John the Ripper/Scripting
From charlesreid1
How to go from a list of John the Ripper password files to a cracked password or two?
Contents
A Word on Simplicity
First, I was using Python. Not only was I using Python, I was using simple, operating system level Python. Why? Because in a real world situation, you won't have network access, or your numpy won't compile, or you'll be missing an x terminal, and your fancy analysis scripts will stay tucked away at home. Practical scripts require simplicity to be robust.
Can you run your tools immediately after you reinstall your operating system? Do you have packages that are absolutely essential archived somewhere? Somewhere close at hand?
The Script
Script Procedure
Depending on what kind of passwords you're trying to crack with John the Ripper, your procedure will look different. For example, on a wireless network you'll need to obtain handshake files and convert them to the right format for each username and password combination, but with Unix password files, you have one big list in a single file.
The complications of scripting WPA cracking with John the Ripper lies mainly in extracting the necessary information that leads up to the cracking. Listening to networks, finding clients, attacking access points, capturing handshakes, and converting them are all done prior to using John.
The input John expects is a John password file with WPA encryption. The process of going from an Aircrack capture file to a John password file is covered on the John_the_Ripper/WPA page.
Once we have the John password file, there isn't anything particularly unusual about the password file, except that WPA requires a minimum password length of 8.
Script Steps
What we want in the end is a chunk of script that will run John with various options, wordlists, rules, etc. We can use Python to iterate through the different combinations and create a bash script that we can use to run John.
This requires looping over each rule, over each password file, and over each wordlist, and using John to try each of those combinations. Our result will be a long script with lots of John commands that we can run in a screen, using the fire-n-forget method.
The input will be a list of John password files, which will contain the BSSID and ESSID information and the handshakes.
The Script
Here's what the Python script will look like:
import os
with open('johnpw_filelist','rb') as f:
z = f.readlines()
john_pw_files = list(z)
# for each john file,
# we want to go through a regiment of stuff to try
# strategy:
# large word list
# small numbers of variations at a time
wordlists = ['/root/codes/seclists/Passwords/rockyou-50.txt', #100k
'/root/codes/seclists/Passwords/english.txt', #300k
'/root/codes/seclists/Passwords/darkc0de.txt',#1M
'/root/codes/seclists/Passwords/rockyou.txt', #14M
'/root/codes/wordlists/seattle.txt']
rules=['CMR1',
'CMRYears',
'CMR2015',
'CMRNum',
'CMRSpec',
'CMRNumNum',
'CMRNumSpec',
'CMRNumNumNum']
scriptfile = 'crack.sh'
with open(scriptfile,'w') as sf:
sf.write('#!/bin/bash')
sf.write('\n')
for rule in rules:
RULES=rule
for wd in wordlists:
WORDLIST=wd
JOHN_BIN='/root/codes/_sources/john-1.7.9-jumbo-7/run/john'
temp = map(str.strip, john_pw_files)
john_pw_files = temp
cmd = [JOHN_BIN, '-wordlist:'+WORDLIST, '-rules:'+RULES] + john_pw_files
the_big_one = ' '.join(cmd)
sf.write("\n")
sf.write("# Wordlist: "+wd+"\n")
sf.write("# Rule: "+rule+"\n")
sf.write(the_big_one+"\n\n")
The Result
The resulting script, which is not particularly interesting since I only have one router handshake, looks like this:
#!/bin/bash # Wordlist: /root/codes/seclists/Passwords/rockyou-50.txt # Rule: CMR1 /path/to/john -wordlist:/path/to/rockyou-50.txt -rules:CMR1 /path/to/myrouterhandshake.johnpw
 |
john the ripper password generator and all-around cracking tool.
Testing John: John the Ripper/Benchmarking Using John on Password generation using rules and modes: John the Ripper/Password Generation Installing some useful password rules: John the Ripper/Rules Using John to feed password guesses to Aircrack: Aircrack and John the Ripper John the Ripper on AWS: Ubuntu/Barebones to JtR Getting Passwords from John: John the Ripper/Password Recovery
|