View Full Version : A new variation on the John the Ripper passthru to Aircrack-ng theme

2014-09-21, 10:27
Everyone has heard of a crunch-aircrack-ng passthru. The problem with crunch is that except for numeric strings most WPA passwords are based on an alteration of a real word. Here is a way to produce a constantly changing alteration of your basic password file using John the Ripper.

Go to:


Download their custom rule set by Mat Weir


The link above can be found halfway down the page

After the small download is complete you will have a john.conf file

In kali Go to:


Change the name of the existing john.conf file to john,conf.orig (ie john.conf original)

Now copy Mike Weirs john.conf file into the ect/john folder

To start the passthru enter the following. Alter your paths, ESSID and cap file to meet your situation. Notice the -w - (i.e dash w space dash).

john --wordlist=/root/wordlist --rules:modified_single --stdout | aircrack-ng -e "ESSID" -w - /root/Filename.cap

You can use the original john.conf file but the output will be smaller and the terminal command line is altered. Furthermore the original john.conf file must be in residence in the etc/John folder. The below command line uses the original john.conf file that comes with kali:

john --wordlist=/root/wordlist --rules --stdout | aircrack-ng -e "ESSID" -w - /root/Filename.cap

These crunch and john passthrus are not the tools of choice for cracking WPA in most cases for the following reasons. You cannot save your work in stages and most WPA attacks can go on for weeks if not months. Using the computer to generate words and then handing them to aircrack-ng slows the speed down as much as 50%. The tool of choice for actually cracking WPA is a dual vidocard 64 bit windows 7 or higher operating system with Elcomsoft Wireless Security Auditor Professional v5.0.252 or higher. However we have been in rural areas trying to get internet access and have successfully broken weak encryption using these crunch and john the ripper passthrus.

John the Ripper has a --restore session command but we have been unable to get it to function when running --rules to an aircrack-ng passthru.

We have taken 20 common password lists, removed all numeric only strings, joined the files then cleaned, sorted remove duplicates and kept only lengths 8 thru 63. This file is meant to be used with the John --rules | aircrack-ng passthru. We suggest you first run numeric only lengths 8 thru 10 with a crunch aircrack-ng passthru. Then turn to this John aircrack-ng passthru.

You can download this common password compilation at:



2014-09-22, 08:28
Here is how to start, stop save and restart a John the Ripper passthru to aircrack-ng. This solves the administrative problems of doing long aircrack-ng bruteforce attacks

Begin the crack by adding the following after john

john --session=allrules

The allrules is just the name you give to the file saved by john

john --session=allrules --wordlist=/root/wordlist.txt --rules:modified_single --stdout | aircrack-ng -e "ESSID" -w - /root/NAME.cap

When you want to stop hit Ctrl-C and wait

To restart enter

john --restore=allrules | aircrack-ng -e "ESSID" -w - /root/NAME.cap

The attack proceeds from the shutdown point.

2014-09-23, 14:40
http://www.axifile.com/en/EC1334B7B0 downloaded that file its empty? :? :)

2014-09-23, 19:27
Just Download from link, works fine for me. Opened With Leafpad

2015-09-02, 05:19
Hello mmusket33,
I just wanted to thank you for being so smart! And helpful!
Best regards -

2015-09-07, 17:57
I have some ideas on generate some wordlist in unique ways (especialy for a bruteforce method)
but i don't know how to implementing this idea into a real software.
first we know to input some parameter like an ALPHA/NUMERIC/SYMBOL.
and then input some tricky algorithm
like this.

before the wordlist are generated it will check prev character, if it's a same character then it will skip the current character.
do anyone want to create the code in JtR / Crunch ?