John the Ripper is probably the fastest, most versatile, and definitely one of the most popular password crackers available. It supports six different password hashing schemes that cover various flavors of Unix and the Windows LANMan hashes also known as NTLM (used by NT, 2000, and XP). It can use specialized wordlists or password rules based on character type and placement.
John The Ripper Tutorial
I wrote this tutorial as best I could to try to explain to the newbie how to operate JTR. Remember, this is a newbie tutorial, so I wont go into detail with all of the features. JTR is a program that decyrpts Unix passwords using DES (Data Encryption Standard).
The Process
Step 1: Download JTR.
Step 2: Extract JTR. In windows use winzip. In unix type tar -xzf john-1.6.tar.gz
Step 3: In windows open the command prompt. Go to the Start menu, click Run, type 'command' (no quotes) and press enter.
You with me? Good. Go to whatever directory to have JTR in. Type 'john' and press enter. A whole list of options will come up:
John the Ripper Version 1.6 Copyright (c) 1996-98 by Solar Designer
Usage: /WINDOWS/DESKTOP/JTR/JOHN-16/RUN/john [OPTIONS] [PASSWORD-FILES]
-single "single crack" mode
-wordfile:FILE -stdin wordlist mode, read words from FILE or stdin
-rules enable rules for wordlist mode
-incremental[:MODE] incremental mode [using section MODE]
-external:MODE external mode or word filter
-stdout[:LENGTH] no cracking, just write words to stdout
-restore[:FILE] restore an interrupted session [from FILE]
-session:FILE set session file name to FILE
-status[:FILE] print status of a session [from FILE]
-makechars:FILE make a charset, FILE will be overwritten
-show show cracked passwords
-test perform a benchmark
-users:[-]LOGIN|UID[,..] load this (these) user(s) only
-groups:[-]GID[,..] load users of this (these) group(s) only
-shells:[-]SHELL[,..] load users with this (these) shell(s) only
-salts:[-]COUNT load salts with at least COUNT passwords only
-format:NAME force ciphertext format NAME
(DES/BSDI/MD5/BF/AFS/LM)
-savemem:LEVEL enable memory saving, at LEVEL 1..3
You wont need most of these options. In fact, you don't really need any of these options. You can simply type 'john [filename]'. The filename must include the .txt extension. This is the regular crack. It will use bruteforce to decrypt all of the passwords in the file. If you're an impatient ass you can use a word list. This is not as effective but it's quicker (more on that later).
How to make a crackable file: Let's say that for some reason you have a DES encrypted password but no file. If you want to crack it (why else would you be here?) you need to make your own file. Just create a text file and paste in the password. Now put a username (just any old name will do) in front of it with a colon separating the two. It should look something like this:
User:gyuJo098KkLy9
Save the file as crackme.txt (just an example) and go to the prompt and type 'john crackme.txt' (no quotes obviously). Now you just have to wait.
Options
Here are a list of the options and what they do.
single: Single crack mode. This is only recommended for weak passwords as it includes only a few rules and a small wordlist.
Usage: john -single crackme.txt
wordfile: Uses a wordlist (basically a dictionary attack). What this does is tries every word in the list until it finds a match or you reach the end of the list. This is quicker than the default (bruteforce) attack, but I don't recommend this because it doesn't always find a match. More notes on wordlists below.
Usage: john -wordfile:password.lst crackme.txt
rules: Lets you define the rules for using wordlists. I don't use wordlists, so if you want to use this option I wont help you. Ok, ok, I'm just lazy. Shoot me.
incremental: I like this method. It allows you to do a bruteforce attack
under certain modes.
Usage: john -incremental:alpha crackme.txt (only letters)
john -incremental:digits crackme.txt (only numbers)
john -incremental:lanman crackme.txt (letters, numbers, and some special characters)
No comments:
Post a Comment