Use the John the Ripper tool to try to hack a Linux password

Source: Internet
Author: User
Tags root access kali linux

This article mainly describes the use of John the Ripper tool to try to crack the Linux password method, this tool may be used primarily to crack the system user's password to obtain file operation permissions, the need for friends can refer to the following

John is different from tools like Hdra. Hydra a blind brute force attack by attempting a username/password combination on the FTP server or the service daemon on the Telnet server. However, John needs to hash first. So, the bigger challenge for hackers is to get the hash that needs to be cracked first. Today, using the free rainbow tables available anywhere on the Web (Rainbow table), it is easier to break the dissolve column. Just go to one of the sites and commit the hash; If a hash is made up of a common word, it will appear almost immediately. Rainbow tables Basically store common words and their corresponding hashes in a large database. The larger the database, the more words are covered.

But if you want to hack your password locally on your system, John is one of the best tools to try. John is among the top ten security tools for Kali Linux. On Ubuntu, it can be installed via the new Synaptic Package manager.

In this article I will show you how to use the Unshadow command with John to hack a user's password on a Linux system. On Linux, the user name/key details are stored in these two files.


/etc/passwd
/etc/shadow

The actual password hash is stored in the/etc/shadow and can be accessed as long as the machine has root access. So try to access the file from your own Linux system. Or, first create a new user with a simple password. I will create a new user named Happy on my Linux system with a password of chess.


[Email protected]:~# adduser Happy
Adding user ' happy ' ...
Adding new group ' Happy ' (1001) ...
Adding new user ' happy ' (+) with group ' happy ' ...
Creating home directory '/home/happy ' ...
Copying files from '/etc/skel ' ...
Enter New UNIX Password:
Retype new UNIX Password:
Passwd:password updated successfully
Changing the user information for happy
Enter the new value, or press ENTER for the default
Full Name []:
Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [y/n] Y
[Email protected]:~#

For illustrative purposes, it's best to use a simple password so you don't have to wait too long. Since our new user has been created, we can now hack their password.

The Unshadow command basically combines/etc/passwd data and/etc/shadow data to create 1 files with user name and password details. The usage is quite simple.


[Email protected]:~# Unshadow
Usage:unshadow Password-file Shadow-file
[Email protected]:~# unshadow/etc/passwd/etc/shadow > ~/file_to_crack

We redirect the output of the Unshadow command to a new file named File_to_crack.

Steps

Let's take a look at the concrete steps, after the successful password in Jhon.pot, just the password:
1 Enter the/root/john-1.7.8/run directory, Unshadow read/etc/shadow with Jhon's own tool


./unshadow/etc/passwd >/root/john-1.7.8/run/passwd.txt

Eg: if the root user can directly Cat/etc/shadow >/root/john-1.7.8/run/passwd.txt

2 first step with single Crack mode hack


Single Crack

A person who uses an account to make a password, he tries a variant of the user name, and defines the rule in [List.Rules:Single] in john.conf.


./john--single Passwd.txt

If the hack succeeds, you can view the Jhon.pot, or use:


./jhon--show passwd.txt View passwords and users


3 Second step with wordlist mode hack
Wordlist mode is a relatively simple pattern, as long as the dictionary file is determined where, in the jhon.conf configuration file has the default dictionary file ' Wordlist = $JOHN/password.lst ' That is, the Password.lst file in the Run directory, Wordlist the [List.Rules:Wordlist] module of the mode rule in jhon.conf, and under [List.Rules:Wordlist] there is a [ The List.Rules:NT] module is a variation rule that defines rules.


./jhon--wordlist=password.lst Passwd.txt

Or


./jhon--wordlist=password.lst--rules Passwd.txt


4 Fourth step with incremental mode hack
Incremental is the most powerful mode, he will be poor to lift all the combinations, and then as a password to crack, very time-consuming, in the configuration file has [Incremental:all],[incremental:alpha],[incremental:digits] , [Incremental:alnum],[incremental:lanman] and other modules. Each module name has a corresponding date file under run.


./jhon--incremental=all Passwd.txt


5 Fifth step with external mode hack
External allows users to write their own C-language cracking mode, in the jhon.conf has brought some hack mode program.


parameter Interpretation
--stdout output results to the screen
--restore from where the last decryption was interrupted, CTRL + C interrupt execution, the current state is stored in a document called restore, using--restore to read the last interrupt from within the restore, and then continue to crack down
--session setting the name of the current log file
--make-charset character frequency table, he will be based on the cracked password to produce a character frequency table, can be used in incremental mode
--show shows that the password has been cracked because of John. Pot does not store account information, you should enter the relevant passwd file when using show
--test test machine performs various types of password cracking speed
--users only cracked an account password, can be a user name or UID number, preceded by '-' means not to crack the relevant user password
--groups only cracked a user password within a group, preceded by '-' to indicate that a user's password in a group is not cracked
--shells's hack uses some type of shell user, preceded by '-' means not cracked
--salts only cracked salts greater than count, salts is the base unit that UNIX uses as the password encoding
--format types of pre-defined password cracking des/bsdi/md5/bf/afs/lm/

Use the John the Ripper tool to try to hack a Linux password

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.