you can get JTR here
http://www.openwall.com/john/

this tutorial was made by a good friend of mine
was too lazy to write it
lol


JOHN THE RIPPER TUTORIAL


Ok, this tutorial is about John the Ripper, often shortened to JTR. JTR is a password cracker for UNIX style passwords. You will need JTR to crack accounts extracted from CCBILL.LOG's or passwd files. This tutor can be used by the novice user, but maybe the more experienced users can discover some new dimensions too.

The accounts which JTR can crack must have the following format:

Fabian:56FgemjhWD9g6
colsen:99lu/CUMikgxM
ibunton:52plhWx7Iv.Cg
tommyb:90rhlDur.3ofE
Minutolo:86c9kUFc/2qxE
schwange:92LsZO7AsKIZA
^^user^^:^^^^hash^^^^^

The "weird" characters after the ':' is called the hash. A hash is nothing more than a code/number generated from a string of text. These hashes can be cracked with JTR. The DES hashes which are used in CCBILL.logs are always 13 chars long.

WORDLIST MODE
JTR has different cracking modes. One of the fastest way is to use a wordlist. The wordlist has to be a single wordlist and NOT a combolist. To make your own single wordlist (text file containing one word per line), you could think of using dictionaries of different languages, familynames, petnames, movie names, etc.

To let JTR work with a wordlist you run JTR like this (in a command window):
in DOS mode. go to the directory where you placed john then run john by:
john -w:PASSES.TXT PORN_ACCOUNTS.TXT
where PASSES.TXT is your single wordlist file, and PORN_ACCOUNTS.TXT is the file containing the usernames and hashes like shown above.

You can do a more advanced way of wordlist cracking by supplying a
-rules parameter like this ( but make sure you know how to play with rules):

john -w:PASSES.TXT -rules PORN_ACCOUNTS.TXT

This mode will take some more time, but the chance to crack more accounts increases quite a lot.In this mode JTR will test each word in the wordlist including variations of that word, like adding a number before or after the word, removing vowels and other nifty tricks.

Here you have a screenshot if you start john cracking with a wordlist:
Loaded 945 passwords with 97 different salts (Traditional DES [64/64 BS MMX])
forest5 (temptor)
tomato (marley)
guesses:2 time: 0:00:00:08 0% c/s:109080040 trying: aljarfa - alkamin
anubis (jbwein)
guesses:3 time: 0:00:00:23 1% c/s:109082277 trying: berozo - berryton
Session aborted

If JTR is busy, you can hit [space] to display the current status. As seen in the above screenshot, you will get a status line with the number of guesses so far, how long JTR has been running (days:hours:minutes:seconds), the progress indicator, the speed in combinations of login and password per second and the current password tries. If JTR cracks an account it will show you the password first and between the ( ) the loginname.
If you have enough passes and you want to quit JTR, use ctrl-break (do NOT press ctrl-c twice, because that will not save your results to JTR's history (.POT file) and the restore file). In windows I have the experience that CTRL-C will not save the session either. You have explicitly use the Ctrl-Break combination!

If you have aborted JTR and want to let JTR resume the cracking, you can restore the interrupted session with this: john -restore
If you want to see which accounts JTR has been cracked, you use the option -
show:

john -show PORN_ACCOUNTS.TXT

To save the cracked accounts to a file, you can use the standard redirection:

john -show PORN_ACCOUNTS.TXT > cracked_accounts.txt


SINGLE CRACK MODE
This is the most easiest and probably fastest mode you should try first on your password files. It uses the logins to construct passwords with many different rules.
john -single PORN_ACCOUNTS.TXT

INCREMENTAL CRACK MODE
This is the most advanced and powerful cracking mode of JTR. In this mode JTR will try every possible character combination. With the maximum length of passwords around 8, it will seem that JTR will never terminate his session. It will end eventually but it can take months, even years to complete it. JTR has some advanced methods when it comes to trying every possible character combination. It uses character frequency tables and stuff, to improve the chance of success.
There are different character sets which you can use. The charsets which are delivered with JTR are the following:

All : this character sets contains 95 different chars (all letters, numbers, chars like !@#$%^&*()_+)
Alpha : this character sets contains 26 different chars (a to z)
Digits : this character sets contains 10 different chars (0 to 9)
LanMan : this character sets contains 65 different chars, and is primarly used for cracking LanMan passwords which are used by WindowsNT.
If you don't specify a <mode>, JTR will choose the default incremental mode which is 'All'.
john -i PORN_ACCOUNTS.TXT
john -i:digits PORN_ACCOUNTS.TXT
john -i:alpha PORN_ACCOUNTS.TXT

Some tips - some are advanced

1. If you alphabeticly sort your wordlist, JTR will be running a little faster. Another advantage of sorting is that JTR can detect dupes by himself.

2. Although the maximum length of the password is normally 8 chars, don't remove or truncate the words in the wordlist which are larger than 8 chars. The rest maybe needed by the -rules option (think of the vowel-removing rule). John is btw smart enough not to test two passwords again if the list is sorted.

3. JTR can make use of wildcards, such as:
john -w:WORDLIST.TXT -rules accounts*.txt
It will load all accounts*.txt file and starts cracking all the accounts in them.

4. The amount of different salts has effect on the speed of JTR. How more salts must be calculated, the slower JTR is. To speed up the whole process you can chose to let JTR try salts with <n> passwords. To test salts with more than 5 passwords, you use the following options:
john -wordfile:WORDLIST.TXT -rules -salts:5 PORN_ACCOUNTS.TXT
To test the rest of the salts (those with less than 5 passwords), use -<n>:
john -wordfile:WORDLIST.TXT -rules -salts:-5 PORN_ACCOUNTS.TXT

5. To have more than one session which you can restore, you can let the session be saved as <name> by using the option -session:<name>. To restore a specific session use the option -restore:<name>. The status of a cancelled session can be watched by the option -status:<name>
john -wordfile:WORDLIST.TXT -rules -session:firsttry PORN_ACCOUNTS.TXT
john -restore:firsttry
john -status:firsttry

6. If you have cracked a lot of accounts, it can be more effective to make your own charset. Your custom made charset will not only contain the chars used in the cracked passwords, but will determine the character frequencies too to make JTR more efficient and faster in cracking passwords. To make your own charset the following steps have to be made:

a) Make your own charset
john -makechars:THEBEST.CHR PORN_ACCOUNTS.TXT
Loaded 73618 plaintexts
Generating charsets... 1 2 3 4 5 6 7 8 DONE
Generating cracking order... DONE
Successfully written charset file: thebest.chr (65 characters)

Edit the config file JOHN.CONF
- search for "[Incremental:All]" and you will see a section like this:
# Incremental modes
[Incremental:All]
File = $JOHN/all.chr
MinLen = 0
MaxLen = 8
CharCount = 95
- here you can add your own section (the CharCount will be given by JTR if you created a custom charset) to the config file
[Incremental:THEBEST]
File = $JOHN/THEBEST.CHR
MinLen = 3
MaxLen = 8
CharCount = 65