John the ripper rules!Nov 01 2010 11:41AM Sherif El-Deeb (archeldeeb gmail com) (1 replies)
I need help with the john.conf file to specify my own rule for
password cracking.
I have a list with sha1 hashes belonging to the same set of machines,
the Admin is using a very predictable syntax for all his passwords
"all of them are macs, few of them have LM hashes along with the sha1,
those were where I got this prediction":
the password standard is as follows: ahm 999 abc ##
ahm : these are the initials of the admin's name "they are constant
and are always the first three letters"
999 : then three or more digits
abc : then three or more letters
## : then two or more special charachters.
spaces are added for clarification only and are not part of the password itself
The question:
I went through john's documentation and realized there's support for
what I want, I just want the "correct" way to do it
The "$" will APPEND [0-9] and [a-z]...etc. to the passwords in the
ahm.lst wordlist file, which in this case contains only one line
'ahm'.
I know that's not smart and that's not the proper way to do it, it
works to something like 5 characters only, after that the john.log
becomes more than 2 GB and stops spitting out "write: File too large".
Please help me with the proper rule format, or how to stop john from
writing the approved rules to john.log.
Note: I wrote a simple C program that does this and writes out the
wordlist to stdout, but I would really appreciate pointing me to the
way on how to do it in john, I've read the docs and got lost.
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
password cracking.
I have a list with sha1 hashes belonging to the same set of machines,
the Admin is using a very predictable syntax for all his passwords
"all of them are macs, few of them have LM hashes along with the sha1,
those were where I got this prediction":
the password standard is as follows: ahm 999 abc ##
Example#1: ahm 458 cba &*
Example#2: ahm 836 xyzt $$&
Example#3: ahm 7456 cgr !#
Example#4: ahm 4458 cba &*
ahm : these are the initials of the admin's name "they are constant
and are always the first three letters"
999 : then three or more digits
abc : then three or more letters
## : then two or more special charachters.
spaces are added for clarification only and are not part of the password itself
The question:
I went through john's documentation and realized there's support for
what I want, I just want the "correct" way to do it
./john --wordlist=ahm.lst --rules=TEST ~/HASHFILE
@john.conf
...
[List.Rules:TEST]
$[0-9]$[0-9]$[0-9]$[a-zA-Z]
$[0-9]$[0-9]$[0-9]$[a-zA-Z]$[a-zA-Z]
$[0-9]$[0-9]$[0-9]$[a-zA-Z]$[a-zA-Z]$[a-zA-Z]
$[0-9]$[0-9]$[0-9]$[a-zA-Z]$[a-zA-Z]$[a-zA-Z]$[`~!@#$%^&*()\-_=+]
...
The "$" will APPEND [0-9] and [a-z]...etc. to the passwords in the
ahm.lst wordlist file, which in this case contains only one line
'ahm'.
I know that's not smart and that's not the proper way to do it, it
works to something like 5 characters only, after that the john.log
becomes more than 2 GB and stops spitting out "write: File too large".
Please help me with the proper rule format, or how to stop john from
writing the approved rules to john.log.
Note: I wrote a simple C program that does this and writes out the
wordlist to stdout, but I would really appreciate pointing me to the
way on how to do it in john, I've read the docs and got lost.
Thanks in advance
Sherif Eldeeb.
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]