We have all cracked some passwords with John before, but I just want to go over a methology I use to crack passwords. I am going to use the password dump for this demo just to show how it works.

The first thing you may want to do is make sure you are running John the jumbo pack. Once this has been installed you may want to install the linkedin plugin which can be found here. john patches

Applying the patch is pretty straight forward just patch -p1 < ../location of patch. Once this has been done you will need to do a clean build of John.

The first thing I like to do when getting a password dump or some hashes is to try and think who the user is, what Country they are in and where are they based in that Country. Then I think about sports teams in that area, famous dates and people in that area and also any special words they may say or spell in a different way; this all goes into a wordlist.

I tend to start just by running the wordlist to see how many hits I can get, once I have got all the hits from them I then run an English dictionary wordlist as well as any other Country wordlist then I will run the rockyou.txt password list. This is a really good list which can be download from here: skullsecurity

This should really start getting you a lot of hits but it may take a bit of time to finish.

The next thing to try is using rules with John the Ripper, this allows you to supply a wordlist and add to that wordlist. For example you may have a year rule that will go through the wordlist; adding a year to the end. The best rules are on the kore logic website Korelogic again these are pretty straight forward. To apply just download them
cat rules.txt >> john.conf This will appened the rules to the john.conf file.

On the website it also gives you a list of the rules and what they do so you have:

KoreLogicRulesAppendNumbers_and_Specials_Simple:
KoreLogicRulesPrependYears:
KoreLogicRulesAppend4Num:
KoreLogicRulesAppendJustNumbers:

So on……

In order to use the rule you just supply the rules options as the example below shows:

./john -w:Lastnames.dic –format:nt –rules:KoreLogicRulesAdd2010Everywhere pwdump.txt

Again this will take some time but should present you even more results.

If that fails to get all the passwords I then try another trick you need to download a file from korelogic website Korelogic Just scroll down to where it says John the Ripper and download the rockyou.chr this file was based on statistics from a large database dump recently so it is more up to date on how passwords are selected and user behaviour. As it stands John uses the all.chr but this is a pretty old file and based on passwords and user behaviour from around 2009.

With the rockyou.chr you don’t need to supply a wordlist so it’s just a case of

./john -i:rockyou.chr pwdump.txt

Glad you liked it most of the tiops I guess people know already know but maybe some newbi into pentesting might not know the best approach for this.

Thank you for posting this.