Code:
Use a 32bit version of john, or the windows version as these support long file names
What is a .BAT file
A .BAT file or BATCH file enables you to process DOS commands [amongst others] from a file.
How can this help with JOHN
Encrypted-Password-filename/s - The name of your encrypted password file
Wordlist-filename - The name of your wordlist, which has a single word per line
Decrypted-passes-filename - The name of your file which has all your cracked combos
john -si
Encrypted-Password-filename/s
john -w:
Wordlist-filename Encrypted-Password-filename/s
john -show
Encrypted-Password-filename/s >
Decrypted-passes-filename
These are the most common commands you'll run with JTR [aka John]. Decrypting a file using a -si and -w attacks, then outputting the results to a file.
So let's put it in a BAT file
Encrypted-Password-filename/s - The name of our file in this example is
site.pf
Wordlist-filename - The name of our file in this example is
wordlist.txt
Decrypted-passes-filename - The name of our file in this example is
site.txt
- Open Notepad, copy and paste the information between the REM ------------------
REM ------------------
REM This is a REMark statement, Use it to make comments in your file
REM Change
site.pf,
wordlist.txt,
site.txt to the names of your files
REM First we want to run a -si crack on
site.pf
john -si
site.pf
REM Next we want to run a
wordlist.txt on that baby
john -w:
wordlist.txt site.pf
REM Finally we want JTR to make us a file with any cracked passwords
john -show
site.pf >
site.txt
REM ------------------
- Muwahahahahaha, you can delete the lines that have REM in it, they don't do anything
- So your file should look like this, with your own filenames of course :p
Quote:
john -si site.pf
john -w:wordlist.txt site.pf
john -show site.pf > site.txt
|
Code:
Reminder
site.pf should have your password file name
wordlist.txt should have your wordlist name
site.txt is the name you choose for your decrypted combos
- In Notepad, choose
File
- From the
File dropdown list, Click on
Save
- Navigate to your directory which has john.exe in it
- Name your file whatever you want, I use the name
_john.bat
- Click in the Dropdown Box by Save Type As, and change it to
All Files (*.*)
- Click the Save button
Running your BAT file
- Open Explorer, and navigate to the directory that has john.exe in it
- Find your
bat file
- Double click on it to run it.
Your batch file will now run, hopefully you've done everything right and john is a happy camper.
Using the REM Statement
As I mentioned earlier, the REM or REMark statement doesn't execute code.
Quote:
john -si site.pf
john -w:wordlist.txt site.pf
john -show site.pf > site.txt
|
Using our example, let's say we have another
Encrypted-Password-filename/s named
site1.pf
So obviously we want to change the
site.pf to
site1.pf in our BAT file, but wait a second
john -show
site.pf >
site.txt
That line decrypts the
site.pf and outputs it to
site.txt, rather than replacing
site.pf, we could copy it, then REM the line
REM john -show
site.pf >
site.txt
So our new file would look like this with our changes
Quote:
john -si site1.pf
john -w:wordlist.txt site1.pf
john -show site1.pf > site1.txt
REM john -show site.pf > site.txt
|
We're probably always going to go back and decrypt
site.pf and once our
john.pot gets bigger, or we try other cracking methods, its good to have john preset to dump our results
You'll probably want to have a few REM statements in your BAT file, just to keep yourself orientated
Quote:
REM -------- john's cracking attack ---------
john -si site1.pf
john -w:wordlist.txt site1.pf
REM -------- Decrypting Password Files --------
john -show site1.pf > site1.txt
REM john -show site.pf > site.txt
|
Moving ahead, Using john's SESSION and RESTORE commands
session-name - This can be any name you desire
john -session:
session-name
john -restore:
session-name
The SESSION command in john allows you to save the progress of your crack attack. It works with the -w and -i cracking modes
The RESTORE command will resume a session, or resume the last session if session-name is given
Ok, lets say you have a number of different wordlists you use say as an example
quicklist.txt
genrelist.txt
one-of-floodas-hugeass-lists.txt :p
one-of-Th3-DOORS-lists-that-makes-mine-look-limp.txt muwahahahahaha
LoL
Ahem
Getting back on topic.
Opening our
BAT file, we need to put in lines for each wordlist.
Quote:
REM -------- john's cracking attack ---------
john -si site1.pf
john -w:quicklist.txt site1.pf
john -w:genrelist.txt site1.pf
john -w:one-of-floodas-hugeass-lists.txt site1.pf
john -w:one-of-Th3-DOORS-lists-that-makes-mine-look-limp.txt site1.pf
REM -------- Decrypting Password Files --------
john -show site1.pf > site1.txt
REM john -show site.pf > site.txt
|
Now thats fine, and under ideal conditions and a huge ass fast system you'll have no problems, but as is the case, john sometimes gets tempremental, so sessions are needed
Although you can name your
session-name anything, I'd use a format that you can quickly understand.
I suggest using this format
_
Encrypted-Password-filename-
Wordlist-filename.ses
From our example this would be
_
site.pf-
quicklist.txt.ses
If you're using
WILDCARDS, as a suggestion
_DecryptingAll-
Wordlist-filename.ses
Code:
WILDCARDS are used to load a group of files depending on how you set the wildcard
So *.pf will load all file with the extention PF
Or *pf* will load all files that have pf in thier filename
WILDCARDS are excellent to use
You will notice I use a _ character before the
session-name. The reason I do this is because the file will appear near the beginning of the directory, so its easy to spot where you're at.
Of course the
session-name is entirely up to you to name.
So lets see it in our
BAT file
Quote:
REM -------- john's cracking attack ---------
john -si site1.pf
john -w:quicklist.txt site1.pf -session:_site1.pf-quicklist.txt.ses
john -w:genrelist.txt site1.pf -session:_site1.pf-genrelist.txt.ses
john -w:one-of-floodas-hugeass-lists.txt site1.pf -session:_site1.pf-one-of-floodas-hugeass-lists.txt.ses
john -w:one-of-Th3-DOORS-lists-that-makes-mine-look-limp.txt site1.pf -session:_site1.pf-one-of-Th3-DOORS-lists-that-makes-mine-look-limp.txt.ses
REM -------- Decrypting Password Files --------
john -show site1.pf > site1.txt
REM john -show site.pf > site.txt
|
Now you can run your
bat file
Now if john crashes, or you decide to do a CTRL-C, the last session john was working on will appear
Code:
Just a Note
John will delete any session that as been completed
Lets' imagine that john stopped during its
_site1.pf-genrelist.txt.ses cracking session.
What we need to do is use a REM statement and add the RESTORE command to our
bat
We know these have been done
john -si
site1.pf
john -w:
quicklist.txt site1.pf -session:
_site1.pf-quicklist.txt.ses