Tools and Commands for Dictionary Attacks

Hello, world. I’m Zanidd and welcome back to the hands on password cracking and security course on code red. In this section, we’re discussing dictionary attacks. In this video, we’re going to take a look at the tools and commands we can use for dictionary attacks. Our old friend, john, cannot only be used for brute force attacks but can also perform dictionary attacks. It’s as simple as the command you’re seeing on screen.

Let’s take a closer look at the command from before. The wordlist argument is the list of words that we’re going to try, and the rules arguments test john to apply our rules. We can even apply custom rules. Similar to our brute force rules, we can configure dictionary attack rules in the john.conf file. These rules are all in the same section, namely, List.Rules and then wordlist.

This is the rule that is going to be used by default. We can also create our custom section and call it however we like. Here, for example, I called it the List.Rules - this is the part that has to be always the same - and then follow it by the name, RuleName. You can make your own name and your own little sections so you don’t have to try everything every time. You can use your own section of rules by passing the name of the rules with the rules argument, namely, here you see the example is - the name is RuleName and you can pass dash dash rules equals to rule name.

Now, an important thing to consider when doing this rules is their notation. They have a different notation than the brute force attack rules, and we’re going to take a look at how these rules look like in the next slide. You may initially be stunned by the sheer amount of crazy symbols on the screen. So let me explain them one by one for you. Let’s say we want to only check uppercase alphabetic words with a number or simple punctuation at the end of the list. We will use the first line, which may seem cryptic to you and not make any sense.

However, the first part, smaller than star and bigger than 3, tells john to use words with more than three characters and no maximum amount. Hence, the smaller than star and bigger than 3 operator. This part is called length control commands. The next part is a little crazy if you have no idea what it means. Now, the question mark a means to use all letters from a to z, upper and lower cases. The exclamation point tells john to ignore this rule if it contains any other characters. So, words like password1 will skip this rule because it contains a number and not only characters. These are called character clauses. The next part are called simple commands.

The u we are using converts our words into an uppercase word. Since we filter out all the words that only contain letters, we’re bound to use words with lowercase letters at some point, but we don’t want to, so we transform them into uppercase letters. The last part tells john to appoint a number or special symbol at the end of the world. It basically works similar to regex. You can pass a list of possible characters to append between the two brackets, and john will try all of them. We could, for example, add two numbers with a similar notation - instead of passing each number individually to the list, we make two lists and pass 0 to 9 to each list.

So john will try every possible combination with those two numbers, but be careful. As we have seen in the first couple of sections, entropy can grow fast if you add more possible combinations, and it will take longer to crack a password. Also, make sure to take into consideration that this rule and these possible combinations will be applied to all words that match the criteria. So, this could potentially generate a lot of possible words and it will take you longer to crack the password. Thank you for watching this lesson. In the next lesson, we’re going to take what we learned from this one, set up a wordlist, and start cracking passwords right away using rules and the wordlist. See you there.