Generate rule-based passwords with John the Ripper

Question

I am trying to recover a password I have not used in a long time.

I know the words used in the passphrase, but I do not remember exactly the character substitutions, and upper/lower case I have used. I only remember some, and know the possibilities for others.

The passphrase I am trying to recover is 15 characters long.

I have installed John the Ripper (jumbo version 1.9), and I tried to create some rules for character substitutions I know I have used hoping to quickly generate a wordlist with all possible passphrases based on my rules.

Let's say my passphrase is password with some character substitutions. If I use this set of rules:

sa@
ss$
so0
soO

I get those results:

p@ssword pa$$word passw0rd passwOrd

When I say I am looking for all possible combinations, I am looking for something lookig more like the following (this list is not exhaustive)

p@ssword p@$sword p@$$word pa$sword pa$$word

p@ssw0rd p@$sw0rd p@$$w0rd pa$sw0rd pa$$w0rd

p@sswOrd p@$swOrd p@$$wOrd pa$swOrd pa$$wOrd

Gathering all rules in one line does not help me achieve my goal, and making one rule (line) with substitution by character position is basically generating my list by hand.

I am now wondering how can I achieve my goal, or, if JtR is the right tool for the job.

Answer 1

I have found a solution that fits my use case. the oNx syntax allows to replace the character at Nth position (zero based) with x.

In addition to that, using brackets allow to apply more than one substitution to the same character. So oN[xy] will yield two passwords with the character at Nth position replaced with x, then y.

For my password example above, the rule needed to achieve my goal would be:

o1[a@] o2[sS$] o3[sS$] o5[oO0]

I hope it helps someone with some old database to unlock )