Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 27 Mar 2009 12:52:16 -0500
From: Minga Minga <>
Subject: New john.conf rules (Part 1 of 9999)


I've been working on writing my own john.conf rules recently in an effort to
reverse engineer certain company's password policies. I have been able to
decipher many of the "tricks" that their users use, and write john.conf
rules specificially to abuse their idea of a 'safe' password.

I'm sure there are already john.conf rules that tackle some of these - but
having specific rules really helped me to crack as many passwords as
possible. Im also "new" at writing john.conf - so Im sure some of them
aren't done the "best' way and could be minimized. But I like having them in
a readable and easier to understand format.

The thing I really like about these rules - is that the dictionary file I
use can be "small" - contains 4-5 characters MAX - and it will cracked 8-10
character passwords easily.

Ill try to post more and more rules each week. Ill also try to explain each
entry below via comments. Please post your custom john.conf rules too!

# KoreLogic - prepends 2008 (and variations) to the beginning of each word.
# This cracks passwords such as 2008Sep! 2008Sep$ 2008Sep* 2008Sep. 2008Sept

# KoreLogic - Capitalize pure alphabetic words and PREPENDS 2000,2001 up to
# This is ONLY really useful if your dictionary is all lower case - and you
KNOW your users
# capitalize the first character of their passwords (That part stolen from
other lines in john.conf)
-c <*>2!?Aci[0][2]i[1][0]i[2][0]i[3][0123456789]

# KoreLogic- Capitalize first char of pure alphabetic words  - then Append
2001! 2001? .... 2008^ .. 2019?
# Useful for cracking: Oct012008! Oct032008! Oct052008! Oct152008!
-c <*>2!?Ac$2$0$[01]$[0123456789]$[!@...^&*\-=_+,./?]

# KoreLogic - Simply append a recent year - and a special char to the end -
NO capitals first
# Good for  oct2008! octb2008! octo2008!

# Many people prepend passwords with ABC, abc, abcd, etc. This prepends
those strings to your dictionary
# Good for  Abc123$$ Abc12309 abc12333 aBCd12345

Ok thats enough for now.. lots more later.


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ