Penetration Testing mailing list archives
Re: John the ripper rules!
From: Anders Thulin <anders.thulin () sentor se>
Date: Wed, 03 Nov 2010 10:02:00 +0100
On 2010-11-01 12:41, Sherif El-Deeb wrote:
I went through john's documentation and realized there's support for what I want, I just want the "correct" way to do it
Don't know about the log file problem -- but I don't think the best way of doing what you want to do is by using john rules. The rules are for relatively minor modifications to a long list of password. You use the rules to generate entirely new passwords, and on a scale that causes johns log files to overflow. That in itself should be an indication that you're not doing things the right way. I think that the correct way to do what you are after is to generate the passwords separately, and then feed the generated file as wordlist to john (or pipe them in directly, if you want to avoid large files) When I attack this kind of situation I create small C programs that read one password from stdin, and then outputs all variations to stdout. I would probably use: a) a program that reads a password from stdin, appends three digits and outputs the result to stdout b) a program that appends the three letters c) a program that appends the special characters Then "% echo 'ahm' | add999 | addAAA | add# > wordlist1", and feed that list to john as usual. You can also pipe it directly into john if you like, using --stdin instead of --wordlist=file. This avoids large passwords files. Then, I'd probably create versions that added four digits, characters and two special characters and combine these in all reasonable ways. And so on for longer combinations. I think there may be generating programs where you just feed a pattern to them, and they produce the full list -- I have no experience with those, though, so I don't have anything to recommend, but perhaps others can. If you have a few dozen passwords cracked already, you could also try creating a new character file (.chr) from those passwords, and let that drive an incremental crack attack, of course limiting passwords lengths to whatever seemed reasonable, adding something like this to the conf file: [Incremental:ahm] File = $JOHN/ahm.chr MinLen = 7 MaxLen = 10 (or 11 or 12 ...) CharCount = 95 (or whatever seems reasonable...) That avoids creating huge files, but is still easy to stop and restart. It is often useful to run multiple processes with different settings of MinLen and maxLen. -- Anders Thulin anders.thulin () sentor se 070-757 36 10 / Intl. +46 70 757 36 10 ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- John the ripper rules! Sherif El-Deeb (Nov 01)
- Re: John the ripper rules! Anders Thulin (Nov 04)
- Re: John the ripper rules! Sherif El-Deeb (Nov 04)
- Re: John the ripper rules! Anders Thulin (Nov 04)