But incremental mode is more than that. You can generate your own symbol sets, and associated incremental modes. This is useful for example if you already have a number of words, using a certain set of symbols, and you presume that yet-unknown passwords will be using roughly the same character set. Instead of running an expensive full charset incremental mode, you can generate your charset file based on those known characters, and run john in incremental mode with that more restricted character set.

In addition to three modes mentioned above, john can run in a so-called external mode, where you define your own functions (using a C-like language), that john uses to initialize and resume sessions, and to generate and filter words. Basically, with external mode, john becomes a mere executor of the user-supplied code. There are some good examples of external mode in the default configuration file /etc/john/john.conf. External mode can be used on its own, or in addition to some other standard mode. This page provides more information on external mode.

Issue using John The Ripper

This gave us all of the passwords in the list which meet the complexity requirements identified within the filter. The list contained 5,641 passwords. Hmmmm... I wonder how many of those users were using the same password to log on to their corporate accounts? This list wasn't comprehensive enough for Mark and I, so we used a custom rule set written by Matt Weir to expand our list (the custom rule set is labeled 'modified_single' in the linked john.conf):

JohnTheRipper, as mentioned at the beginning of the article is not related by itself to PDFs, but to passwords and security stuff. That's why you will need to create the hash file of the PDF using the pdf2john.pl tool (available in the run directory after compiling from source). This tool allows you to obtain the hash (Read meta information) of the file through this perl script, which can be extracted into a new file with the following command:

John the ripper is a popular dictionary based password cracking tool. It uses a wordlist full of passwords and then tries to crack a given password hash using each of the password from the wordlist. In other words its called brute force password cracking and is the most basic form of password cracking. It is also the most time and cpu consuming technique. More the passwords to try, more the time required.

2ff7e9595c