Simple Mangle with John The Ripper

John is a powerful tool for attacking passwords.

A few years ago I had to do a presentation password security and I wanted to demonstrate generating targeted password guesses for my coworkers based on their staff bios on the website and public media profiles.

Start by going out and downloading JTR from the internet.

Set up directories as follows inside the john/ folder.

--john/
 \- generation/
   \- bios/
   \- lists/
   \- mangled_lists
   \- mangle_bios.rb
 \- run

In john/generation/bios/ place a text file with the text information on each target. In my case this was my coworkers.

mangle_bios.rb

This is the content of the mangle_bios script. I have to admit it is a bit rough. Looks like it could use a refresh!

bios = Dir.entries('bios').reject { |e| e =~ /\./ }

bios.each do |bio|
  string = File.read( 'bios/' + bio )
  list = File.open('lists/' + bio + '_list', 'w')
  output = string.split(' ').sort.uniq.map { |e| e.gsub(/[^A-Za-z0-9]/,'')}.join("\n")
  puts "Writing list for #{bio.gsub(/_/,' ').capitalize}"
  list.write(output)
  list.close
end

lists = Dir.entries('lists').reject { |e| e =~ /\./ }

lists.each do |list|
  mangled_list = `./../run/john --wordlist=lists/#{list} --rules --stdout`
  output = File.open("mangled_lists/#{list}_mangled",'w')
  puts "Mangling #{list}..."
  output.write(mangled_list)
  output.close
end

Mangle!

Now you can run the following to generate some word lists:

  ruby mangle_bios.rb