Sign in to follow this  
Followers 0

John The Ripper

8 posts in this topic

Summary: initial draft

{| border="0" cellpadding=1 bgcolor="#3d3d3d"




!align="left"|Date Released:



!align="left"|Added to DD:

|align="left"|22:02, 10 Nov 2006 (EST)


=John The Ripper=

First download and install John the Ripper from its ['> homepage].

Read the documentation that came with John on how to install it.

If you are using John in windows I recommend putting a batch file in the run

directory that will bring up a DOS prompt. Otherwise from the start menu select run,

type cmd in the dialog box and hit enter.

[] had this to say about John, "John the Ripper is a fast password cracker,

currently available for many flavors of Unix (11 are officially supported, not

counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose

is to detect weak Unix passwords. Besides several crypt(3) password hash types most

commonly found on various Unix flavors, supported out of the box are Kerberos AFS and

Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches."

Taking this in mind we first need some passwords to crack. I will be generating our

encrypted passwords using the following Perl script:



use warnings;

use strict;

use Crypt::PasswdMD5;

my $pass = "temp1";

my $unix = unix_md5_crypt($pass);

print "unix:$unixn";</pre>

I redirect the output of the script to a file called pass.txt via the command line;

<pre>'chillmaster@th3v0id ~ $ ./crypt.plx > pass.txt'.</pre>

My new password file looks like this:


Unix password files separate the user name from the password with the colon. Most

.htpasswd files on web servers follow a similar format

John supports a few different ways of cracking passwords, the most commonly used

probably are the incremental and word list methods. By default john cycles through

the methods, resorting lastly to incremental mode. The command to crack our password

looks like this:

<pre>th3v0id chillmaster # john pass.txt</pre>

After a few moments john finishes with the following output:

<pre>Loaded 1 password (FreeBSD MD5 [32/32])

temp1 (unix)

guesses: 1 time: 0:00:00:02 100% (2) c/s: 3813 trying: temp1</pre>

The first line is generated as soon as the cracking begins. This line counts the

number of passwords john is going to crack and some information about the type of

encryption the passwords use. The next line is the cracked password with the username

in parenthesis. The last line is John's final report with the number of guesses and

the last guess john tried.

If you didn't want to wait forever for the incremental mode to finish you can try your

luck with a word list. All you need to do is tell john what word list to use;

<pre>'th3v0id chillmaster # john -wordfile=wordlist.txt pass.txt'.</pre>

Another handy feature is that John can restore a password cracking session that was

killed or crashed, All you need to do is pass john the '-restore' option. On the

other hand if you pass John the '-show' option John will show you the passwords

already cracked.

If you happen to try this tutorial out for yourself I think you will be surprised to

see how fast John cracked the short, "temp1", password. Everyone stresses password

security but not everyone knows why. Its true that if your computer or the company

that hosts your mail got compromised that a hacker would have access to everyones'

password. The problem facing the hacker is that the passwords are still encrypted on

the hard drive. When a system with thousands of users gets compromised the strength

of a password can deter a hacker from even bothering with your account if he has

twenty other passwords already cracked.

[[Category: Hacking]]


Share this post

Link to post
Share on other sites

I heard John can crack Windows passwords, is this true? I'm pretty sure yes.

And John seems pretty useless to me. I just installed it, and ran it on my own password, and this was the commands I used(Not as root):

[07:02:02][dv5000t>~/john-]$ ./john /etc/passwd
No password hashes loaded
[07:02:57][dv5000t>~/john-]$ ./john /etc/shadow
fopen: /etc/shadow: Permission denied

So I need the root password to find out the root password?

But john is great otherwise. I should write a program that when it compiles, it prints out all the letter combinations possible, up to x amount of letters. Like:



















and so on including all letters in ASCII table and such. Probaly just a loop of some sort, but I have no idea how I would do it.

I don't think John can, but can John get online passwords?


Share this post

Link to post
Share on other sites

No root password? *cough*local privilege escalation*/cough*

Windows passwords, yes.

Online? Its just a hash cracker as far as I'm aware.


Share this post

Link to post
Share on other sites

I do have the root password for the computer I was on. I was talking about remote computers.


Share this post

Link to post
Share on other sites

I was too, albeit one too which you have shell access.


Share this post

Link to post
Share on other sites

John is a password cracker, not a password retriever. It's up to the user to grab the needed hashes

and then feed them into John. As far as a simple brute force algorithm, I needed a large file for testing

some program I was working on, so here's a little 4 letter brute forcer.

The "Windows passwords" of which you speak utilize the NTLM hash algorithm... and yes, John supports that.


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0