Install and use John to crack the Linux Password

Source: Internet
Author: User

1. # cd/tmp

# Wget http://www.openwall.com/john/g/john-1.7.4.2.tar.gz

# Tar-zxvf john-1.7.4.2.tar.gz

# Cd johns-1.7.4.2 # cd SRC
# Make linux-x86-any-a.out

Or use sudo apt-Get install John

2: unshadow/etc/passwd/etc/shadow> passwd.txt (note that only root can execute unshadow, because only root can read/etc/shadow .) 3: chmod 600 passwd.txt 4: John passwd.txt

In addition, if the attack has been successfully cracked, you can view John. Pot.

# John-show passwd.txt

# John-show-users: yujs passwd.txt to get the password of the specified user. John the Ripper's four attack Modes

Worddlist Mode)
This is the simplest Mode Supported by John. the only job you need to do is to tell John where the dictionary is (the dictionary is a text file, A single word in each line of the content indicates the password of the test. In the dictionary file cracking mode, you can use the word change function to automatically apply these rules to each read word to increase the chance of cracking.

Simple mode (single crack)
The "simple" attack mode is specifically designed for "using an account as a password". The so-called "using an account as a password" means that if a user account is "John 」, the password is also "John 」. In simple mode, John uses the "Account" field in the password file to crack the password, multiple "word change" rules are applied to the "Account" to increase the chance of cracking. For example, if the account is John, it will try "John", "john0", "Njoh", "j0hn 」.... And other rule changes to try the password.

"Enhanced" Attack Mode)
This is John's most powerful cracking mode. It will automatically try all possible character combinations and then use them as passwords for cracking. It takes a long time to crack this mode, because it takes a lot of time to try to combine characters, John will define some character frequency tables (character frequencytables) to help crack. In short, this method is the "Violence Law", which tests all possible combinations of passwords to obtain the correct results.

"Plug-in module" attack mode (external mode)
This cracking mode allows users to write some "cracking module programs" in C language and then use them in John. In fact, the so-called "cracking Module Program" is a secondary expression designed in C language, and its function is to generate some words for John to try to crack. While

When running the John program, it automatically compiles these C-language sub-statements when loading these "cracking module programs" and then uses them. (Really great, let me admire this point)

John the Ripper command column parameter description

Command column command]

John [-command column parameters] [Password File name]

Command Column Parameters]

Parameter:-single
Note: The single crack mode is used for decryption. It is used to guess and decrypt data based on the user's account changes. The change rules are recorded in John. [list. rules: single] region. (I will introduce it later)

Example: John-single passwd

Parameter:-wordfile: [dictionary file name]-stdin

Note: The "Dictionary" cracking mode is used for decryption. A single word can be read from the dictionary or the-stdin parameter can be added to crack the attack by inputting a single word on the keyboard.

Example: John-wordfile: bigdict. DIC passwd

Parameter:-Rules
Note: The word rule change function is enabled in the dictionary file cracking mode. For example, if "dictionary file" is used to read a single word Cook, the word change function is enabled, the program may try Cook, c00k, cooker, cook0... And other words. Detailed change rules are recorded in the [list. Rules: wordlist] area of the john. ini file. (I will introduce it later)

Example: John-wordfile: bigdict. DIC-rules passw

Parameter:-incremental [: Mode name] (the parameter can also be abbreviated as-I [: Mode name])
Note: The "enhanced" Mode for decryption means that all possible characters are combined as passwords for cracking. Many schema names are defined in the [incremental: *****] area of the john. ini file to specify which mode to use for cracking. (I will introduce it later)

Example: John-I: All passwd

Parameter:-External: [Module name]
Note: The "plug-in module" cracking mode is used for decryption. You can write an additional "cracking Module Program" by yourself 」. The "cracking Module Program" is recorded in the [list. External: ******] area of the john. ini file.

Example: John-External: Double passwd

Parameter:-stdout [: length]
Note: This option has nothing to do with cracking, but simply displays the words produced by John on the screen.

Example: John-I: All-stdout

Parameter:-restore [: name of the reply file]
Note: continue the last interrupted decryption. John can press the <ctrlc> key to interrupt the password cracking process, and the current decryption progress will be stored in a file named "Restore. With the "-Restore" parameter, you can read the location where the last cracking was interrupted from the "Restore" file and continue the cracking.

Example: John-Restore

Parameter:-session [: file recording name]
Note: This option allows you to set the file name of the current session file. A work record is a file that can be used to reply to a job with the "-Restore" parameter. In addition, when John is used to crack multiple jobs, the "-session" parameter can be used to set different records for each job without mixing them together.

Example: John-wordfile: bigdict. DIC-session: work1 passwd

Parameter:-status [: the name of the recording file]
Note: displays the working status recorded in the work record.

Example: John-status: Restore

Parameter:-makechars: [file name]
Note: create a "Character Frequency table 」. This option will generate a "Character Frequency table" based on the cracked password. (Note: John records the cracked password in the john. Pot file ,). If the specified file name already exists, it will be overwritten. Files generated by this option can be used in the "enhanced" cracking mode.

Example: John-makechars: ownchars

Parameter:-show
Note: The password that has been cracked is displayed. Because the john. Pot file does not store "Account" information, you should enter the corresponding password during use.

Example: John-show passwd

Parameter:-test
Note: the speed at which the current machine executes various types of password cracking for John is tested.

Example: John-test

Parameter:-users: [-] login | uid [,...]
Note: Only the password of an "Account" is cracked, for example, only for root users or users with root privilege uid = 0. (If the "-" symbol is added before the login | uid name, it means not to crack the password of this "account)

Example: John-I: All-users: Root passwd

Parameter:-groups: [-] uid [,...]
Note: Only passwords of users in a group are cracked. (If "-" is added before the UID name, it indicates that the password of the user in the "Group" is not cracked)
Example: John-I: All-groups: 100
Parameter:-shells: [-] shell [,...]
Note: like the preceding two parameters, this option only applies to password cracking for all users who can use shell. (If the Shell Name is preceded by the "-" symbol, it indicates that the password of the user who can use the shell is not cracked ). When specifying a shell, you can omit the absolute path. For example, the "-shells: CSH" parameter will contain paths such as "/bin/CSH" or "/usr/bin/CSH, however, if you specify "-shells:/bin/CSH", it only contains the Shell Name "/bin/CSH.

Example: John-I: All-shells: CSH passwd

Parameter:-salts: [-] Count
Note: Only passwords of accounts with "salts" greater than "count" are cracked, this gives you a better cracking speed (the so-called "salts" refers to the unit used by Unix as the basis of the "password" encoding ). For example, you can first crack the password "-salts: 2" of a certain user to get a better speed, and then crack the password of the remaining user "-salts: -2 」.

Example: John-I: All-salts: 2 passwd

Parameters:-format: Name and-savemem: Level
Note: These two parameters are related to John's internal operation settings and are not directly related to the cracking, so they are omitted. From: http://hi.baidu.com/51cmdshell/blog/item/deae2650ec1bbf2f42a75bb9.html

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.