Discussion:
[john-users] how to use John to create more complex passwords
Liyan Cao
2016-08-18 01:22:41 UTC
Permalink
Hi,
I'd like to run John with a password list file to create another file with the passwords at least 8 alphanumeric characters.
Can you give me a sample with the syntax?
For example :
Inside the password.lst, I have:
Security
I'd like the new password file to have the words generated from Security:
Security123
Secur1ty
SECURITY
How do I do that?

Thank you very much for your help on this !

Thanks,
Liyan
Patrick Proniewski
2016-08-18 06:22:07 UTC
Permalink
Hi,
Post by Liyan Cao
I'd like to run John with a password list file to create another file with the passwords at least 8 alphanumeric characters.
You'll probably need john Jumbo 1.8.x

Create a file with every word you want (mywords.txt) and use it with the --wordlist argument.
Use --min-length=8 to make sure candidates are at least 8 characters long.
Use --stdout to write candidates and put them into a file.
You can (should) add --rules to this command to create more candidates, like "wordlist" or "jumbo" for example.

Put it all together:

./john --min-length=8 --wordlist=/path/to/mywords.txt --rules=wordlist --stdout > yourfinalresult.txt

or

./john --min-length=8 --wordlist=/path/to/mywords.txt --rules=jumbo --stdout > yourfinalresult.txt

Only "problem" I can see: you might end with candidates that are 8 or more characters long, but that include less than 8 alphanum characters, because some rules might add symbols. So it does not strictly abide by your requirement to have "at least 8 alphanumeric characters".

Be careful with disk space, some rulesets can create millions of candidates with a single word. In my configuration, the ruleset "all" creates 7 millions candidates with the word "uppercut":

$ cat /tmp/uppercut
uppercut

$ ./john --wordlist=/tmp/uppercut --min-length=8 --rules=all --stdout >/dev/null
Press 'q' or Ctrl-C to abort, almost any other key for status
7019761p 0:00:00:03 100.00% (2016-08-18 08:18) 2075Kp/s uppercut999999


pat
Rich Rumble
2016-08-18 13:38:19 UTC
Permalink
Post by Liyan Cao
Hi,
I'd like to run John with a password list file to create another file with the passwords at least 8 alphanumeric characters.
Can you give me a sample with the syntax?
Security
Security123
Secur1ty
SECURITY
How do I do that?
the --stdout feature should work:
john -w=password.lst -rules=single -stdout
The output from that command could be very large depending on how many
lines you have in your password.lst file so if your redirecting that
output to a file ( >output.txt) it could get quite large.
You can write your own rules (see RULES in the DOC folder) as well and
then specify them instead of the built in rules like "single", "nt",
"wordlist" etc..

If you have a password "policy" you want john to use, you can use the
external filter or create your own external filter

john -external=policy -w=password.lst -rules=single -stdout

That default policy above is 1 upper, 1 lower and 1 digit, 8 or more
in length. If you want specials to be included, the external filter in
john.conf will have to be changed to include that.

You can also use the mask mode to append to your wordlist
john -stdout -w=password.lst -mask=?w?s?d?d -min-length=5

See MASK doc's for more examples. You can even apply the external
filters to that command too :)
This too will create a lot of data...
-rich
Liyan Cao
2016-08-18 14:04:14 UTC
Permalink
Hi, Rich,
Thank you!
I got below error. I'm using "John the Ripper 1.8.0 (sources, tar.xz, 4.3 MB)". Any suggestions?

$ ./john -w=mypasswd.lst -rules=single -stdout
Extra parameter for option: "-rules=single"


Thanks,
Liyan


-----Original Message-----
From: Rich Rumble [mailto:***@gmail.com]
Sent: Thursday, August 18, 2016 9:38 AM
To: john-***@lists.openwall.com
Subject: Re: [john-users] how to use John to create more complex passwords
Post by Liyan Cao
Hi,
I'd like to run John with a password list file to create another file with the passwords at least 8 alphanumeric characters.
Can you give me a sample with the syntax?
Security
Security123
Secur1ty
SECURITY
How do I do that?
the --stdout feature should work:
john -w=password.lst -rules=single -stdout The output from that command could be very large depending on how many lines you have in your password.lst file so if your redirecting that output to a file ( >output.txt) it could get quite large.
You can write your own rules (see RULES in the DOC folder) as well and then specify them instead of the built in rules like "single", "nt", "wordlist" etc..

If you have a password "policy" you want john to use, you can use the external filter or create your own external filter

john -external=policy -w=password.lst -rules=single -stdout

That default policy above is 1 upper, 1 lower and 1 digit, 8 or more in length. If you want specials to be included, the external filter in john.conf will have to be changed to include that.

You can also use the mask mode to append to your wordlist john -stdout -w=password.lst -mask=?w?s?d?d -min-length=5

See MASK doc's for more examples. You can even apply the external filters to that command too :) This too will create a lot of d
Rich Rumble
2016-08-18 14:59:50 UTC
Permalink
Post by Liyan Cao
Hi, Rich,
Thank you!
I got below error. I'm using "John the Ripper 1.8.0 (sources, tar.xz, 4.3 MB)". Any suggestions?
$ ./john -w=mypasswd.lst -rules=single -stdout
Extra parameter for option: "-rules=single"
You will want to download and compile the latest version of John, the
Jumbo version on Github
https://github.com/magnumripper/JohnTheRipper/
If you know hot to use git too: git clone
https://github.com/magnumripper/JohnTheRipper/
cd into the src directory and use ./configure && make clean && make

There are also some premade and user contributed versions you may want
to try that are more modern than 1.8.0, but none as updated as the GIT
repo.
http://openwall.info/wiki/john/custom-builds
-rich
Post by Liyan Cao
-----Original Message-----
Sent: Thursday, August 18, 2016 9:38 AM
Subject: Re: [john-users] how to use John to create more complex passwords
Post by Liyan Cao
Hi,
I'd like to run John with a password list file to create another file with the passwords at least 8 alphanumeric characters.
Can you give me a sample with the syntax?
Security
Security123
Secur1ty
SECURITY
How do I do that?
john -w=password.lst -rules=single -stdout The output from that command could be very large depending on how many lines you have in your password.lst file so if your redirecting that output to a file ( >output.txt) it could get quite large.
You can write your own rules (see RULES in the DOC folder) as well and then specify them instead of the built in rules like "single", "nt", "wordlist" etc..
If you have a password "policy" you want john to use, you can use the external filter or create your own external filter
john -external=policy -w=password.lst -rules=single -stdout
That default policy above is 1 upper, 1 lower and 1 digit, 8 or more in length. If you want specials to be included, the external filter in john.conf will have to be changed to include that.
You can also use the mask mode to append to your wordlist john -stdout -w=password.lst -mask=?w?s?d?d -min-length=5
See MASK doc's for more examples. You can even apply the external filters to that command too :) This too will create a lot of data...
-rich
Solar Designer
2016-08-18 15:21:47 UTC
Permalink
Post by Liyan Cao
I got below error. I'm using "John the Ripper 1.8.0 (sources, tar.xz, 4.3 MB)". Any suggestions?
$ ./john -w=mypasswd.lst -rules=single -stdout
Extra parameter for option: "-rules=single"
As Rich has pointed out, you need jumbo for the "-rules=single" option
syntax. Without jumbo, that option does not accept a parameter, but you
may nevertheless use it without a parameter, so simply use:

./john -w=mypasswd.lst -rules -stdout

and if you need to revise the rules, the section in john.conf is
"[List.Rules:Wordlist]".

However, you will also need jumbo for the "-min-length" option that was
suggested in another reply.

Alexander

Continue reading on narkive:
Loading...