Better Password Cracking with John the Ripper

May 1, 2009, 3:59 pm
Filed under: DefCon, John the Ripper, Password Cracking

Originally posted to http://infosecsurvivalguide.blogspot.com:

There are a lot of people doing research on cracking passwords. Obviously passwords are still one of the weakest links in the chain. This year at DefCon I heard a talk given by Matt Weir about password cracking and some of the latest and greatest techniques that are being used to improve this process.

One of the things that Matt helped me appreciate (and something that I had never looked into before) was that John the Ripper has the ability to use a rules file. The rules file allow you to specify things such as the following:

• Minimum password length
• Maximum password length
• Whether or not a special characters have to be used
• Which special characters can be used
• Alpha numeric required (Y/N)
• Is mixed cased being enforced

At first glance this may all seem rather trivial, but think about it. If you knew a company enforced a password policy of a mix of upper and lower case characters, it had to be alpha numeric, have a special character, and also had to be such and such a length… You could begin to focus your password cracking attack and thus increase your efficiency.

How do you go about editing this rule file? The default rules file is called john.conf. You can open this file up and edit it with any text editor. The problem with doing this is that the file is somewhat long, and some of the settings aren’t easily understood. Now, back to Matt’s talk.

Matt announced that he wrote a program to help create rule files. The program is call John the Ripper Config File Generator and it is available for free. jtrMakeConfig is really small and very easy to use. If you’d like to try it for yourself, just follow these steps:

1. Download the John the Ripper Config File Generator from resuseablesec.googlepages.com
2. make
3. Run John the Ripper Config File Generator by typing ‘jtrMakeConfig’
4. Specify the appropriate configuration options
5. Save your settings
6. Copy your configuration file to the directory where John the Ripper is installed
7. Run John the Ripper and specify the wordlist and rules files. Here is an example of the syntax: ./john pwdumpfile –wordlist=wordlistfile –rules rulesfile

That’s it. Let the password cracking begin.

Of course, another thing you need to consider is the quality of the wordlist/dictionary file you use. You can create your own dictionary or use any of a number of other free dictionaries available on the Internet. One of the dictionaries that Matt mentioned, dic-0294, is available here:

http://www.linux-pour-lesnuls.com/traduc/Dictionnaires/dic-0294

You can also download some more wordlist from Openwall, here:

http://www.openwall.com/wordlists/

I didn’t come up with any of this myself. This is all hard work and research of Matt and the others from Florida State University. Here is a link to Matt’s presentation from DefCon:

https://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-weir.pdf

Here is a link to Matt’s Web Site where you can download the John the Ripper Config File Generator:

http://reusablesec.googlepages.com/