Results 1 to 7 of 7

Thread: John The Ripper aka JTR

  1. #1

    John The Ripper aka JTR

    you can get JTR here
    http://www.openwall.com/john/

    this tutorial was made by a good friend of mine
    was too lazy to write it
    lol


    JOHN THE RIPPER TUTORIAL


    Ok, this tutorial is about John the Ripper, often shortened to JTR. JTR is a password cracker for UNIX style passwords. You will need JTR to crack accounts extracted from CCBILL.LOG's or passwd files. This tutor can be used by the novice user, but maybe the more experienced users can discover some new dimensions too.

    The accounts which JTR can crack must have the following format:

    Fabian:56FgemjhWD9g6
    colsen:99lu/CUMikgxM
    ibunton:52plhWx7Iv.Cg
    tommyb:90rhlDur.3ofE
    Minutolo:86c9kUFc/2qxE
    schwange:92LsZO7AsKIZA
    ^^user^^:^^^^hash^^^^^

    The "weird" characters after the ':' is called the hash. A hash is nothing more than a code/number generated from a string of text. These hashes can be cracked with JTR. The DES hashes which are used in CCBILL.logs are always 13 chars long.

    WORDLIST MODE
    JTR has different cracking modes. One of the fastest way is to use a wordlist. The wordlist has to be a single wordlist and NOT a combolist. To make your own single wordlist (text file containing one word per line), you could think of using dictionaries of different languages, familynames, petnames, movie names, etc.

    To let JTR work with a wordlist you run JTR like this (in a command window):
    in DOS mode. go to the directory where you placed john then run john by:
    john -w:PASSES.TXT PORN_ACCOUNTS.TXT
    where PASSES.TXT is your single wordlist file, and PORN_ACCOUNTS.TXT is the file containing the usernames and hashes like shown above.

    You can do a more advanced way of wordlist cracking by supplying a
    -rules parameter like this ( but make sure you know how to play with rules):

    john -w:PASSES.TXT -rules PORN_ACCOUNTS.TXT

    This mode will take some more time, but the chance to crack more accounts increases quite a lot.In this mode JTR will test each word in the wordlist including variations of that word, like adding a number before or after the word, removing vowels and other nifty tricks.

    Here you have a screenshot if you start john cracking with a wordlist:
    Loaded 945 passwords with 97 different salts (Traditional DES [64/64 BS MMX])
    forest5 (temptor)
    tomato (marley)
    guesses:2 time: 0:00:00:08 0% c/s:109080040 trying: aljarfa - alkamin
    anubis (jbwein)
    guesses:3 time: 0:00:00:23 1% c/s:109082277 trying: berozo - berryton
    Session aborted

    If JTR is busy, you can hit [space] to display the current status. As seen in the above screenshot, you will get a status line with the number of guesses so far, how long JTR has been running (days:hours:minutes:seconds), the progress indicator, the speed in combinations of login and password per second and the current password tries. If JTR cracks an account it will show you the password first and between the ( ) the loginname.
    If you have enough passes and you want to quit JTR, use ctrl-break (do NOT press ctrl-c twice, because that will not save your results to JTR's history (.POT file) and the restore file). In windows I have the experience that CTRL-C will not save the session either. You have explicitly use the Ctrl-Break combination!

    If you have aborted JTR and want to let JTR resume the cracking, you can restore the interrupted session with this: john -restore
    If you want to see which accounts JTR has been cracked, you use the option -
    show:

    john -show PORN_ACCOUNTS.TXT

    To save the cracked accounts to a file, you can use the standard redirection:

    john -show PORN_ACCOUNTS.TXT > cracked_accounts.txt


    SINGLE CRACK MODE
    This is the most easiest and probably fastest mode you should try first on your password files. It uses the logins to construct passwords with many different rules.
    john -single PORN_ACCOUNTS.TXT

    INCREMENTAL CRACK MODE
    This is the most advanced and powerful cracking mode of JTR. In this mode JTR will try every possible character combination. With the maximum length of passwords around 8, it will seem that JTR will never terminate his session. It will end eventually but it can take months, even years to complete it. JTR has some advanced methods when it comes to trying every possible character combination. It uses character frequency tables and stuff, to improve the chance of success.
    There are different character sets which you can use. The charsets which are delivered with JTR are the following:

    All : this character sets contains 95 different chars (all letters, numbers, chars like !@#$%^&*()_+)
    Alpha : this character sets contains 26 different chars (a to z)
    Digits : this character sets contains 10 different chars (0 to 9)
    LanMan : this character sets contains 65 different chars, and is primarly used for cracking LanMan passwords which are used by WindowsNT.
    If you don't specify a <mode>, JTR will choose the default incremental mode which is 'All'.
    john -i PORN_ACCOUNTS.TXT
    john -i:digits PORN_ACCOUNTS.TXT
    john -i:alpha PORN_ACCOUNTS.TXT

    Some tips - some are advanced

    1. If you alphabeticly sort your wordlist, JTR will be running a little faster. Another advantage of sorting is that JTR can detect dupes by himself.

    2. Although the maximum length of the password is normally 8 chars, don't remove or truncate the words in the wordlist which are larger than 8 chars. The rest maybe needed by the -rules option (think of the vowel-removing rule). John is btw smart enough not to test two passwords again if the list is sorted.

    3. JTR can make use of wildcards, such as:
    john -w:WORDLIST.TXT -rules accounts*.txt
    It will load all accounts*.txt file and starts cracking all the accounts in them.

    4. The amount of different salts has effect on the speed of JTR. How more salts must be calculated, the slower JTR is. To speed up the whole process you can chose to let JTR try salts with <n> passwords. To test salts with more than 5 passwords, you use the following options:
    john -wordfile:WORDLIST.TXT -rules -salts:5 PORN_ACCOUNTS.TXT
    To test the rest of the salts (those with less than 5 passwords), use -<n>:
    john -wordfile:WORDLIST.TXT -rules -salts:-5 PORN_ACCOUNTS.TXT

    5. To have more than one session which you can restore, you can let the session be saved as <name> by using the option -session:<name>. To restore a specific session use the option -restore:<name>. The status of a cancelled session can be watched by the option -status:<name>
    john -wordfile:WORDLIST.TXT -rules -session:firsttry PORN_ACCOUNTS.TXT
    john -restore:firsttry
    john -status:firsttry

    6. If you have cracked a lot of accounts, it can be more effective to make your own charset. Your custom made charset will not only contain the chars used in the cracked passwords, but will determine the character frequencies too to make JTR more efficient and faster in cracking passwords. To make your own charset the following steps have to be made:

    a) Make your own charset
    john -makechars:THEBEST.CHR PORN_ACCOUNTS.TXT
    Loaded 73618 plaintexts
    Generating charsets... 1 2 3 4 5 6 7 8 DONE
    Generating cracking order... DONE
    Successfully written charset file: thebest.chr (65 characters)

    Edit the config file JOHN.CONF
    - search for "[Incremental:All]" and you will see a section like this:
    # Incremental modes
    [Incremental:All]
    File = $JOHN/all.chr
    MinLen = 0
    MaxLen = 8
    CharCount = 95
    - here you can add your own section (the CharCount will be given by JTR if you created a custom charset) to the config file
    [Incremental:THEBEST]
    File = $JOHN/THEBEST.CHR
    MinLen = 3
    MaxLen = 8
    CharCount = 65

  2. #2
    Im not even gonna bother readin it untiill you proof read it, spell check it and format it so it doesnt hurt my eyes.
    O.G at A.O

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Tutorials submitted should be original work. If your "friend" wants to submit it, he/she is welcomed to join AO and do so.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    Junior Member
    Join Date
    Mar 2003
    Posts
    1
    the wannabe is a "Plagiarism newbie"

    haven't been back here since 2003

    hmmm! I can't recall what turned me off to this site, if indeed that is why I was last here in 2003,

    the reason may have been similar to this "character"

    lol

  5. #5
    So what exactly turned you off more? The guy who started this thread or the people who've been here for years and have just responded because they don't seem to recognize a clear and blatant joke meant soley for nothing more than a response and what ever shits and giggles that fallow.

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Spesh~

    I hear what you are saying..........but this was not his first post along the same lines...............once may be a joke, twice or more is boring?

    And "fallow" are a sort of deer

  7. #7
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,253

    Re: John The Ripper aka JTR

    Originally posted here by sploiterwannabe


    this tutorial was made by a good friend of mine
    was too lazy to write it
    lol
    to lazy or just not l337 yet?
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •