John the Ripper/Scripting
How to go from a list of John the Ripper password files to a cracked password or two?
A Word on Simplicity
First, I was using Python. Not only was I using Python, I was using simple, operating system level Python. Why? Because in a real world situation, you won't have network access, or your numpy won't compile, or you'll be missing an x terminal, and your fancy analysis scripts will stay tucked away at home. Practical scripts require simplicity to be robust.
Can you run your tools immediately after you reinstall your operating system? Do you have packages that are absolutely essential archived somewhere? Somewhere close at hand?
Depending on what kind of passwords you're trying to crack with John the Ripper, your procedure will look different. For example, on a wireless network you'll need to obtain handshake files and convert them to the right format for each username and password combination, but with Unix password files, you have one big list in a single file.
The complications of scripting WPA cracking with John the Ripper lies mainly in extracting the necessary information that leads up to the cracking. Listening to networks, finding clients, attacking access points, capturing handshakes, and converting them are all done prior to using John.
Once we have the John password file, there isn't anything particularly unusual about the password file, except that WPA requires a minimum password length of 8.
What we want in the end is a chunk of script that will run John with various options, wordlists, rules, etc. We can use Python to iterate through the different combinations and create a bash script that we can use to run John.
This requires looping over each rule, over each password file, and over each wordlist, and using John to try each of those combinations. Our result will be a long script with lots of John commands that we can run in a screen, using the fire-n-forget method.
The input will be a list of John password files, which will contain the BSSID and ESSID information and the handshakes.
Here's what the Python script will look like:
import os with open('johnpw_filelist','rb') as f: z = f.readlines() john_pw_files = list(z) # for each john file, # we want to go through a regiment of stuff to try # strategy: # large word list # small numbers of variations at a time wordlists = ['/root/codes/seclists/Passwords/rockyou-50.txt', #100k '/root/codes/seclists/Passwords/english.txt', #300k '/root/codes/seclists/Passwords/darkc0de.txt',#1M '/root/codes/seclists/Passwords/rockyou.txt', #14M '/root/codes/wordlists/seattle.txt'] rules=['CMR1', 'CMRYears', 'CMR2015', 'CMRNum', 'CMRSpec', 'CMRNumNum', 'CMRNumSpec', 'CMRNumNumNum'] scriptfile = 'crack.sh' with open(scriptfile,'w') as sf: sf.write('#!/bin/bash') sf.write('\n') for rule in rules: RULES=rule for wd in wordlists: WORDLIST=wd JOHN_BIN='/root/codes/_sources/john-1.7.9-jumbo-7/run/john' temp = map(str.strip, john_pw_files) john_pw_files = temp cmd = [JOHN_BIN, '-wordlist:'+WORDLIST, '-rules:'+RULES] + john_pw_files the_big_one = ' '.join(cmd) sf.write("\n") sf.write("# Wordlist: "+wd+"\n") sf.write("# Rule: "+rule+"\n") sf.write(the_big_one+"\n\n")
The resulting script, which is not particularly interesting since I only have one router handshake, looks like this:
#!/bin/bash # Wordlist: /root/codes/seclists/Passwords/rockyou-50.txt # Rule: CMR1 /path/to/john -wordlist:/path/to/rockyou-50.txt -rules:CMR1 /path/to/myrouterhandshake.johnpw
john the ripperpassword generator and all-around cracking tool.
Testing John: John the Ripper/Benchmarking
Using John on
Password generation using rules and modes: John the Ripper/Password Generation
Installing some useful password rules: John the Ripper/Rules
Using John to feed password guesses to Aircrack: Aircrack and John the Ripper
John the Ripper on AWS: Ubuntu/Barebones to JtR
Getting Passwords from John: John the Ripper/Password Recovery
Flags · Template:JohnFlag · e