john.ini

unix密码破解软件John the Ripper

#
# This file is part of John the Ripper password cracker,
# Copyright (c) 1996-98 by Solar Designer
#

[Options]
# Wordlist file name, to be used in batch mode
Wordfile = ~/password.lst
# Use idle cycles only
Idle = N
# Crash recovery file saving delay in seconds
Save = 600
# Beep when a password is found (who needs this anyway?)
Beep = N

# "Single crack" mode rules
[List.Rules:Single]
# Simple rules come first...
:
-s x**
-c (?acQ
-c lQ
-s-c x**MlQ
# These were not included in crackers I've seen, but are pretty efficient,
# so I include them near the beginning
>6'6
>7l'7
>6/?ul'6
>5'5
# Weird order, eh? Can't do anything about it, the order is based on the
# number of successful cracks...
<*d
rc
<*dMcQ
>5/?ul'5
uQ
r(?al
<*!?A[lc]p
<*cQd
>7/?u'7
>4l'4
<+(?lcr
<+r(?lcr
>3'3
>4/?u'4
>3/?ul'3
uQr
<*lQf
# About 50% of single-mode-crackable passwords get cracked by now...
>2x12
>3x13
>4x14
>5x15
>6x16
>7x17
>8x18
>3x22
>4x23
>5x24
>6x25
>7x26
>8x27
>9x28
>4x32
>5x33
>6x34
>7x35
>8x36
>9x37
>2/?ulx12
>3/?ulx13
>4/?ulx14
>5/?ulx15
>6/?ulx16
>7/?ulx17
>8/?ulx18
>3/?ulx22
>4/?ulx23
>5/?ulx24
>6/?ulx25
>7/?ulx26
>8/?ulx27
>9/?ulx28
>4/?ulx32
>5/?ulx33
>6/?ulx34
>7/?ulx35
>8/?ulx36
>9/?ulx37
# Now to the suffix stuff...
<*l$[1-9!0a-z"-/:-@\[-`{-~]
<*(?ac$[1-9!0a-z"-/:-@\[-`{-~]
<*lr$[1-9!]
<*/?au$[1-9!]
<-l$!$!
<-(?ac$!$!
l$!<-$!$!
(?ac$!<-$!$!
# Removing vowels...
/?v@?v>2l
/?v@?v>2(?ac
/?v@?v>2<*d
# crack -> cracked, crack -> cracking
<*l[PI]
<*l[PI](?ac
# mary -> marie
<*(?a[lc])yro0ir$e
# marie -> mary
<*(?a[lc])er=1iD0o0yr
# The following 3l33t rules are based on original Crack's dicts.rules
l/asa4[:c]
l/ese3[:c]
l/lsl1[:c]
l/oso0[:c]
l/sss$[:c]
l/asa4/ese3[:c]
l/asa4/lsl1[:c]
l/asa4/oso0[:c]
l/asa4/sss$[:c]
l/ese3/lsl1[:c]
l/ese3/oso0[:c]
l/ese3/sss$[:c]
l/lsl1/oso0[:c]
l/lsl1/sss$[:c]
l/oso0/sss$[:c]
l/asa4/ese3/lsl1[:c]
l/asa4/ese3/oso0[:c]
l/asa4/ese3/sss$[:c]
l/asa4/lsl1/oso0[:c]
l/asa4/lsl1/sss$[:c]
l/asa4/oso0/sss$[:c]
l/ese3/lsl1/oso0[:c]
l/ese3/lsl1/sss$[:c]
l/ese3/oso0/sss$[:c]
l/lsl1/oso0/sss$[:c]
l/asa4/ese3/lsl1/oso0[:c]
l/asa4/ese3/lsl1/sss$[:c]
l/asa4/ese3/oso0/sss$[:c]
l/asa4/lsl1/oso0/sss$[:c]
l/ese3/lsl1/oso0/sss$[:c]
l/asa4/ese3/lsl1/oso0/sss$[:c]
# Now to the prefix stuff...
l^[1a-z2-90A-Z"-/:-@\[-`{-~]
<9(?a[lc]^e^h^[tT]
<9(?a[lc]^y^m^[aA]
<9(?a[lc]^r^[mdMD]
<9(?a[lc]^.^r^[mdMD]
<9(?a[lc]^_^_
<-!?Alp^[240-9]
# Some word pair rules...
# johnsmith -> JohnSmith, johnSmith
(?a2(?ac1[cl]
# JohnSmith -> john smith, john_smith, john-smith
1<-$[ _\-]+l
# JohnSmith -> John smith, John_smith, John-smith
1<-(?ac$[ _\-]2l
# JohnSmith -> john Smith, john_Smith, john-Smith
1<-l$[ _\-]2(?ac
# johnsmith -> John Smith, John_Smith, John-Smith
1<-(?ac$[ _\-]2(?ac
# Applying different simple rules to each of the two words
1[ur]2l
2(?ac1[ur]
1l2[ur]
1(?ac2[ur]
# jsmith -> smithj, etc...
(?a[lc][{}]
(?a[lc]}}
(?a[lc]{{
# Toggle case...
T[1-7]Q
lMT[1-7]Q
>2[lu]MT0T2T4T6T8Q
# Deleting chars...
D[1-7]Q
D[1-7]Q/?ul
D[1-7]Q(?ac
# Inserting a dot...
>3(?a[lc]i[12].
# More suffix stuff...
<-l$[19]$[0-9]
<-(?ac$[19]$[0-9]
<-l$6$9
<-(?ac$6$9
<-l$[72]$[0-9]
<-(?ac$[72]$[0-9]
<*(?a[lc]$[A-Z]
# cracking -> CRACKiNG
u/IsIi
# Crack96 -> cRACK96
CQ
# Crack96 -> cRACK(^
SQ
# Crack96 -> CRaCK96
/?vVQ
# Really weird charset conversions, like "england" -> "rmh;smf"
:[RL]Q
lQ[RL]
(?acQ[RL]
RRQ
LLQ
# Both prefixing and suffixing...
<-l^1$1
<-l^!$!
<-l^@$@
<-l^#$#
<-l^$$$
<-l^%$%
<-l^^$^
<-l^&$&
<-l^*$*
<-l^($)
<-l^-$-
<-l^=$=
<-l^_$_
<-l^+$+
<-l^.$.
<-l^?$?
<-l^{$}
<-l^\[$]
<-l^<$>
<-l^|$|
<-l^:$:
<-l^'$'
<-l^"$"
# The rest of two-digit suffix stuff, rare numbers...
<-l$6$[0-8]
<-(?ac$6$[0-8]
<-l$[3-580]$[0-9]
<-(?ac$[3-580]$[0-9]
# Some three-digit numbers...
(?a[lc]$0<-$0$7
(?a[lc]$1<-$1$1
(?a[lc]$1<-$2$3
(?a[lc]$2<-$2$2
(?a[lc]$3<-$3$3
(?a[lc]$4<-$4$4
(?a[lc]$5<-$5$5
(?a[lc]$6<-$6$6
(?a[lc]$7<-$7$7
(?a[lc]$8<-$8$8
(?a[lc]$9<-$9$9
# Some [birth] years...
l$1<-$9$[7-90-6]>-
l$1$9<-$[7-90-6]$[0-9]
# Uncomment the following lines if you're really crazy
;# Insert/overstrike some characters...
;!?Ali[1-6][a-z]
;!?Alo[0-7][a-z]
;# Toggle case everywhere...
;lMT[*7]T[*6]T[*5]T[*4]T[*3]T[*2]T[*1]T[*0]Q
;# Very slow stuff...
;l$[1-90]<-$[0-9]$[0-9]
;(?ac$[1-90]<-$[0-9]$[0-9]
;<-l$[a-z]$[a-z]
;<9l^[a-z]^[a-z]
;<-l^[a-z]$[a-z]

# Wordlist mode rules
[List.Rules:Wordlist]
# Try words as they are
:
# Lowercase every pure alphanumeric word
-c >3!?XlQ
# Capitalize every pure alphanumeric word
-c >2(?a!?XcQ
# Lowercase and pluralize pure alphabetic words
<*>2!?Alp
# Lowercase pure alphabetic words and append '1'
<*>2!?Al$1
# Capitalize pure alphabetic words and append '1'
-c <*>2!?Ac$1
# Duplicate reasonably short pure alphabetic words (fred -> fredfred)
<7>1!?Ald
# Lowercase and reverse pure alphabetic words
>3!?AlMrQ
# Prefix pure alphabetic words with '1'
>2!?Al^1
# Uppercase pure alphanumeric words
-c >2!?XuQ
# Lowercase pure alphabetic words and append a digit or simple punctuation
<*>2!?Al$[2!37954860.?]
# Words containing punctuation, which is then squeezed out, lowercase
/?p@?p>3l
# Words with vowels removed, lowercase
/?v@?v>3l
# Words containing whitespace, which is then squeezed out, lowercase
/?w@?w>3l
# Capitalize and duplicate short pure alphabetic words (fred -> FredFred)
-c <7>1!?Acd
# Capitalize and reverse pure alphabetic words (fred -> derF)
-c <+>2!?Acr
# Reverse and capitalize pure alphabetic words (fred -> Derf)
-c >2!?AMrQc
# Lowercase and reflect pure alphabetic words (fred -> fredderf)
<7>1!?AlMrQrf
# Uppercase the last letter of pure alphabetic words (fred -> freD)
-c <+>2!?AMrQcr
# Prefix pure alphabetic words with '2' or '4'
>2!?Al^[24]
# Capitalize pure alphabetic words and append a digit or simple punctuation
-c <*>2!?Ac$[2!3957468.?0]
# Prefix pure alphabetic words with digits
>2!?Al^[379568]
# Capitalize and pluralize pure alphabetic words of reasonable length
-c <*>2!?Acp
# Lowercase/capitalize pure alphabetic words of reasonable length and convert:
# crack -> cracked, crack -> cracking
<*>2!?Al[PI]
-c <*>2!?Ac[PI]
# Try the second half of split passwords
-s x**
-s-c x**MlQ

# Incremental modes
[Incremental:All]
File = ~/all.chr
MinLen = 0
MaxLen = 8
CharCount = 95

[Incremental:Alpha]
File = ~/alpha.chr
MinLen = 1
MaxLen = 8
CharCount = 26

[Incremental:Digits]
File = ~/digits.chr
MinLen = 1
MaxLen = 8
CharCount = 10

[Incremental:LanMan]
File = ~/lanman.chr
MinLen = 0
MaxLen = 7
CharCount = 69

# Some pre-defined word filters
[List.External:Filter_Alpha]
void filter()
{
	int i, c;

	i = 0;
	while (c = word[i++])
	if (c < 'a' || c > 'z') {
		word = 0; return;
	}
}

[List.External:Filter_Digits]
void filter()
{
	int i, c;

	i = 0;
	while (c = word[i++])
	if (c < '0' || c > '9') {
		word = 0; return;
	}
}

[List.External:Filter_LanMan]
void filter()
{
	int i, c;

	word[7] = 0;			// Truncate at 7 characters

	i = 0;				// Convert to uppercase
	while (c = word[i]) {
		if (c >= 'a' && c <= 'z') word[i] &= 0xDF;
		i++;
	}
}

# A simple cracker for LM hashes, similar to L0phtCrack
[List.External:LanMan]
int length;				// Current length

void init()
{
	word[0] = 'A' - 1;		// Start with "A"
	word[length = 1] = 0;
}

void generate()
{
	int i;

	i = length - 1;			// Start from the last character
	while (++word[i] > 'Z')		// Try to increase it
	if (i)				// Overflow here, any more positions?
		word[i--] = 'A';	// Yes, move to the left, and repeat
	else				// No
	if (length < 7) {
		word[i = ++length] = 0;	// Switch to the next length
		while (i--)
			word[i] = 'A';
		return;
	} else {
		word = 0; return;	// We're done
	}
}

void restore()
{
	length = 0;			// Calculate the length
	while (word[length]) length++;
}

# Useful external mode example
[List.External:Double]
/*
 * This cracking mode tries all the possible duplicated lowercase alphabetic
 * "words" of up to 8 characters long. Since word halves are the same, it
 * only has to try about 500,000 words.
 */

/* Global variables: current length and word */
int length, current[9];

/* Called at startup to initialize the global variables */
void init()
{
	int i;

	i = length = 2;			// Start with 4 character long words
	while (i--) current[i] = 'a';	// Set our half-word to "aa"
}

/* Generates a new word */
void generate()
{
	int i;

/* Export last generated word, duplicating it at the same time; here "word"
 * is a pre-defined external variable. */
	word[(i = length) << 1] = 0;
	while (i--) word[length + i] = word[i] = current[i];

/* Generate a new word */
	i = length - 1;			// Start from the last character
	while (++current[i] > 'z')	// Try to increase it
	if (i)				// Overflow here, any more positions?
		current[i--] = 'a';	// Yes, move to the left, and repeat
	else {				// No
		current = 0;		// Request a length switch
		break;			// Break out of the loop
	}

/* Switch to the next length, unless we were generating 8 character long
 * words already. */
	if (!current && length < 4) {
		i = ++length;
		while (i--) current[i] = 'a';
	}
}

/* Called when restoring an interrupted session */
void restore()
{
	int i;

/* Import the word back */
	i = 0;
	while (current[i] = word[i]) i++;

/* ...and calculate the half-word length */
	length = i >> 1;
}

# Simple parallel processing example
[List.External:Parallel]
/*
 * This word filter makes John process some of the words only, for running
 * multiple instances on different CPUs. It can be used with any cracking
 * mode except for "single crack". Note: this is not a good solution, but
 * is just an example of what can be done with word filters.
 */

int node, total;			// This node's number, and node count
int number;				// Current word number

void init()
{
	node = 1; total = 2;		// Node 1 of 2, change as appropriate
	number = node - 1;		// Speedup the filter a bit
}

void filter()
{
	if (number++ % total)		// Word for a different node?
		word = 0;		// Yes, skip it
}