December 29th, 2003 07:39 PM
John the Ripper troubles
I'm having problems with John the Ripper. I am currently doing a wargame and I got a "password file" that gives the password to the next level. It gives it in the format of
I tried breaking it into 2 different files in my run directory of John and unshadowing it. Them being..
shadow파일의 level8 패스워드 부분이다.
passwd shadowd And then running the unshadow program like so..
./unshadow passwd shadowd
It doesn't do anything though. Also I can't get John to load a wordlist and crack a unshadowed password. I thought it was just ./john -wordlistassword.lst -rules passwordfile , but that doesn't work. As you see I don't really understand this too well, and I can't find anything of any use to me. Thanks for the help
December 29th, 2003 07:54 PM
I am not going to say how to do it, but if you looked through the documentation of John, you would see that unshadow is for combining the password/shadow file for systems that have shadowed password files (a very necessary security precaution). For example:
On old unix systems, the salt/encryption would have been in /etc/passwd where the X is. All unshadow does is take xxxxxxxxxxx and put it in the passwd file where x is.
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
December 29th, 2003 08:28 PM
Thats my problem. I looked through EVERY documentation in johns /doc folder with nothing that helped me. With what you gave me, would I set up the pass file like..
and the shadow as..
I did that going by what you showed me. But if you look at what I started out with, I'm having problems on how to set that up.
December 30th, 2003 05:14 AM
Have you tried it without the use of a wordlist or any other options to test?
"It is a shame that stupidity is not painful" - Anton LaVey
April 15th, 2004 01:42 AM
Ah, it looks like your doing the hackerslab wargame. I passed that level. Anyways, yes...on this level, just save a .txt file with this info "level8:VoE4HoQCFfMW2".
First, you're going to want a file with the passwords (dictionary)...a good one too, to make sure it doesn't miss any words. Then, the rest is pretty simple, type this in the directory of your john.exe with the command prompt:
john -w: password.lst file1
(changing file1 to your filename that you saved)
It should display: "Loaded 1 password..."
Then it will save a POT file in that directory.
Open that up to see what it decrypted the password to.
If you have anymore questions about this level or about higher levels, email me: firstname.lastname@example.org