Sunday, July 27, 2008

Password Cracking With John The Ripper

1. First, you need to get a copy of your password file. If your system uses shadow passwords, you may use John's "unshadow" utility to obtain the traditional Unix password file, as root: 

 umask 077
unshadow /etc/passwd /etc/shadow > mypasswd

(You may need to replace the filenames as needed.)

Then make "mypasswd" available to your non-root user account that you will run John under. No further commands will need to be run as root.

If your system is ancient enough that it keeps passwords right in the world-readable /etc/passwd, simply make a copy of that file.

If you're going to be cracking Kerberos AFS passwords, use John's "unafs" utility to obtain a passwd-like file.

Similarly, if you're going to be cracking Windows passwords, use any of the many utilities that dump Windows password hashes (LM and/or NTLM) in Jeremy Allison's PWDUMP output format. Some of these utilities may be obtained here: 

 http://www.openwall.com/passwords/pwdump

2. Now, let's assume you've got a password file, "mypasswd", and want to crack it. The simplest way is to let John use its default order of cracking modes: 

 john mypasswd

This will try "single crack" mode first, then use a wordlist with rules, and finally go for "incremental" mode. Please refer to MODES for more information on these modes.

It is highly recommended that you obtain a larger wordlist than John's default password.lst and edit the "Wordlist = ..." line in the configuration file (see CONFIG) before running John. Some wordlists may be obtained here: 

 http://www.openwall.com/wordlists/

Of those available in the collection at the URL above, all.lst (downloadable as all.gz) and huge.lst (only available on the CD) are good candidates for the "Wordlist = ..." setting.

3. If you've got some passwords cracked, they are stored in $JOHN/john.pot. The john.pot file is not meant to be human-friendly. You should be using John itself to display the contents of its "pot file" in a convenient format: 

 john --show mypasswd




In  Short ...

$unshadow /etc/passwd /etc/shadow >crack.txt

$john crack.txt   (brute Force attack)

OR

$john -w:words crack.txt  (dictionary attack)

$john -show crack.txt



Note -w option is used when u have some gusses about password .if u have some gusses
then create a file name words( in username password format) and use with -w option.
Posted by Ranjan at 1:05 AM
Label ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)