Results 1 to 6 of 6

Thread: A new variation on the John the Ripper passthru to Aircrack-ng theme

  1. #1
    Join Date
    2013-Jul
    Posts
    844

    A new variation on the John the Ripper passthru to Aircrack-ng theme

    Everyone has heard of a crunch-aircrack-ng passthru. The problem with crunch is that except for numeric strings most WPA passwords are based on an alteration of a real word. Here is a way to produce a constantly changing alteration of your basic password file using John the Ripper.

    Go to:

    http://www.lanmaster53.com/2011/02/c...hn-the-ripper/

    Download their custom rule set by Mat Weir

    http://sites.google.com/site/reusabl...edirects=0&d=1

    The link above can be found halfway down the page

    After the small download is complete you will have a john.conf file

    In kali Go to:

    etc/John/

    Change the name of the existing john.conf file to john,conf.orig (ie john.conf original)


    Now copy Mike Weirs john.conf file into the ect/john folder

    To start the passthru enter the following. Alter your paths, ESSID and cap file to meet your situation. Notice the -w - (i.e dash w space dash).

    john --wordlist=/root/wordlist --rules:modified_single --stdout | aircrack-ng -e "ESSID" -w - /root/Filename.cap


    You can use the original john.conf file but the output will be smaller and the terminal command line is altered. Furthermore the original john.conf file must be in residence in the etc/John folder. The below command line uses the original john.conf file that comes with kali:


    john --wordlist=/root/wordlist --rules --stdout | aircrack-ng -e "ESSID" -w - /root/Filename.cap


    These crunch and john passthrus are not the tools of choice for cracking WPA in most cases for the following reasons. You cannot save your work in stages and most WPA attacks can go on for weeks if not months. Using the computer to generate words and then handing them to aircrack-ng slows the speed down as much as 50%. The tool of choice for actually cracking WPA is a dual vidocard 64 bit windows 7 or higher operating system with Elcomsoft Wireless Security Auditor Professional v5.0.252 or higher. However we have been in rural areas trying to get internet access and have successfully broken weak encryption using these crunch and john the ripper passthrus.

    John the Ripper has a --restore session command but we have been unable to get it to function when running --rules to an aircrack-ng passthru.

    We have taken 20 common password lists, removed all numeric only strings, joined the files then cleaned, sorted remove duplicates and kept only lengths 8 thru 63. This file is meant to be used with the John --rules | aircrack-ng passthru. We suggest you first run numeric only lengths 8 thru 10 with a crunch aircrack-ng passthru. Then turn to this John aircrack-ng passthru.

    You can download this common password compilation at:

    http://www.axifile.com/en/EC1334B7B0


    MTeams

  2. #2
    Join Date
    2013-Jul
    Posts
    844
    Here is how to start, stop save and restart a John the Ripper passthru to aircrack-ng. This solves the administrative problems of doing long aircrack-ng bruteforce attacks

    Begin the crack by adding the following after john

    john --session=allrules

    The allrules is just the name you give to the file saved by john

    john --session=allrules --wordlist=/root/wordlist.txt --rules:modified_single --stdout | aircrack-ng -e "ESSID" -w - /root/NAME.cap

    When you want to stop hit Ctrl-C and wait

    To restart enter

    john --restore=allrules | aircrack-ng -e "ESSID" -w - /root/NAME.cap


    The attack proceeds from the shutdown point.
    Last edited by mmusket33; 2014-09-22 at 08:31.

  3. #3
    Join Date
    2013-Aug
    Posts
    19
    http://www.axifile.com/en/EC1334B7B0 downloaded that file its empty? :?

  4. #4
    Just Download from link, works fine for me. Opened With Leafpad

  5. #5
    Join Date
    2015-Aug
    Location
    The Pits
    Posts
    87

    Stuck on "Reading packets, please wait...

    Hello mmusket33,
    I just wanted to thank you for being so smart! And helpful!
    Best regards -
    JD
    Last edited by John_Doe; 2015-09-02 at 06:56. Reason: er... I had to retract my question after finding answer

  6. #6
    Join Date
    2015-Sep
    Location
    KBLBSUB Offset +1
    Posts
    1
    I have some ideas on generate some wordlist in unique ways (especialy for a bruteforce method)
    but i don't know how to implementing this idea into a real software.
    first we know to input some parameter like an ALPHA/NUMERIC/SYMBOL.
    and then input some tricky algorithm
    like this.

    before the wordlist are generated it will check prev character, if it's a same character then it will skip the current character.
    do anyone want to create the code in JtR / Crunch ?
    We are between RIGHT& WRONG.

Similar Threads

  1. Johnny and John the ripper
    By lw3eov in forum General Archive
    Replies: 0
    Last Post: 2020-04-02, 00:35
  2. John the Ripper - ARM, MPI & CUDA
    By Pyrex in forum ARM Archive
    Replies: 0
    Last Post: 2014-07-16, 22:18
  3. John the Ripper
    By th3p4rk2 in forum General Archive
    Replies: 1
    Last Post: 2014-06-17, 15:38

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •