Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 18 Oct 2006 02:57:03 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: John, word list question

Brian,

On Mon, Oct 16, 2006 at 03:18:16PM -0400, Brian Cuttler wrote:
> how to...
> add my own words or create my own dictionary for inclusion in processing.

John uses text files for the wordlists, with one word per line.  You may
specify a wordlist on the command line:

	john -w=mywords.lst passwd

or with word mangling rules enabled:

	john -w=mywords.lst --rules passwd

However, both of the commands above will restrict John to the wordlist
mode only, which is probably undesirable.  So it may be better to invoke
John the way you have been doing:

> We actually run john pretty simply, 
> # run/john -session=session/session-file input-passwd-file

By not specifying a cracking mode (like you have not in the above
command), you let John use three cracking modes, in order: "single
crack", wordlist with word mangling rules, and "incremental".  For the
wordlist file, it picks whatever is specified with "Wordlist = ..." in
john.conf (for 1.7+ on Unix-like systems).

> Which I believe runs against the wordlist and uses the available rules.

As I've just explained, it does more than that.

> I had hoped to add a few site specific words/acronyms to the word list
> but didn't see how,

You just do.  For example, if you follow my advice and pick all.lst from
the Openwall wordlists collection or from JtR Pro, you can add words to
it with:

	cat all.lst words-to-add.lst | unique all-plus.lst

where all.lst is the original file (from your download),
words-to-add.lst is a text file with whatever you would like to add, and
"unique" is an utility that is a part of John the Ripper (actually, it
is a symlink to the JtR executable file since the code for this utility
has been merged into JtR).  This will produce all-plus.lst, which you
will need to specify in the "Wordlist = ..." setting in your john.conf.

If you're only adding a few site-specific words, you may want them tried
before those from all.lst.  Then you can combine the wordlists in the
other order:

	cat words-to-add.lst all.lst | unique all-plus.lst

> and was reluctant to simply add them to run/pwdlist.txt
> (or anyplace else) as I wasn't certain what all the fields where (what does
> the prefix number mean in the pwdlist.txt file ?).

As we've already figured out, pwdlist.txt is a part of your local setup.
There was never such a file distributed along with JtR.

BTW, if your pwdlist.txt does not include the contents of the
password.lst file supplied with John, then you might be missing many
weak passwords.  all.lst does include password.lst in it.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.