Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 23 Jan 2024 22:30:00 +0100
From: Solar Designer <>
Subject: Re: Complex word candidates using password.lst

On Tue, Jan 23, 2024 at 03:50:49PM +0900, SHINODA, Daisuke wrote:
> If I write just the following words in password.lst,
> 0
> shin
> shino
> dai
> Can John The Ripper try like the following password automatically?
> shinSHINdai
> 0shinSHINdai
> 0shinSHINOdai0
> ...
> I have tried the following command
> $ john --format=ZIP-opencl --wordlist=password.lst --rules hash
> It has finished soon, printing "Session completed.". But no password has 
> been cracked.
> Are there any way to do like this complex password cracking?

Yes, you can use the PRINCE mode for this (functionality originating in
the hashcat project).

Instead of "--wordlist=", use "--prince=".  It will combine words, but
it will not alter the individual words - so you need to have uppercase
versions of "shin" and "shino" in your input wordlist file.

You can also use some other options on top of PRINCE.  This includes the
various "--prince-*" options modifying its behavior, and also "--rules"
and "--dupe-suppression".

Separately, I recommend that you leave our password.lst file as-is, and
put your custom words into a new file with a name not clashing with
those included in JtR.  One reason for this is so that you can use "git
pull" (followed by a rebuild) to update to newer revisions of JtR code.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.