Apr 082010
 April 8, 2010  Posted by at 11:32 am security Tagged with: , , , , , , , , ,  2 Responses »

I wanted a larger wordlist than the default /usr/share/john/password.lst, with only 3115 words. Openwall sells a really great wordlist, but if you don’t need anything that fancy you can follow these instructions. The apt-get bit is debian specific. I will install dictionaries and then concatenate them all into one file, remove duplicates, lower case and configure john to use the new list.

apt-get install john wamerican-huge wamerican-insane wamerican-large wamerican-small wamerican aspell
aspell dump master > custom-wordlist
cat /usr/share/john/password.lst >> custom-wordlist
cat /usr/share/dict/american-english* >> custom-wordlist

You can concatenate more wordlists into the custom-wordlist file as you find them. Debian has lots more dictionary type packages. For instance, apt-cache search wordlists. Use dpkg -L [installed-package-name] to find where the actual word list file is installed.
Lets count how many lines (words) are in our wordlist so far:

wc -l custom-wordlist

I got 1484152, There must be tons of duplicates. Lets get rid of them. We can also lowercase everything, since john toggles case automatically for us.

tr A-Z a-z < custom-wordlist.txt > custom-wordlist_lowercase

Now we remove the duplicates

sort -u custom-wordlist_lowercase > custom-wordlist_lowercase_nodups

How many lines do we have now?

wc -l custom-wordlist_lowercase_nodups

Now we can set john up to use our custom wordlist file.

Edit the file /etc/john/john.conf
Wordlist = [path to custom-wordlist_lowercase_nodups]

Now we are ready to crack some passwords! First, combine the passwd and shadow files. This will allow john to use the GECOS information from the passwd file. GECOS is the user information fields such as first, last and phone. These fields will be used by john to make a more educated guess as to what that users password might be.

unshadow passwd shadow > unshadow.txt

run john against the resulting unshadow.txt file

john unshadow.txt
Loaded 15 password hashes with 15 different salts (FreeBSD MD5 [32/64 X2])