Dictionary Mangling with John the Ripper

The problem to solve:
create a password list containing patterns that matched name123

How to solve:

  1. www[.]packetstormsecurity[.]com/Crackers/wordlists/ provided many good starting points for name-based dictionaries.
  2. A few of these were thrown together into a big file (which was of course run through sort and uniq).
  3. john.conf was modified to read:

    When you do this, you need to change the existing [List.Rules:Wordlist] line to read something else like [List.Rules:OLDWordlist].
    The $ tells john to append the character that follows such that

    • $1 will produce name1
    • $1$2 will produce name12
    • $1$2$3 will produce name123
  4. Then just run john with the --wordlist and --rules parameters on your password file like so:
    $ ./john --session=htaccess123 --wordlist=dictionaries/all_words \
    --rules htaccess_from_somewhere

    or just to write a post-rules dictionary (named new_wordlist123) file use:

    $ ./john --session=htaccess123 --wordlist=dictionaries/all_words \
    --rules --stdout > new_wordlist123

...yes a few lines of a bash/PERL/Ruby/whatever script can append things to each line in a file too but hey try something new today..