I wanted a larger wordlist than the default /usr/share/john/password.lst, with only 3115 words. Openwall sells a really great wordlist, but if you don’t need anything that fancy you can follow these instructions. The apt-get bit is debian specific. I will install dictionaries and then concatenate them all into one file, remove duplicates, lower case and configure john to use the new list.
apt-get install john wamerican-huge wamerican-insane wamerican-large wamerican-small wamerican aspell aspell dump master > custom-wordlist cat /usr/share/john/password.lst >> custom-wordlist cat /usr/share/dict/american-english* >> custom-wordlist
You can concatenate more wordlists into the custom-wordlist file as you find them. Debian has lots more dictionary type packages. For instance, apt-cache search wordlists. Use dpkg -L [installed-package-name] to find where the actual word list file is installed.
Lets count how many lines (words) are in our wordlist so far:
wc -l custom-wordlist
I got 1484152, There must be tons of duplicates. Lets get rid of them. We can also lowercase everything, since john toggles case automatically for us.
tr A-Z a-z < custom-wordlist.txt > custom-wordlist_lowercase
Now we remove the duplicates
sort -u custom-wordlist_lowercase > custom-wordlist_lowercase_nodups
How many lines do we have now?
wc -l custom-wordlist_lowercase_nodups 613517
Now we can set john up to use our custom wordlist file.
Edit the file /etc/john/john.conf Wordlist = [path to custom-wordlist_lowercase_nodups]
Now we are ready to crack some passwords! First, combine the passwd and shadow files. This will allow john to use the GECOS information from the passwd file. GECOS is the user information fields such as first, last and phone. These fields will be used by john to make a more educated guess as to what that users password might be.
unshadow passwd shadow > unshadow.txt
run john against the resulting unshadow.txt file
john unshadow.txt Loaded 15 password hashes with 15 different salts (FreeBSD MD5 [32/64 X2])