John the Ripper/Password Generation
From charlesreid1
The Basics of Password Generation with John
This page will walk through some basic password cracking with John the Ripper. We'll go from wanting to test certain passwords to being able to generate a stream of them with John the Ripper. This is important to be able to do, so that we don't need to devote gigabytes of disk space to word files. Intelligent use of patterns can save us a whole lot of headaches.
John and Stdout
Note that if you're using Kali 2.0, you'll need to install John jumbo 1.8 from source, instead of using the Kali 2.0 repository version of John, if you want to send John's password guesses to stdout (or pipe them to aircrack).
Rules vs Modes
Rules and modes are ways of telling John how to guess passwords. John can be simplistic, only testing passwords that are in the wordfile, or sophisticated, doing letter/number substitutions, etc.
This page is going to cover some basic rules and modes for guessing passwords in John. We'll figure out how to start with low-hanging fruit, in terms of password guesses, and implementing those in John the Ripper.
First: No Rules
First, let's look at how we run John and generate passwords from a wordfile, with no rules at all specified. This is a kind of "Hello World" for John the Ripper. We'll specify a 92-word list.
$ ./john -wordlist:/root/codes/john/rockyou10.lst -stdout | head -n10 words: 92 time: 0:00:00:00 DONE (Tue Aug 18 23:36:33 2015) w/s: 1314 current: junior 123456 12345 123456789 password iloveyou princess 1234567 12345678 abc123 nicole
So far so good. Now let's look at how the rules will modify each entry in the wordfile.
Rules
The John_the_Ripper/Rules page has a guide for installing the KoreLogic password generation rules from the Defcon 2010 Crack Me If You Can.
What is a rule?
A rule is a way for John to create variations (rule-based generation of variations) on a wordlist, turning a short wordlist into a much more powerful cracking tool.
Here's an example of a rule that appends years to passwords:
[List.Rules:KoreLogicRulesAppendYears] cAz"19[0-9][0-9]" Az"19[0-9][0-9]" cAz"20[01][0-9]" Az"20[01][0-9]"
The rule is named KoreLogicRulesAppendYears.
To use the rule, call john with the --rules=KoreLogicRulesAppendYears argument:
$ john -wordlist:/path/to/rockyou-10.txt -format:wpapsk -rules:KoreLogicRulesAppendYears crackme
If we call this with the stdout flag, we'll see what John is doing:
$ ./john -wordlist:/root/codes/john/rockyou10.lst -rules:KoreLogicRulesAppendYears -stdout | head -n10 1234561900 123451900 1234567891900 Password1900 Iloveyou1900 Princess1900 12345671900 123456781900 Abc1231900 Nicole1900
Defining Our Own Password Cracking Rules
Now we can add sections to the john.conf file we're using.
[List.Rules:CMRNumbers] Az"198[0-9]" cAz"198[0-9]"
and we can call it thusly:
$ ./john -wordlist:/root/codes/john/rockyou10.lst -rules:CMRNumbers -stdout | less
We can see from the output the way this syntax works.
Az"198[0-9]"
The Az portion means, any word in the wordfile A, all the way to the end of the word z, then append our expression "198[0-9]", which appends the years 1980-1989 to each word in the wordfile.
here's the output:
1234561980 123451980 1234567891980 password1980 iloveyou1980 princess1980 12345671980 123456781980 abc1231980 nicole1980 daniel1980 babygirl1980 monkey1980 lovely1980 jessica1980 6543211980 michael1980 ashley1980 qwerty1980 1111111980 iloveu1980 0000001980 [..] dragon1989 vanessa1989 cookie1989 naruto1989 summer1989 sweety1989 spongebob1989
 |
john the ripper password generator and all-around cracking tool.
Testing John: John the Ripper/Benchmarking Using John on Password generation using rules and modes: John the Ripper/Password Generation Installing some useful password rules: John the Ripper/Rules Using John to feed password guesses to Aircrack: Aircrack and John the Ripper John the Ripper on AWS: Ubuntu/Barebones to JtR Getting Passwords from John: John the Ripper/Password Recovery
|