Creating Passwordlists with John the Ripper
Whilst bringing hashcrack.com back up to work i had to create passwordlists for checking the scripts and the database. For those that don't know: John the Ripper does quite a good Job creating passwordlists out of the blue or mangling existing lists. The --stdout-parameters are somewhat tricky:
john --i --stdout
creates passwords up to the length configured in MaxLen (and MinLen) in john.conf.
john --i --stdout:2
creates password up to the length of 2 chars.
If it comes to working with existing password-lists according to the defined rules, you can use
john --stdout --wordlist=file.txt
to echo the plain wordlist.
To mangle the list according to john's rules, you might use
john --stdout --wordlist=file.txt --rules
With a plain john-config this increases your amount of passwords by a factor of approximately 7, mangling "password" to stuff like Password, Password1, 1password etc.
tom
Thursday, December 16, 2010
Subscribe to:
Posts (Atom)