Doppelganger john

John the Ripper is a neat tool for security-checking your passwords. Unfortunatly it is not able to use SMP, so there’s some room for improvement. Out of boredom, I came up with a little hack for the meantime:


#!/bin/sh

if [ $UID -ne 0 ]; then
echo “Only root wants to run this”
exit 1;
fi
if [ ! -x /usr/bin/john ]; then
echo “No john installed.”
exit 1;
fi
if [ $# -ne 3 ]; then
echo “Usage: $0 CPUS WORDLIST HASHFILE”
exit 1;
fi

# Create a temporary working directory
TMP_PATH=/tmp/multijohn-$$
BIG_WORDLIST=/$TMP_PATH/biglist
mkdir -p $TMP_PATH

# Clean up after receiving either SIGHUP, SIGINT, SIGQUIT or SIGTERM
trap “rm -rf $TMP_PATH; exit 2” 1 2 3 15

# Generate and save mangled word list
echo “Generating mangled (big) wordlist…”
john -w:$2 -ru -stdout > $BIG_WORDLIST
echo “Done, saved into $BIG_WORDLIST”

BIG_WORDLIST_LINES=`wc -l $BIG_WORDLIST | awk ‘{print $1;}’`
echo “Mangled wordlist line count: $BIG_WORDLIST_LINES”

echo “Split mangled worldist into $1 pieces…”
split -l $(($BIG_WORDLIST_LINES / $1)) $BIG_WORDLIST $TMP_PATH/words-
rm $BIG_WORDLIST

echo “Starting $1 johns…”
for X in $TMP_PATH/words-*
do
john -session:$X-john -w:$X $3 &
done

wait
echo “All done, exiting…”
rm -rf $TMP_PATH

Save that as multijohn.sh, set the execute flag and have fun. Note that here’s room for improvement toošŸ˜‰

multijohn

Update: removed the redundant -ru parameter..

One thought on “Doppelganger john

  1. you dont need to do –rules in the session, because you already created one with your bigfile ..
    also you should check if there are duplicates in the bigfile with unique that comes with john
    “unique” utility to eliminate any duplicate candidate passwords:
    john –wordlist=all.lst –rules –stdout | unique mangled.lst
    john –wordlist=all.lst –rules –stdout=8 | unique mangled8.lst

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s