0x40) k[i++] = 0;
|
||
|
k[0] = '`';
|
||
|
i = 0; while (++i <= 9) k[i] = '0' + i;
|
||
|
k[10] = '0'; k[11] = '-'; k[12] = '=';
|
||
|
k[0x11] = 'q'; k[0x12] = 'w'; k[0x13] = 'e'; k[0x14] = 'r';
|
||
|
k[0x15] = 't'; k[0x16] = 'y'; k[0x17] = 'u'; k[0x18] = 'i';
|
||
|
k[0x19] = 'o'; k[0x1a] = 'p'; k[0x1b] = '['; k[0x1c] = ']';
|
||
|
k[0x1d] = '\\';
|
||
|
k[0x21] = 'a'; k[0x22] = 's'; k[0x23] = 'd'; k[0x24] = 'f';
|
||
|
k[0x25] = 'g'; k[0x26] = 'h'; k[0x27] = 'j'; k[0x28] = 'k';
|
||
|
k[0x29] = 'l'; k[0x2a] = ';'; k[0x2b] = '\'';
|
||
|
k[0x31] = 'z'; k[0x32] = 'x'; k[0x33] = 'c'; k[0x34] = 'v';
|
||
|
k[0x35] = 'b'; k[0x36] = 'n'; k[0x37] = 'm'; k[0x38] = ',';
|
||
|
k[0x39] = '.'; k[0x3a] = '/';
|
||
|
|
||
|
i = 0; while (i < 0x100) mc[i++] = 0;
|
||
|
fc = 0;
|
||
|
|
||
|
/* rows */
|
||
|
c = 0;
|
||
|
i = 0;
|
||
|
while (i < 0x40) {
|
||
|
p = c;
|
||
|
c = k[i++] & 0xff;
|
||
|
if (!c) continue;
|
||
|
f[fc++] = c;
|
||
|
if (!p) continue;
|
||
|
m[(c << 3) + mc[c]++] = p;
|
||
|
m[(p << 3) + mc[p]++] = c;
|
||
|
}
|
||
|
f[fc] = 0;
|
||
|
|
||
|
/* columns */
|
||
|
i = 0;
|
||
|
while (i < 0x30) {
|
||
|
p = k[i++] & 0xff;
|
||
|
if (!p) continue;
|
||
|
j = 1 - fuzz;
|
||
|
while (j <= 1 + fuzz) {
|
||
|
c = k[i + 0x10 - j++] & 0xff;
|
||
|
if (!c) continue;
|
||
|
m[(c << 3) + mc[c]++] = p;
|
||
|
m[(p << 3) + mc[p]++] = c;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
length = 0;
|
||
|
while (length < minlength)
|
||
|
id[length++] = 0;
|
||
|
}
|
||
|
|
||
|
void generate()
|
||
|
{
|
||
|
int i, p, maxcount;
|
||
|
|
||
|
word[i = 0] = p = f[id[0]];
|
||
|
while (++i < length)
|
||
|
word[i] = p = m[(p << 3) + id[i]];
|
||
|
word[i--] = 0;
|
||
|
|
||
|
if (i) maxcount = mc[word[i - 1]]; else maxcount = fc;
|
||
|
while (++id[i] >= maxcount) {
|
||
|
if (!i) {
|
||
|
if (length < maxlength) {
|
||
|
id[0] = 0;
|
||
|
id[length++] = 0;
|
||
|
}
|
||
|
return;
|
||
|
}
|
||
|
id[i--] = 0;
|
||
|
if (i) maxcount = mc[word[i - 1]]; else maxcount = fc;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
void restore()
|
||
|
{
|
||
|
int i;
|
||
|
|
||
|
/* Calculate the length */
|
||
|
length = 0;
|
||
|
while (word[length])
|
||
|
id[length++] = 0;
|
||
|
|
||
|
/* Infer the first character index */
|
||
|
i = -1;
|
||
|
while (++i < fc) {
|
||
|
if (f[i] == word[0]) {
|
||
|
id[0] = i;
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/* This sample can be enhanced to infer the rest of the indices here */
|
||
|
}
|
||
|
|
||
|
# Generic implementation of "dumb" exhaustive search, given a range of lengths
|
||
|
# and an arbitrary charset. This is pre-configured to try 8-bit characters
|
||
|
# against LM hashes, which is only reasonable to do for very short password
|
||
|
# half lengths.
|
||
|
[List.External:DumbForce]
|
||
|
int maxlength; // Maximum password length to try
|
||
|
int last; // Last character position, zero-based
|
||
|
int lastid; // Character index in the last position
|
||
|
int id[0x7f]; // Current character indices for other positions
|
||
|
int charset[0x100], c0; // Character set
|
||
|
|
||
|
void init()
|
||
|
{
|
||
|
int minlength;
|
||
|
int i, c;
|
||
|
|
||
|
minlength = 1; // Initial password length to try, must be at least 1
|
||
|
maxlength = 7; // Must be at least same as minlength
|
||
|
|
||
|
/*
|
||
|
* This defines the character set.
|
||
|
*
|
||
|
* Let's say, we want to try TAB, all non-control ASCII characters, and all
|
||
|
* 8-bit characters, including the 8-bit terminal controls range (as these are
|
||
|
* used as regular national characters with some 8-bit encodings), but except
|
||
|
* for known terminal controls (risky for the terminal we may be running on).
|
||
|
*
|
||
|
* Also, let's say our hashes are case-insensitive, so skip lowercase letters
|
||
|
* (this is right for LM hashes).
|
||
|
*/
|
||
|
i = 0;
|
||
|
charset[i++] = 9; // Add horizontal TAB (ASCII 9), then
|
||
|
c = ' '; // start with space (ASCII 32) and
|
||
|
while (c < 'a') // proceed till lowercase 'a'
|
||
|
charset[i++] = c++;
|
||
|
c = 'z' + 1; // Skip lowercase letters and
|
||
|
while (c <= 0x7e) // proceed for all printable ASCII
|
||
|
charset[i++] = c++;
|
||
|
c++; // Skip DEL (ASCII 127) and
|
||
|
while (c < 0x84) // proceed over 8-bit codes till IND
|
||
|
charset[i++] = c++;
|
||
|
charset[i++] = 0x86; // Skip IND (84 hex) and NEL (85 hex)
|
||
|
charset[i++] = 0x87;
|
||
|
c = 0x89; // Skip HTS (88 hex)
|
||
|
while (c < 0x8d) // Proceed till RI (8D hex)
|
||
|
charset[i++] = c++;
|
||
|
c = 0x91; // Skip RI, SS2, SS3, DCS
|
||
|
while (c < 0x96) // Proceed till SPA (96 hex)
|
||
|
charset[i++] = c++;
|
||
|
charset[i++] = 0x99; // Skip SPA, EPA, SOS
|
||
|
c = 0xa0; // Skip DECID, CSI, ST, OSC, PM, APC
|
||
|
while (c <= 0xff) // Proceed with the rest of 8-bit codes
|
||
|
charset[i++] = c++;
|
||
|
|
||
|
/* Zero-terminate it, and cache the first character */
|
||
|
charset[i] = 0;
|
||
|
c0 = charset[0];
|
||
|
|
||
|
last = minlength - 1;
|
||
|
i = 0;
|
||
|
while (i <= last) {
|
||
|
id[i] = 0;
|
||
|
word[i++] = c0;
|
||
|
}
|
||
|
lastid = -1;
|
||
|
word[i] = 0;
|
||
|
}
|
||
|
|
||
|
void generate()
|
||
|
{
|
||
|
int i;
|
||
|
|
||
|
/* Handle the typical case specially */
|
||
|
if (word[last] = charset[++lastid]) return;
|
||
|
|
||
|
lastid = 0;
|
||
|
word[i = last] = c0;
|
||
|
while (i--) { // Have a preceding position?
|
||
|
if (word[i] = charset[++id[i]]) return;
|
||
|
id[i] = 0;
|
||
|
word[i] = c0;
|
||
|
}
|
||
|
|
||
|
if (++last < maxlength) { // Next length?
|
||
|
id[last] = lastid = 0;
|
||
|
word[last] = c0;
|
||
|
word[last + 1] = 0;
|
||
|
} else // We're done
|
||
|
word = 0;
|
||
|
}
|
||
|
|
||
|
void restore()
|
||
|
{
|
||
|
int i, c;
|
||
|
|
||
|
/* Calculate the current length and infer the character indices */
|
||
|
last = 0;
|
||
|
while (c = word[last]) {
|
||
|
i = 0; while (charset[i] != c && charset[i]) i++;
|
||
|
if (!charset[i]) i = 0; // Not found
|
||
|
id[last++] = i;
|
||
|
}
|
||
|
lastid = id[--last];
|
||
|
}
|
||
|
|
||
|
# Generic implementation of exhaustive search for a partially-known password.
|
||
|
# This is pre-configured for length 8, lowercase and uppercase letters in the
|
||
|
# first 4 positions (52 different characters), and digits in the remaining 4
|
||
|
# positions - however, the corresponding part of init() may be modified to use
|
||
|
# arbitrary character sets or even fixed characters for each position.
|
||
|
[List.External:KnownForce]
|
||
|
int last; // Last character position, zero-based
|
||
|
int lastofs; // Last character position offset into charset[]
|
||
|
int lastid; // Current character index in the last position
|
||
|
int id[0x7f]; // Current character indices for other positions
|
||
|
int charset[0x7f00]; // Character sets, 0x100 elements for each position
|
||
|
|
||
|
void init()
|
||
|
{
|
||
|
int length;
|
||
|
int pos, ofs, i, c;
|
||
|
|
||
|
length = 8; // Password length to try
|
||
|
|
||
|
/* This defines the character sets for different character positions */
|
||
|
pos = 0;
|
||
|
while (pos < 4) {
|
||
|
ofs = pos++ << 8;
|
||
|
i = 0;
|
||
|
c = 'a';
|
||
|
while (c <= 'z')
|
||
|
charset[ofs + i++] = c++;
|
||
|
c = 'A';
|
||
|
while (c <= 'Z')
|
||
|
charset[ofs + i++] = c++;
|
||
|
charset[ofs + i] = 0;
|
||
|
}
|
||
|
while (pos < length) {
|
||
|
ofs = pos++ << 8;
|
||
|
i = 0;
|
||
|
c = '0';
|
||
|
while (c <= '9')
|
||
|
charset[ofs + i++] = c++;
|
||
|
charset[ofs + i] = 0;
|
||
|
}
|
||
|
|
||
|
last = length - 1;
|
||
|
pos = -1;
|
||
|
while (++pos <= last)
|
||
|
word[pos] = charset[id[pos] = pos << 8];
|
||
|
lastid = (lastofs = last << 8) - 1;
|
||
|
word[pos] = 0;
|
||
|
}
|
||
|
|
||
|
void generate()
|
||
|
{
|
||
|
int pos;
|
||
|
|
||
|
/* Handle the typical case specially */
|
||
|
if (word[last] = charset[++lastid]) return;
|
||
|
|
||
|
word[pos = last] = charset[lastid = lastofs];
|
||
|
while (pos--) { // Have a preceding position?
|
||
|
if (word[pos] = charset[++id[pos]]) return;
|
||
|
word[pos] = charset[id[pos] = pos << 8];
|
||
|
}
|
||
|
|
||
|
word = 0; // We're done
|
||
|
}
|
||
|
|
||
|
void restore()
|
||
|
{
|
||
|
int i, c;
|
||
|
|
||
|
/* Calculate the current length and infer the character indices */
|
||
|
last = 0;
|
||
|
while (c = word[last]) {
|
||
|
i = lastofs = last << 8;
|
||
|
while (charset[i] != c && charset[i]) i++;
|
||
|
if (!charset[i]) i = lastofs; // Not found
|
||
|
id[last++] = i;
|
||
|
}
|
||
|
lastid = id[--last];
|
||
|
}
|
||
|
|
||
|
# A variation of KnownForce configured to try likely date and time strings.
|
||
|
[List.External:DateTime]
|
||
|
int last; // Last character position, zero-based
|
||
|
int lastofs; // Last character position offset into charset[]
|
||
|
int lastid; // Current character index in the last position
|
||
|
int id[0x7f]; // Current character indices for other positions
|
||
|
int charset[0x7f00]; // Character sets, 0x100 elements for each position
|
||
|
|
||
|
void init()
|
||
|
{
|
||
|
int length;
|
||
|
int pos, ofs, i, c;
|
||
|
|
||
|
length = 8; // Must be one of: 4, 5, 7, 8
|
||
|
|
||
|
/* This defines the character sets for different character positions */
|
||
|
pos = 0;
|
||
|
while (pos < length - 6) {
|
||
|
ofs = pos++ << 8;
|
||
|
i = 0;
|
||
|
c = '0';
|
||
|
while (c <= '9')
|
||
|
charset[ofs + i++] = c++;
|
||
|
charset[ofs + i] = 0;
|
||
|
}
|
||
|
if (pos) {
|
||
|
ofs = pos++ << 8;
|
||
|
charset[ofs] = '/';
|
||
|
charset[ofs + 1] = '.';
|
||
|
charset[ofs + 2] = ':';
|
||
|
charset[ofs + 3] = 0;
|
||
|
}
|
||
|
while (pos < length - 3) {
|
||
|
ofs = pos++ << 8;
|
||
|
i = 0;
|
||
|
c = '0';
|
||
|
while (c <= '9')
|
||
|
charset[ofs + i++] = c++;
|
||
|
charset[ofs + i] = 0;
|
||
|
}
|
||
|
ofs = pos++ << 8;
|
||
|
charset[ofs] = '/';
|
||
|
charset[ofs + 1] = '.';
|
||
|
charset[ofs + 2] = ':';
|
||
|
charset[ofs + 3] = 0;
|
||
|
while (pos < length) {
|
||
|
ofs = pos++ << 8;
|
||
|
i = 0;
|
||
|
c = '0';
|
||
|
while (c <= '9')
|
||
|
charset[ofs + i++] = c++;
|
||
|
charset[ofs + i] = 0;
|
||
|
}
|
||
|
|
||
|
last = length - 1;
|
||
|
pos = -1;
|
||
|
while (++pos <= last)
|
||
|
word[pos] = charset[id[pos] = pos << 8];
|
||
|
lastid = (lastofs = last << 8) - 1;
|
||
|
word[pos] = 0;
|
||
|
}
|
||
|
|
||
|
void generate()
|
||
|
{
|
||
|
int pos;
|
||
|
|
||
|
/* Handle the typical case specially */
|
||
|
if (word[last] = charset[++lastid]) return;
|
||
|
|
||
|
word[pos = last] = charset[lastid = lastofs];
|
||
|
while (pos--) { // Have a preceding position?
|
||
|
if (word[pos] = charset[++id[pos]]) return;
|
||
|
word[pos] = charset[id[pos] = pos << 8];
|
||
|
}
|
||
|
|
||
|
word = 0; // We're done
|
||
|
}
|
||
|
|
||
|
void restore()
|
||
|
{
|
||
|
int i, c;
|
||
|
|
||
|
/* Calculate the current length and infer the character indices */
|
||
|
last = 0;
|
||
|
while (c = word[last]) {
|
||
|
i = lastofs = last << 8;
|
||
|
while (charset[i] != c && charset[i]) i++;
|
||
|
if (!charset[i]) i = lastofs; // Not found
|
||
|
id[last++] = i;
|
||
|
}
|
||
|
lastid = id[--last];
|
||
|
}
|
||
|
|
||
|
# Try strings of repeated characters.
|
||
|
[List.External:Repeats]
|
||
|
int minlength, maxlength, minc, maxc, length, c;
|
||
|
|
||
|
void init()
|
||
|
{
|
||
|
minlength = 1;
|
||
|
maxlength = 72;
|
||
|
minc = 0x20;
|
||
|
maxc = 0xff;
|
||
|
|
||
|
length = minlength; c = minc;
|
||
|
}
|
||
|
|
||
|
void generate()
|
||
|
{
|
||
|
int i;
|
||
|
|
||
|
i = 0;
|
||
|
while (i < length)
|
||
|
word[i++] = c;
|
||
|
word[i] = 0;
|
||
|
|
||
|
if (c++ < maxc)
|
||
|
return;
|
||
|
|
||
|
c = minc;
|
||
|
if (++length > maxlength)
|
||
|
c = 0; // Will NUL out the next "word" and thus terminate
|
||
|
}
|
||
|
|
||
|
# Generate candidate passwords from many small subsets of characters from a
|
||
|
# much larger full character set. This will test for passwords containing too
|
||
|
# few different characters. As currently implemented, this code will produce
|
||
|
# some duplicates, although their number is relatively small when the maximum
|
||
|
# number of different characters (the maxdiff setting) is significantly lower
|
||
|
# than the maximum length (the maxlength setting). Nevertheless, you may want
|
||
|
# to pass the resulting candidate passwords through "unique" if you intend to
|
||
|
# test them against hashes that are salted and/or of a slow to compute type.
|
||
|
[List.External:Subsets]
|
||
|
int minlength; // Minimum password length to try
|
||
|
int maxlength; // Maximum password length to try
|
||
|
int startdiff; // Initial number of characters in a subset to try
|
||
|
int maxdiff; // Maximum number of characters in a subset to try
|
||
|
int last; // Last character position, zero-based
|
||
|
int lastid; // Character index in the last position
|
||
|
int id[0x7f]; // Current character indices for other positions
|
||
|
int subset[0x100], c0; // Current subset
|
||
|
int subcount; // Number of characters in the current subset
|
||
|
int subid[0x100]; // Indices into charset[] of characters in subset[]
|
||
|
int charset[0x100]; // Full character set
|
||
|
int charcount; // Number of characters in the full charset
|
||
|
|
||
|
void init()
|
||
|
{
|
||
|
int i, c;
|
||
|
|
||
|
minlength = 1; // Minimum password length to try, must be at least 1
|
||
|
maxlength = 8; // Must be at least same as minlength
|
||
|
|
||
|
startdiff = 1; // Initial number of different characters to try
|
||
|
maxdiff = 3; // Maximum number of different characters to try
|
||
|
|
||
|
/* This defines the character set */
|
||
|
i = 0;
|
||
|
c = 0x20;
|
||
|
while (c <= 0x7e)
|
||
|
charset[i++] = c++;
|
||
|
|
||
|
if (maxdiff > (charcount = i))
|
||
|
maxdiff = i;
|
||
|
if (maxdiff > maxlength)
|
||
|
maxdiff = maxlength;
|
||
|
|
||
|
/*
|
||
|
* Initialize the variables such that generate() gets to its "next subset"
|
||
|
* code, which will initialize everything for real.
|
||
|
*/
|
||
|
subcount = (i = startdiff) - 1;
|
||
|
while (i--)
|
||
|
subid[i] = charcount;
|
||
|
subset[0] = c0 = 0;
|
||
|
last = maxlength - 1;
|
||
|
lastid = -1;
|
||
|
}
|
||
|
|
||
|
void generate()
|
||
|
{
|
||
|
int i;
|
||
|
|
||
|
/* Handle the typical case specially */
|
||
|
if (word[last] = subset[++lastid]) return;
|
||
|
|
||
|
lastid = 0;
|
||
|
word[i = last] = c0;
|
||
|
while (i--) { // Have a preceding position?
|
||
|
if (word[i] = subset[++id[i]]) return;
|
||
|
id[i] = 0;
|
||
|
word[i] = c0;
|
||
|
}
|
||
|
|
||
|
if (++last < maxlength) { // Next length?
|
||
|
id[last] = lastid = 0;
|
||
|
word[last] = c0;
|
||
|
word[last + 1] = 0;
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
/* Next subset */
|
||
|
if (subcount) {
|
||
|
int j;
|
||
|
i = subcount - 1;
|
||
|
j = charcount;
|
||
|
while (++subid[i] >= j) {
|
||
|
if (i--) {
|
||
|
j--;
|
||
|
continue;
|
||
|
}
|
||
|
subid[i = 0] = 0;
|
||
|
subset[++subcount] = 0;
|
||
|
break;
|
||
|
}
|
||
|
} else {
|
||
|
subid[i = 0] = 0;
|
||
|
subset[++subcount] = 0;
|
||
|
}
|
||
|
subset[i] = charset[subid[i]];
|
||
|
while (++i < subcount)
|
||
|
subset[i] = charset[subid[i] = subid[i - 1] + 1];
|
||
|
|
||
|
if (subcount > maxdiff) {
|
||
|
word = 0; // Done
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* We won't be able to fully use the subset if the length is smaller than the
|
||
|
* character count. We assume that we've tried all smaller subsets before, so
|
||
|
* we don't bother with such short lengths.
|
||
|
*/
|
||
|
if (minlength < subcount)
|
||
|
last = subcount - 1;
|
||
|
else
|
||
|
last = minlength - 1;
|
||
|
c0 = subset[0];
|
||
|
i = 0;
|
||
|
while (i <= last) {
|
||
|
id[i] = 0;
|
||
|
word[i++] = c0;
|
||
|
}
|
||
|
lastid = 0;
|
||
|
word[i] = 0;
|
||
|
}
|
||
|
|
||
|
# Simple password policy matching: require at least one digit.
|
||
|
[List.External:AtLeast1-Simple]
|
||
|
void filter()
|
||
|
{
|
||
|
int i, c;
|
||
|
|
||
|
i = 0;
|
||
|
while (c = word[i++])
|
||
|
if (c >= '0' && c <= '9')
|
||
|
return; // Found at least one suitable character, good
|
||
|
|
||
|
word = 0; // No suitable characters found, skip this "word"
|
||
|
}
|
||
|
|
||
|
# The same password policy implemented in a more efficient and more generic
|
||
|
# fashion (easy to expand to include other "sufficient" characters as well).
|
||
|
[List.External:AtLeast1-Generic]
|
||
|
int mask[0x100];
|
||
|
|
||
|
void init()
|
||
|
{
|
||
|
int c;
|
||
|
|
||
|
mask[0] = 0; // Terminate the loop in filter() on NUL
|
||
|
c = 1;
|
||
|
while (c < 0x100)
|
||
|
mask[c++] = 1; // Continue looping in filter() on most chars
|
||
|
|
||
|
c = '0';
|
||
|
while (c <= '9')
|
||
|
mask[c++] = 0; // Terminate the loop in filter() on digits
|
||
|
}
|
||
|
|
||
|
void filter()
|
||
|
{
|
||
|
int i;
|
||
|
|
||
|
i = -1;
|
||
|
while (mask[word[++i]])
|
||
|
continue;
|
||
|
if (word[i])
|
||
|
return; // Found at least one suitable character, good
|
||
|
|
||
|
word = 0; // No suitable characters found, skip this "word"
|
||
|
}
|
||
|
|
||
|
# An efficient and fairly generic password policy matcher. The policy to match
|
||
|
# is specified in the check at the end of filter() and in mask[]. For example,
|
||
|
# lowercase and uppercase letters may be treated the same by initializing the
|
||
|
# corresponding mask[] elements to the same value, then adjusting the value to
|
||
|
# check "seen" for accordingly.
|
||
|
[List.External:Policy]
|
||
|
int mask[0x100];
|
||
|
|
||
|
void init()
|
||
|
{
|
||
|
int c;
|
||
|
|
||
|
mask[0] = 0x100;
|
||
|
c = 1;
|
||
|
while (c < 0x100)
|
||
|
mask[c++] = 0x200;
|
||
|
|
||
|
c = 'a';
|
||
|
while (c <= 'z')
|
||
|
mask[c++] = 1;
|
||
|
c = 'A';
|
||
|
while (c <= 'Z')
|
||
|
mask[c++] = 2;
|
||
|
c = '0';
|
||
|
while (c <= '9')
|
||
|
mask[c++] = 4;
|
||
|
}
|
||
|
|
||
|
void filter()
|
||
|
{
|
||
|
int i, seen;
|
||
|
|
||
|
/*
|
||
|
* This loop ends when we see NUL (sets 0x100) or a disallowed character
|
||
|
* (sets 0x200).
|
||
|
*/
|
||
|
i = -1; seen = 0;
|
||
|
while ((seen |= mask[word[++i]]) < 0x100)
|
||
|
continue;
|
||
|
|
||
|
/*
|
||
|
* We should have seen at least one character of each type (which "add up"
|
||
|
* to 7) and then a NUL (adds 0x100), but not any other characters (would
|
||
|
* add 0x200). The length must be 8.
|
||
|
*/
|
||
|
if (seen != 0x107 || i != 8)
|
||
|
word = 0; // Does not conform to policy
|
||
|
}
|
||
|
|
||
|
# Append the Luhn algorithm digit to arbitrary all-digit strings. Optimized
|
||
|
# for speed, not for size nor simplicity. The primary optimization trick is to
|
||
|
# compute the length and four sums in parallel (in two SIMD'ish variables).
|
||
|
# Then whether the length is even or odd determines which two of the four sums
|
||
|
# are actually used. Checks for non-digits and for NUL are packed into the
|
||
|
# SIMD'ish bitmasks as well.
|
||
|
[List.External:AppendLuhn]
|
||
|
int map1[0x100], map2[0x1fff];
|
||
|
|
||
|
void init()
|
||
|
{
|
||
|
int i;
|
||
|
|
||
|
map1[0] = ~0x7fffffff;
|
||
|
i = 1;
|
||
|
while (i < 0x100)
|
||
|
map1[i++] = ~0x7effffff;
|
||
|
i = -1;
|
||
|
while (++i < 10)
|
||
|
map1['0' + i] = i + ((i * 2 % 10 + i / 5) << 12);
|
||
|
i = -1;
|
||
|
while (++i < 0x1fff) {
|
||
|
if (i % 10)
|
||
|
map2[i] = '9' + 1 - i % 10;
|
||
|
else
|
||
|
map2[i] = '0';
|
||
|
}
|
||
|
}
|
||
|
|
||
|
void filter()
|
||
|
{
|
||
|
int i, o, e;
|
||
|
|
||
|
i = o = e = 0;
|
||
|
while ((o += map1[word[i++]]) >= 0) {
|
||
|
if ((e += map1[word[i++]]) >= 0)
|
||
|
continue;
|
||
|
if (e & 0x01000000)
|
||
|
return; // Not all-digit, leave unmodified
|
||
|
word[i--] = 0;
|
||
|
word[i] = map2[(e & 0xfff) + (o >> 12)];
|
||
|
return;
|
||
|
}
|
||
|
if (o & 0x01000000)
|
||
|
return; // Not all-digit, leave unmodified
|
||
|
word[i--] = 0;
|
||
|
word[i] = map2[(o & 0xfff) + (e >> 12)];
|
||
|
}
|
||
|
|
||
|
# Trivial Rot13 Example
|
||
|
# Words which don't contain any letters (and thus wouldn't be changed
|
||
|
# by Rot13) are skipped, because these unchanged words probably should
|
||
|
# have been tried before trying a mangled version.
|
||
|
[List.External:Filter_Rot13]
|
||
|
void filter()
|
||
|
{
|
||
|
int i, j, c;
|
||
|
|
||
|
j = 0;
|
||
|
i = 0; // Convert to uppercase
|
||
|
|
||
|
while (c = word[i]) {
|
||
|
if ((c >= 'a' && c <= 'm') || c >= 'A' && c <= 'M' ) {
|
||
|
word[i] = c + 13;
|
||
|
j++;
|
||
|
} else if ((c >= 'n' && c <= 'z') || c >= 'N' && c <= 'Z' ) {
|
||
|
word[i] = c - 13;
|
||
|
j++;
|
||
|
}
|
||
|
i++;
|
||
|
}
|
||
|
if (j == 0)
|
||
|
word = 0;
|
||
|
}
|
||
|
|
||
|
# Trivial parallel processing example
|
||
|
[List.External_base:Parallel]
|
||
|
/*
|
||
|
* This word filter makes John process some of the words only, for running
|
||
|
* multiple instances on different CPUs. It can be used with any cracking
|
||
|
* mode except for "single crack". Note: this is not a good solution, but
|
||
|
* is just an example of what can be done with word filters.
|
||
|
*/
|
||
|
|
||
|
int node, total; // This node's number, and node count
|
||
|
int number; // Current word number
|
||
|
|
||
|
void filter()
|
||
|
{
|
||
|
if (number++ % total) // Word for a different node?
|
||
|
word = 0; // Yes, skip it
|
||
|
}
|
||
|
|
||
|
[List.External:Parallel1_2]
|
||
|
.include [List.External_base:Parallel]
|
||
|
void init()
|
||
|
{
|
||
|
node = 1; total = 2; // Node 1 of 2
|
||
|
number = node - 1; // Speedup the filter a bit
|
||
|
}
|
||
|
[List.External:Parallel2_2]
|
||
|
.include [List.External_base:Parallel]
|
||
|
void init()
|
||
|
{
|
||
|
node = 2; total = 2; // Node 2 of 2
|
||
|
number = node - 1; // Speedup the filter a bit
|
||
|
}
|
||
|
|
||
|
# Interrupt the cracking session after "max" words tried
|
||
|
[List.External:AutoAbort]
|
||
|
int max; // Maximum number of words to try
|
||
|
int number; // Current word number
|
||
|
|
||
|
void init()
|
||
|
{
|
||
|
max = 1000;
|
||
|
number = 0;
|
||
|
}
|
||
|
|
||
|
void filter()
|
||
|
{
|
||
|
if (++number > max)
|
||
|
abort = 1; // Interrupt the cracking session
|
||
|
}
|
||
|
|
||
|
# Print the status line after every "interval" words tried
|
||
|
[List.External:AutoStatus]
|
||
|
int interval; // How often to print the status
|
||
|
int number; // Current word number
|
||
|
|
||
|
void init()
|
||
|
{
|
||
|
interval = 1000;
|
||
|
number = 0;
|
||
|
}
|
||
|
|
||
|
void filter()
|
||
|
{
|
||
|
if (number++ % interval)
|
||
|
return;
|
||
|
status = 1; // Print the status line
|
||
|
}
|
||
|
|
||
|
# dumb-force UTF-16, in an external file
|
||
|
.include "$JOHN/dumb16.conf"
|
||
|
|
||
|
# dumb-force UTF-32, in an external file
|
||
|
.include "$JOHN/dumb32.conf"
|
||
|
|
||
|
# Dynamic ($dynamic_n$) scripting code, in an external file
|
||
|
# also shows/tests that .include <file> works the same as .include "$JOHN/file"
|
||
|
.include <dynamic.conf>
|
||
|
|
||
|
# include john.local.conf (defaults to being empty, but never overwritten)
|
||
|
.include "$JOHN/john.local.conf"
|