John the Ripper Custom Rule

Asked Jan 19 '11 at 16:08

Active Jan 19 '11 at 16:59

Viewed 1,489 times

I am using John the Ripper to crack a copy of the passwd file at my work. I want to alert users that have weak passwords. I happen to know that many accounts have the default password which is different for every user but matches a specific pattern.

Let's say this is the default password format:

'[2nd and 3rd characters in username]cc\d\d\l\l'

where c is a constant (the same in every password), \d is a single digit (0-9) and \l is a single lowercase letter.

How would I write a custom rule in john.conf that would check all hashes for all combinations that fit this format before trying anything else? I've tried to figure it out myself but I can't find any good documentation.

edited Jan 19 '11 at 16:59

user229044

232,980
40
330
338

asked Jan 19 '11 at 16:08

jamesbtate

1,359
3
19
25

3

I don't understand the spam flags :| – user229044 Jan 19 '11 at 16:59
1

Or the offensive ones flags! I think you'd have better luck on Serverfault. – derobert Jan 19 '11 at 17:07
1

if it belonged somewhere else a vote-migrate would have been more appropriate... – jamesbtate Jan 19 '11 at 17:59

John the Ripper Custom Rule

0 Answers0