7

I am using John the Ripper to crack a copy of the passwd file at my work. I want to alert users that have weak passwords. I happen to know that many accounts have the default password which is different for every user but matches a specific pattern.

Let's say this is the default password format:

'[2nd and 3rd characters in username]cc\d\d\l\l'

where c is a constant (the same in every password), \d is a single digit (0-9) and \l is a single lowercase letter.

How would I write a custom rule in john.conf that would check all hashes for all combinations that fit this format before trying anything else? I've tried to figure it out myself but I can't find any good documentation.

user229044
  • 232,980
  • 40
  • 330
  • 338
jamesbtate
  • 1,359
  • 3
  • 19
  • 25

0 Answers0