Mutating Wordlists
Mutating Wordlists for John the Ripper and Hashcat
When it comes to password cracking with tools like John the Ripper and Hashcat, the quality and size of the wordlist you use are crucial for success. Often, attackers and security professionals need to mutate or enhance their wordlists to increase the chance of success. This guide will walk you through how to mutate and enhance wordlists to be used with John the Ripper and Hashcat, using a variety of tools and techniques.
Introduction
Mutating wordlists can significantly improve the chances of cracking passwords by incorporating different variations, patterns, and formats into the wordlist. These mutations can include things like adding numbers, appending special characters, converting text to uppercase, or using common password patterns. By using such enhanced wordlists, you can cover more attack vectors and increase the likelihood of success in password cracking tasks.
Tools for Mutating Wordlists
CeWL: A custom wordlist generator that scrapes websites for keywords.
Crunch: A tool for generating custom wordlists with specified character sets and lengths.
Hashcat Rules: Rules that modify existing wordlists by adding variations (e.g., appending digits, capitalizing the first letter).
John the Ripper Rules: John the Ripper's internal rules for generating mutated wordlist versions.
1. Mutating Wordlists with CeWL
CeWL is a powerful tool that allows you to scrape a website for keywords and generate a custom wordlist based on the content of the website. This is useful when you want to create a targeted wordlist based on a specific domain or service.
Installing CeWL
To install CeWL on Linux:
Using CeWL to Generate a Wordlist
You can use CeWL to scrape a website and generate a wordlist by running the following command:
https://www.targetwebsite.com: The website URL from which you want to scrape words.-w target_wordlist.txt: The output wordlist file.
You can also adjust the depth of the scrape to include more or fewer pages:
-d 3: Scrape pages up to a depth of 3 (adjust as necessary).
2. Mutating Wordlists with Crunch
Crunch is a tool that allows you to generate custom wordlists by specifying character sets, lengths, and patterns. This is useful for creating brute-force style wordlists or generating wordlists based on known patterns.
Installing Crunch
To install Crunch on Linux:
Using Crunch to Generate Wordlists
Here's an example of generating a wordlist of 6-character passwords consisting of lowercase letters:
6 6: Specifies the minimum and maximum password length (both 6 in this case).-o wordlist.txt: The output wordlist file.-p abcdefghijklmnopqrstuvwxyz: The character set to use (you can combine multiple sets, e.g.,-p abc123!@#).
You can also generate wordlists with numbers, special characters, or a combination:
?l?d?u: Tells Crunch to use lowercase letters, digits, and uppercase letters.
3. Mutating Wordlists with Hashcat Rules
Hashcat allows you to apply mutation rules to existing wordlists, creating variations of the original words by applying common password patterns. Hashcat comes with several default rules, but you can also create your own.
Using Hashcat Rules
Here’s how to use a wordlist with a rule file in Hashcat:
-m 1000: Specifies the hash type (e.g., NTLM).-a 0: Dictionary attack mode.wordlist.txt: The wordlist you want to use.-r /path/to/rules.txt: Specifies the rule file you want to apply.
Popular Hashcat Rule Files
Hashcat provides several built-in rule files that apply variations to your wordlist, such as:
best64.rule: Adds common variations like appending
123, capitalizing the first letter, etc.rockyou-30000.rule: More advanced rules for cracking common passwords.
generated.rule: Rules based on statistics or known password patterns.
To use one of these built-in rule files, just specify the rule in the command:
4. Mutating Wordlists with John the Ripper Rules
John the Ripper (John) also has its own set of built-in rules for mutating wordlists. These rules allow you to generate variations of common passwords by adding numbers, symbols, or changing the case of letters.
Using John the Ripper Rules
Here’s an example of how to use John the Ripper with a custom rule:
--wordlist=wordlist.txt: Specifies the wordlist to use.--rules: Applies John’s built-in mutation rules to the wordlist.--format=NTLM: Specifies the hash format (e.g., NTLM, MD5).hashes.txt: The file containing the hashes to crack.
Creating Custom Rules in John the Ripper
John the Ripper’s rules are flexible and allow for custom rule creation. You can modify the default rules in the john.conf file or create a new rule file. Here’s an example of a custom rule:
Then, apply the custom rules with the --rules=Custom option:
5. Combining Wordlist Mutations with Tools
A powerful strategy for cracking hashes is combining multiple wordlist mutation techniques. You can use tools like CeWL, Crunch, Hashcat Rules, and John Rules to create a large, diverse wordlist. Here’s how you can do it:
Generate a base wordlist using CeWL from a target site.
Mutate the wordlist using Crunch to add more variations (e.g., numbers, special characters).
Apply rules in Hashcat or John the Ripper to generate more variations based on common password patterns.
Example Workflow
6. Conclusion
Mutating wordlists is an essential part of cracking passwords with tools like John the Ripper and Hashcat. By using tools like CeWL, Crunch, Hashcat Rules, and John's Rules, you can generate wordlists that cover a wide range of common password variations, significantly improving your chances of success. By applying these mutations strategically, you can increase the effectiveness of your cracking attempts and speed up the process of recovering passwords.
Last updated