Jump to content


Photo
- - - - -

John The Ripper


  • Please log in to reply
7 replies to this topic

#1 BINREV SPYD3R

BINREV SPYD3R

    I should go outside once in a while

  • Members
  • 2,564 posts

Posted 10 November 2006 - 10:09 PM

Summary: initial draft



{| border="0" cellpadding=1 bgcolor="#3d3d3d"
!align="left"|Author:
|align="left"|chillmaster
|-
!align="left"|Date Released:
|align="left"|unknown.
|-
!align="left"|Added to DD:
|align="left"|22:02, 10 Nov 2006 (EST)

|}


=John The Ripper=

First download and install John the Ripper from its [http://www.openwall.com/john/ homepage].

Read the documentation that came with John on how to install it.

If you are using John in windows I recommend putting a batch file in the run
directory that will bring up a DOS prompt. Otherwise from the start menu select run,
type cmd in the dialog box and hit enter.

[http://www.openwall.com/ Openwall.com] had this to say about John, "John the Ripper is a fast password cracker,
currently available for many flavors of Unix (11 are officially supported, not
counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose
is to detect weak Unix passwords. Besides several crypt(3) password hash types most
commonly found on various Unix flavors, supported out of the box are Kerberos AFS and
Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches."

Taking this in mind we first need some passwords to crack. I will be generating our
encrypted passwords using the following Perl script:

<pre>#!/usr/bin/perl
#crypt.plx
use warnings;
use strict;
use Crypt::PasswdMD5;

my $pass = "temp1";
my $unix = unix_md5_crypt($pass);
print "unix:$unixn";</pre>

I redirect the output of the script to a file called pass.txt via the command line;
<pre>'chillmaster@th3v0id ~ $ ./crypt.plx > pass.txt'.</pre>

My new password file looks like this:
<pre>unix:$1$mKTfU7X0$cmojfZIIWaQwHIqy44pBf.</pre>

Unix password files separate the user name from the password with the colon. Most
.htpasswd files on web servers follow a similar format

John supports a few different ways of cracking passwords, the most commonly used
probably are the incremental and word list methods. By default john cycles through
the methods, resorting lastly to incremental mode. The command to crack our password
looks like this:

<pre>th3v0id chillmaster # john pass.txt</pre>

After a few moments john finishes with the following output:
<pre>Loaded 1 password (FreeBSD MD5 [32/32])
temp1 (unix)
guesses: 1 time: 0:00:00:02 100% (2) c/s: 3813 trying: temp1</pre>

The first line is generated as soon as the cracking begins. This line counts the
number of passwords john is going to crack and some information about the type of
encryption the passwords use. The next line is the cracked password with the username
in parenthesis. The last line is John's final report with the number of guesses and
the last guess john tried.

If you didn't want to wait forever for the incremental mode to finish you can try your
luck with a word list. All you need to do is tell john what word list to use;
<pre>'th3v0id chillmaster # john -wordfile=wordlist.txt pass.txt'.</pre>

Another handy feature is that John can restore a password cracking session that was
killed or crashed, All you need to do is pass john the '-restore' option. On the
other hand if you pass John the '-show' option John will show you the passwords
already cracked.

If you happen to try this tutorial out for yourself I think you will be surprised to
see how fast John cracked the short, "temp1", password. Everyone stresses password
security but not everyone knows why. Its true that if your computer or the company
that hosts your mail got compromised that a hacker would have access to everyones'
password. The problem facing the hacker is that the passwords are still encrypted on
the hard drive. When a system with thousands of users gets compromised the strength
of a password can deter a hacker from even bothering with your account if he has
twenty other passwords already cracked.

[[Category: Hacking]]

http://www.docdroppe...John_The_Ripper

#2 tina

tina

    n00bie

  • Members
  • 10 posts

Posted 11 November 2006 - 03:34 AM

hmm... sounds interesting. hope I'll learn more of UNIX. thnx

#3 %0A

%0A

    Will I break 10 posts?

  • Members
  • 2 posts

Posted 15 November 2006 - 08:20 PM

.


Edited by %0A, 12 January 2013 - 12:27 PM.


#4 Octal

Octal

    Dangerous free thinker

  • Members
  • 886 posts

Posted 02 January 2007 - 07:11 PM

I heard John can crack Windows passwords, is this true? I'm pretty sure yes.

And John seems pretty useless to me. I just installed it, and ran it on my own password, and this was the commands I used(Not as root):
[07:02:02][dv5000t>~/john-1.7.0.2/run]$ ./john /etc/passwd
No password hashes loaded
[07:02:57][dv5000t>~/john-1.7.0.2/run]$ ./john /etc/shadow
fopen: /etc/shadow: Permission denied
[07:03:05][dv5000t>~/john-1.7.0.2/run]$
So I need the root password to find out the root password?

But john is great otherwise. I should write a program that when it compiles, it prints out all the letter combinations possible, up to x amount of letters. Like:
a
aa
aaa
aaaa
aaaaa
aaaaaa
aaaaaaa
ab
aba
abaa
abaaa
abaaaa
abaaaaa
abb
abba
abbaa
abbaaa
abbaaaa

and so on including all letters in ASCII table and such. Probaly just a loop of some sort, but I have no idea how I would do it.

I don't think John can, but can John get online passwords?

#5 prick

prick

    SUP3R 31337

  • Members
  • 160 posts
  • Location:44

Posted 02 January 2007 - 07:38 PM

No root password? *cough*local privilege escalation*/cough*

Windows passwords, yes.

Online? Its just a hash cracker as far as I'm aware.

#6 Octal

Octal

    Dangerous free thinker

  • Members
  • 886 posts

Posted 02 January 2007 - 07:46 PM

I do have the root password for the computer I was on. I was talking about remote computers.

#7 prick

prick

    SUP3R 31337

  • Members
  • 160 posts
  • Location:44

Posted 02 January 2007 - 08:05 PM

I was too, albeit one too which you have shell access.

#8 stderr

stderr

    SUP3R 31337

  • Members
  • 166 posts
  • Location:USA

Posted 02 March 2007 - 01:52 PM

John is a password cracker, not a password retriever. It's up to the user to grab the needed hashes
and then feed them into John. As far as a simple brute force algorithm, I needed a large file for testing
some program I was working on, so here's a little 4 letter brute forcer.

http://stderr.linuxi...net/code/four.c

The "Windows passwords" of which you speak utilize the NTLM hash algorithm... and yes, John supports that.




BinRev is hosted by the great people at Lunarpages!