John differs from tools such as Hdra. Hydra a blind brute force attack by attempting a username/password combination on a service daemon on an FTP server or Telnet server. However, John first needs to hash it out. So the bigger challenge for hackers is to get the hash that needs to be cracked first. Today, using the free Rainbow table (Rainbow table), which is available online, is easier to break down. Just go to one of the sites and submit the hash; If the hash is made up of a common word, the site will almost immediately display the word. The rainbow table basically stores common words and corresponding hashes in a large database. The larger the database, the more words are covered.
But if you want to hack the password locally on your system, then John is one of the good tools to try it. John is among the top ten security tools for Kali Linux. On Ubuntu, it can be installed via the newly-established Package Manager (Synaptic Package manager).
I'll show you how to use the Unshadow command, along with John, to crack a user's password on a Linux system in this article. On Linux, the user name/key details are stored in the following two files.
The code is as follows:
/etc/passwd
/etc/shadow
The actual password hash is stored in the/etc/shadow, and the file can be accessed as long as the machine has root access. So try to access the file from your own Linux system. Or create a new user with a simple password first. I will create a new user named Happy on my Linux system with a password of chess.
The code is as follows:
root@kali:~# AddUser Happy
Adding user ' happy ' ...
Adding new group ' happy ' (1001) ...
Adding new user ' happy ' (1000) with group ' happy ' ...
Creating home directory '/home/happy ' ...
Copying files from '/etc/skel ' ...
Enter New UNIX Password:
Retype new UNIX Password:
Passwd:password updated successfully
Changing the user information for happy
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [y/n] Y
root@kali:~#
For ease of presentation, it's a good idea to use a simple password so you don't have to wait too long. Since our new user has been created, we can now crack the password.
The Unshadow command basically combines/etc/passwd data with/etc/shadow data to create 1 files that contain details of user names and passwords. The usage is quite simple.
The code is as follows:
root@kali:~# Unshadow
Usage:unshadow Password-file Shadow-file
root@kali:~# Unshadow/etc/passwd/etc/shadow > ~/file_to_crack
We redirect the output of the Unshadow command to a new file named File_to_crack.
Steps
Let's take a look at the concrete steps, after the successful password in Jhon.pot, just the password:
1 into the/root/john-1.7.8/run directory, with Jhon tools Unshadow Read/etc/shadow
The code is as follows:
./unshadow/etc/passwd >/root/john-1.7.8/run/passwd.txt
Eg: if the root user can direct Cat/etc/shadow >/root/john-1.7.8/run/passwd.txt
2 first step using single crack mode to crack
The code is as follows:
Single crack
Specifically for the person who uses the password for the account, he will try a variant of the username and define the rule in [List.Rules:Single] in john.conf
The code is as follows:
./john--single Passwd.txt
If the crack succeeds, you can view the Jhon.pot, or use:
The code is as follows:
./jhon--show passwd.txt View passwords and users
3 The second step is cracked with wordlist mode
Wordlist mode is a relatively simple pattern, as long as you determine where the dictionary file is, there is a default dictionary file ' wordlist = $JOHN/password.lst ' in the jhon.conf profile The Password.lst file in the run directory, the wordlist mode rule is defined in the [List.Rules:Wordlist] module in jhon.conf, and under [List.Rules:Wordlist] There is also a [ The List.Rules:NT] module is a variation rule that defines rules.
The code is as follows:
./jhon--wordlist=password.lst Passwd.txt
Or
The code is as follows:
./jhon--wordlist=password.lst--rules Passwd.txt
4 Fourth step with incremental mode crack
Incremental is the most powerful mode, he will be exhaustive all the combination, and then as a password to crack, very time-consuming, in the configuration file has [Incremental:all],[incremental:alpha],[incremental:digits] , [Incremental:alnum],[incremental:lanman] and other modules. Each module name has a corresponding date file under run.
The code is as follows:
./jhon--incremental=all Passwd.txt
5 Fifth step with external mode crack
External allows users to write their own C-language crack mode, in the jhon.conf has brought some crack mode program.
Parameter explanation
--stdout Output Results to screen
--restore continues execution from the last time the decryption was interrupted, CTRL + C interrupts execution, and the current status is stored in a document named restore, using--restore to read the last interrupted location from restore and continue to crack
--session set the name of the current log file
--make-charset character frequency table, he will be cracked out of the password based on the generation of Character frequency table, can be used in incremental mode
--show shows that the password has been cracked because John. Pot does not store account information, you should enter the relevant passwd file when using show
--test test machine performs various types of password cracking speed
--users only cracked an account password, can be user name or UID number, preceded by '-' means not to crack the relevant user password
--groups only cracked a user's password in a group, preceded by '-' means not to crack a user's password in a group
--shells cracked using a user of some type of shell, preceded by '-' means not cracked
--salts only salts passwords that are larger than count, salts is the base unit that UNIX uses as a password encoding
--format the type of predefined password cracking des/bsdi/md5/bf/afs/lm/