From aldeid
Jump to navigation Jump to search

John The Ripper


John The Ripper is a password cracker available for many OS.


$ cd /data/src/
$ wget
$ tar xzvf john-1.7.6.tar.gz
$ cd john-1.7.6/
$ cd src/
$ make
To build John the Ripper, type:
      make clean SYSTEM
where SYSTEM can be one of the following:
linux-x86-64             Linux, x86-64 with SSE2 (best)
linux-x86-sse2           Linux, x86 with SSE2 (best if 32-bit)
linux-x86-mmx            Linux, x86 with MMX
linux-x86-any            Linux, x86
linux-alpha              Linux, Alpha
linux-sparc              Linux, SPARC 32-bit
linux-ppc32-altivec      Linux, PowerPC w/AltiVec (best)
linux-ppc32              Linux, PowerPC 32-bit
linux-ppc64              Linux, PowerPC 64-bit
linux-ia64               Linux, IA-64
freebsd-x86-64           FreeBSD, x86-64 with SSE2 (best)
freebsd-x86-sse2         FreeBSD, x86 with SSE2 (best if 32-bit)
freebsd-x86-mmx          FreeBSD, x86 with MMX
freebsd-x86-any          FreeBSD, x86

In the last command, take the line that corresponds to your distribution and enter (replace "linux-x86-any" by the one you selected):

$ make clean linux-x86-any

You can now test your installation by issuing:

$ cd ../run
$ ./john --test

How to use?

Crack passwords

To crack /etc/passwd (or /etc/shadow), enter:

$ ./john /etc/shadow
Loaded 2 password hashes with 2 different salts (FreeBSD MD5 [32/32])

Another example against a .htpasswd file:

$ ./john /usr/local/wwwpass/.htpasswd
Loaded 3 password hashes with 3 different salts (Traditional DES [24/32 4K])
To abort a session, type ^C. You then have the possibility to resume a session since a temporary file has been created.

Resume a session

A previous session can be retrieve thanks to john.rec file. To restore a session, issue:

$ ./john --restore

Retrieve cracked passwords

To retrieve cracked passwords (in this example, no password has been cracked, session has been aborted):

$ ./john --show /etc/shadow
0 password hashes cracked, 2 left