On the 2nd Day of Christmas, Div0 gave to me ... Password Mutation Using JTR, and Custom Word List Generator (CeWL).
Previously, using CeWL, we generated a wordlist by crawling a website. However, this wordlist may not be very useful to brute force password as users normally append a few digits behind their password. E.g. "password" may be mutated by the user to "password01".
John The Ripper (JTR), can help to generate a new word list by including such mutation. To do that, new rules need to be created in the configuration file. By default, the location of the configuration file is /etc/john.conf. To add a new rule, simply append the rules to the configuration file.
To define a rule set that appends a digit to the words in each word, append the following rule to the configuration file:
[List.Rules:AppendDigit] $[0-9]To define a rule set that appends 2 digits to the words in each word, append the following rule to the configuration file:
[List.Rules:AppendDigits] $[0-9]$[0-9]To define a rule set that appends a pre-defined set of symbols to the words in each word, append the following rule to the configuration file:
[List.Rules:AppendSymbol] $[@#$%&*]To prepend instead of append, simply replace '$' with '^'.
Lastly, to generate the new wordlist with password mutation for JTR, run:
john --wordlist=[path to the wordlist] --stdout --rules:[rule set name] > [genenerated wordlist file path]E.g.:
john --wordlist=wordlist --stdout --rule:AppendDigits > newWordListLooking at the new word list, you will notice 2 extra digits have been appended to each word. This also increases the size of the word list.
Shared by Tan Jun Hao.