-
April 9th, 2002, 01:37 PM
#11
How to use John the Ripper
Learn to use this tool to crack passwd files
Below is an example passwd file:
jeunehom:uRavlb2TZc7fA:10009:100:Fanny JEUNEHOMME,Promo2001:/home/jeunehom:/bin/bash cellier:6VVFRl.ib8J4E:10012:100:Remi Cellier,Promo2001:/home/cellier:/bin/bash dischamp:bAndzoL65f2sY:10017:100:Sylvestre Dischamp, Promo2001:/home/dischamp:/bin/bash artus:z0A3df0OmqmFI:10027:100:Guillaume ARTUS,Promo2001:/home/artus:/bin/bash conti:ai05V8QKeoy5.:10031:100:Igor Conti,Promo2001:/home/conti:/bin/bash villard:/SMP6Kp/Ta7IE:10034:100:Eric villard, Promo2001:/home/villard:/bin/bash thong:ILZ5vYepxdrXI:10036:100aniel Thong, Promo2001:/home/thong:/bin/bash caronst:RCKjguAg2gcUA:520:100:Stephane Caron,externe:/home/caronst:/bin/bash humberte:RHLuzAqk4q6tg:524:100:Eric Humbert,externe:/home/humberte:/bin/bash lett:CCstsGLHidWfk:10038:100:Jean-Francois LETT, Promo2002,,:/home/lett:/bin/bash pouillon:3O6MbRS70BOD2:512:100:Yann Pouillon,externe:/home/pouillon:/bin/bash changey:rttCjavOaeC82:10039:100:Sebastien CHANGEY, Promo2002:/home/changey:/bin/bash
This is what it would appear like with most exploits, so now you have to break the passwd file up into single line entries as follows:
jeunehom:uRavlb2TZc7fA:10009:100:Fanny JEUNEHOMME,Promo2001:/home/jeunehom:/bin/bash
cellier:6VVFRl.ib8J4E:10012:100:Remi Cellier,Promo2001:/home/cellier:/bin/bash
dischamp:bAndzoL65f2sY:10017:100:Sylvestre Dischamp, Promo2001:/home/dischamp:/bin/bash
artus:z0A3df0OmqmFI:10027:100:Guillaume ARTUS,Promo2001:/home/artus:/bin/bash
conti:ai05V8QKeoy5.:10031:100:Igor Conti,Promo2001:/home/conti:/bin/bash
villard:/SMP6Kp/Ta7IE:10034:100:Eric villard, Promo2001:/home/villard:/bin/bash
thong:ILZ5vYepxdrXI:10036:100aniel Thong, Promo2001:/home/thong:/bin/bash
caronst:RCKjguAg2gcUA:520:100:Stephane Caron,externe:/home/caronst:/bin/bash
humberte:RHLuzAqk4q6tg:524:100:Eric Humbert,externe:/home/humberte:/bin/bash
lett:CCstsGLHidWfk:10038:100:Jean-Francois LETT, Promo2002,,:/home/lett:/bin/bash
pouillon:3O6MbRS70BOD2:512:100:Yann Pouillon,externe:/home/pouillon:/bin/bash
changey:rttCjavOaeC82:10039:100:Sebastien CHANGEY, Promo2002:/home/changey:/bin/bash
Now examine an entry:
jeunehom:uRavlb2TZc7fA:10009:100:Fanny JEUNEHOMME,Promo2001:/home/jeunehom:/bin/bash
Username: jeunehom
Password Hash: uRavlb2TZc7fA
Permissions: 10009:100
Name: Fanny JEUNEHOMME,Promo2001
Home Directory: /home/jeunehom
Logon Shell: /bin/bash
So to crack this take a text editor and place the entire entry into it, name the file passwd.txt then go into dos and execute john with a simmilar command line to the following:
D:\Apps\JOHN-16\RUN>john passwd.txt
Loaded 1 password (Standard DES [48/64 4K])
John the Ripper is now brute forcing passwd.txt to check its progress you can press space and it will come up with something like the following:
guesses: 0 time: 0:00:00:03 (3) c/s: 37110 trying: shance1 - meter
When John the Ripper returns you to the command prompt the passwd has been cracked, to view it do the following:
D:\Apps\JOHN-16\RUN>john -show passwd.txt
albert:jupiter:666:666:Section 3:/home/section3:/bin/csh
This shows us that the user 'albert' with a password of 'jupiter' has been found.
Now try this on yourself....
Make your own wordlist fairly simple. Hope this help's!
-
April 9th, 2002, 03:00 PM
#12
Humm, where did you get that from blut23? If you wrote it yourself, I am quite surprised, because both the current password being checked and the password that were cracked are not in the original password file.
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
April 15th, 2002, 04:15 PM
#13
Naw, he's gettin' the output from one of the cyberarmy challeneges, and the rest of it looks bongo.
-
April 16th, 2002, 08:11 AM
#14
there is a mode in JTR that is -i i forgot what the whole word is seeing as i havent used JTR in a long while, but it basically does it without a dictionary file, its more efficiant, takes longer but works better
-
April 16th, 2002, 08:52 AM
#15
Hence i need a tool which will e.g. import two different wordlists and kill all the duplicates and spit out a new file.
Can't you use the unix diff command for this? Just find the differences and pipe the output to a file. If diff doesn't acutally have a switch that only prints the differences between two files, you can use grep to only print the lines that start with < or > to the file depending on what you want.
By the way, it isn't password cracking, it is password "auditing." There is a BIG difference.
Essentially, they are two names for the same thing. As long as you have permission to do it, it doesn't matter what you call it. In other words, when I'm doing a password "audit", I really mean that I'm trying to crack my own password file. "Audit" is just a nice way of saying it so that I don't scare the kids .
lol wait.. isnt John The Ripper a really OLLLLDDD password cracker??
Hehe, yeah it's old but it's still the best password cracker (oops I mean password auditer) around .
OpenBSD - The proactively secure operating system.
-
April 16th, 2002, 09:51 AM
#16
Junior Member
i have an interesting problem for u!
our systems administrator has blocked access to DOS, sys files, config files and everything useful. i need access to some of these files and up to now password crackers have all required to use DOS to run the dictoinary files. is there any way around this? what programs can u suggest? and how do they work?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|