Generate a list for password cracking

In this short tutorial I will show you how to generate your very own password list to feed into a password cracker. First make sure you have plenty of disk space. You will need terabytes to store all that you will be able to generate by using my example so be careful and watch the password file grow to make sure that it does not fill up your system. So for starters get a Unix system, preferbly Linux with some nice fast processor, and like I stated before plenty of disk space. Then install ‘[John The Ripper][1] often refered to as simply john when run from the command line.

Here is a example ubuntu system package search

user@server:~$ aptitude search john
i   john                                                      – active password cracking tool

I am sure you can use the power of john for good or evil, but pleas try to use it for good.  I have used it for noble reasons.  One company that I worked for wanted to make sure that the passwords of the accounts for the servers where secure so I was asked to run a password cracker on the user.  So I broke out john and watched how the majority of them where cracked in under a second.  it did take several times asking the users to make better passwords before it took a resonable amount of time to cracks them.  At the time I considered a couple of days good enough.

Recently I was unable to long into one of my systems.  I was authorized for the system so I simply asked a friend to reset my password.  Before the password was reset I had the freind copy my hash from the shadow file like so.

user@server:~$ grep user/etc/passwd > pass
user:x:1000:1000:user,,,:/home/user:/bin/bash

I used the resulting pass file to feed to john.  I did this with out a dictionary file.  The benifits to using a dictionary is that john does not need to use processign power to generate diffrent passwords.

bab@nixer:~$ john pass
Loaded 1 password (Standard DES [4864 4K])

I finally was told what my password was after 11 days.  It is very neat that you can press return while it is running to see what kind of guesses john is trying.  For background info the password that was used was only 8 charaters long with one capital and one number the rest where lower case. The reason that it took so long was that john had to generate each password and then try it against the has that I provided.  As you might of guessed these kind of attaches are only usefull when you have the password and the hash.

Below is the command to generate 95 printable ASCII characters of lengths 1 to 8.  I would suggest simiting the list to something smaller like replacin ALL with Alpha or Digit.  You can also edit the /etc/john/john.conf file to shorten or letehen the passwords generated and a few other options.

john -incremental=All –stdout > john_string_list

Here are the 26 printiable ASCII charaters

!”#$%&‘()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~

[1]: www.openwall.com/john/