Difference between revisions of "johntheripper mini howto"

From thelinuxwiki
Jump to: navigation, search
(cracking passwords)
Line 12: Line 12:
 
the password file must include the password hashes
 
the password file must include the password hashes
  
crack using specified word list
+
crack using specified word list...
  
 
  # '''john --users=admin --wordlist=/var/tmp/wordlist.txt /etc/passwd'''
 
  # '''john --users=admin --wordlist=/var/tmp/wordlist.txt /etc/passwd'''

Revision as of 05:44, 7 June 2014



cracking passwords

simple crack on single user "admin" in password file using default john word list and settings

# john --users=admin --session=mycrack /etc/passwd

the password file must include the password hashes

crack using specified word list...

# john --users=admin --wordlist=/var/tmp/wordlist.txt /etc/passwd
Loaded 1 password hash (FreeBSD MD5 [128/128 SSE2 intrinsics 12x])
abc123       (admin)
guesses: 1  time: 0:00:00:00 DONE (Sat Jun  7 00:35:56 2014)  c/s: 3.33  trying: abc123
Use the "--show" option to display all of the cracked passwords reliably

crack status

# john --status=mycrack

shadow files

if the system you are trying to crack passwords on uses the /etc/shadow file to store password hashes (very likely), then use john's unshadow utility to construct / consolidate the /etc/passwd and /etc/shadow into one file for cracking

example

# unshadow /etc/passwd /etc/shadow > /var/tmp/passwd-shadow