WEBVTT

00:02.450 --> 00:08.900
To be successful in cracking passwords, you have to use the right dictionary, the dictionary should

00:08.900 --> 00:15.950
contain words in different languages, celebrity names, the name of football teams and so on.

00:16.520 --> 00:18.140
Open world dot com.

00:18.330 --> 00:24.110
The official website of Jundah report provides you a huge wordlist collection.

00:24.680 --> 00:31.400
It includes work at least for more than 20 human languages and the likes of common passwords.

00:31.730 --> 00:33.710
Unfortunately, it's not free.

00:36.070 --> 00:40.510
However, you can find the many free water leaks on the Internet.

00:40.930 --> 00:45.820
Let's move on and see how to combine more dictionary files into a single one.

00:47.170 --> 00:55.300
I'll download a text file from school security dot org that contains the 500 worst passwords.

00:57.570 --> 01:06.390
This is the fight I'm hoping that you are on and on, Carly, I am downloading it using double you get

01:07.620 --> 01:08.820
I'm pasting the.

01:08.820 --> 01:09.150
You are.

01:11.480 --> 01:13.040
OK, this is the file.

01:15.550 --> 01:25.600
The next step is to concatenate this new file to the existing dictionary files like this kept this file

01:26.230 --> 01:37.360
and the other dictionary files, for example, USAR Share John and password that Elstein the output

01:37.390 --> 01:39.550
reduction to greater size.

01:40.300 --> 01:45.730
I'll append to the end of the file my dict, for example, that the.

01:49.140 --> 01:52.860
I have combined these two files into a single file.

01:54.240 --> 02:00.030
Maybe there are duplicate works and I want to remove them so that I have only unique words.

02:01.160 --> 02:13.490
And I'll do Jon minus minus wordlist equals the name of the file, my dect that texte minus minus is

02:13.640 --> 02:24.260
the out pipe, a vertical bar unique and the name of the file that will contain the unique words like

02:24.260 --> 02:26.390
say my dictionary that texte.

02:34.970 --> 02:39.590
There are three thousand six hundred twenty five unique words.

02:40.650 --> 02:41.970
It's not a big list anyway.

02:43.360 --> 02:50.170
Now, I can start, John, again, this time using the dictionary file I've already shown you so you'll

02:50.170 --> 02:51.040
know how to do it.

02:51.670 --> 02:56.770
Let's move on and see other options and ways of executing John.

02:57.280 --> 03:05.320
If you want to load only accounts with a valid shell or with specific shell, you use minus minus shell

03:05.320 --> 03:12.400
option like this, John, minus minus wordlist equals.

03:12.400 --> 03:22.750
And the name of the file minus minus, minus, minus shell equals and the shell is with a comma between

03:22.750 --> 03:31.390
them like say Besch and S.H. and the file that contains the hashes of the passwords.

03:32.650 --> 03:35.830
Unshattered that it's in the same directory.

03:37.300 --> 03:40.450
This file is in the current working directory.

03:43.090 --> 03:47.810
OK, it's raining, I'm stopping, John.

03:48.250 --> 03:57.340
I want to show you other examples, the minus minus useless option allows you to filter of your counts

03:57.340 --> 04:01.690
for breaking, for example, the same comment.

04:02.020 --> 04:11.590
And instead of minus minus shell option, I'll use minus minus users equals, let's say, admin, comma,

04:11.590 --> 04:12.090
Mark.

04:12.580 --> 04:17.200
It will try to crack only the passwords of admin and mark.

04:19.210 --> 04:21.850
And it didn't find any password.

04:22.920 --> 04:27.690
A dash before the list of the users can be used to invert the Krech.

04:28.860 --> 04:33.450
Or allowed all the others that aren't listed like this.

04:35.460 --> 04:40.140
Minus a good comma admin.

04:46.550 --> 04:53.900
I have a boarded the station, the most powerful cracking mode in John is called incremental.

04:54.050 --> 04:58.220
Let's start it, John minus minus incremental.

04:59.810 --> 05:04.250
You can also use only minus I and the password file.

05:09.740 --> 05:16.480
This will use the default incremental mode parameters, which are defined in the configuration file

05:16.630 --> 05:18.750
section named incremental.

05:19.750 --> 05:22.240
Let's see the configuration file of John.

05:23.350 --> 05:26.220
This is John, that conv in ETSI, John.

05:26.500 --> 05:27.850
Let's take a look there.

05:28.720 --> 05:32.860
I'm opening the file for viewing using less ATC.

05:33.370 --> 05:38.460
John, John, that this is the configuration file of John Draper.

05:39.870 --> 05:43.710
And we see here many options regarding the way John works.

05:45.060 --> 05:53.340
I'm searching for incremental, starting in an upper case, I later using and the word I'm searching

05:53.340 --> 06:00.830
for incremental and I'm pressing on and many times to see the next crisis.

06:01.950 --> 06:04.770
And this is the section incremental.

06:04.860 --> 06:10.200
Callon, ask the session, the surrounding this station.

06:12.120 --> 06:21.570
It uses all ASCII cars and tries passwords with a maximum length of 13 characters by combining all the

06:21.570 --> 06:23.920
characters in all possible ways.

06:24.810 --> 06:29.550
This will take a lot of time, probably more than you are willing to wait.

06:31.580 --> 06:39.770
At this moment, after a few weeks of executing, John is searching only for passwords that have five

06:39.770 --> 06:43.850
characters and 13, there is a long way ahead.