Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to use John the ripper tools to try to crack Linux passwords". In daily operation, I believe many people have doubts about how to use John the ripper tools to try to crack Linux passwords. Xiaobian consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful for you to answer the doubts of "how to use John the ripper tools to try to crack Linux passwords". Next, please follow the editor to study!

John is different from tools such as Hdra. Hydra conducts a blind brute force attack by trying a username / password combination on the service daemon on the FTP server or Telnet server. However, John needs a hash first. So the bigger challenge for hackers is to get the hash that needs to be cracked first. Nowadays, using the free rainbow watch (rainbow table), which is available everywhere on the Internet, it is easier to crack hashes. Just go to one of the sites and submit a hash; if the hash consists of a common word, the site will display that word almost immediately. The rainbow table basically stores common words and their corresponding hashes in a large database. The larger the database, the more words it covers.

But if you want to crack passwords locally on your system, John is one of the good tools worth a try. John is one of the top ten security tools of Kali Linux. On Ubuntu, it can be installed through the Synaptic package Manager (synaptic package manager).

In this article, I will show you how to use the unshadow command along with John to crack a user's password on a Linux system. On Linux, user name / key details are stored in the following two files.

The code is as follows:

/ etc/passwd

/ etc/shadow

The actual password hash is stored in / etc/shadow; as long as you have root access to the machine, you can access the file. So try accessing the file from your own Linux system. Or create a new user with a simple password. I will create a new user named happy on my Linux system with a password of chess.

The code is as follows:

Root@kali:~# adduser happy

Adding user `happy'...

Adding new group `happy' (1001)...

Adding new user `happy' (1000) with group `happy'...

Creating home directory `/ home/happy'...

Copying files from `/ etc/skel'...

Enter new UNIX password:

Retype new UNIX password:

Passwd: password updated successfully

Changing the user information for happy

Enter the new value, or press ENTER for the default

Full Name []:

Room Number []:

Work Phone []:

Home Phone []:

Other []:

Is the information correct? [Y/n] y

Root@kali:~#

To facilitate the demonstration, it is best to use a simple password, so that you do not have to wait too long. Now that our new users have been created, we can crack their passwords.

The unshadow command basically combines / etc/passwd 's data with / etc/shadow 's data to create a file with user name and password details. It is quite easy to use.

The code is as follows:

Root@kali:~# unshadow

Usage: unshadow PASSWORD-FILE SHADOW-FILE

Root@kali:~# unshadow / etc/passwd / etc/shadow > ~ / file_to_crack

We redirect the output of the unshadow command to a new file named file_to_crack.

Steps

Let's take a look at the specific steps. After the password is cracked successfully, the password is in jhon.pot, but only the password:

1 enter the / root/john-1.7.8/run directory and read / etc/shadow with the tool unshadow that comes with jhon

The code is as follows:

. / unshadow / etc/passwd > / root/john-1.7.8/run/passwd.txt

Eg: if you are a root user, you can directly cat / etc/shadow > / root/john-1.7.8/run/passwd.txt

2 the first step is to use Single Crack mode to crack

The code is as follows:

Single Crack

Specifically for people who use an account as a password, he will try a variation of the user name and define the rules in [List.Rules:Single] in john.conf

The code is as follows:

. / john-- single passwd.txt

If the crack is successful, you can check the jhon.pot, or use:

The code is as follows:

. / jhon-- show passwd.txt to view passwords and users

The second step is to use Wordlist Mode mode to crack.

Wordlist Mode is a relatively simple mode, as long as you determine where the dictionary file is. In the jhon.conf configuration file, there is the default dictionary file 'Wordlist = $JOHN/password.lst', that is, the password.lst file in the run directory, the Wordlist Mode rules are defined in the [List.Rules:Wordlist] module in jhon.conf, and there is a [List.Rules:NT] module under [List.Rules:Wordlist] that defines the variant rules about rules.

The code is as follows:

. / jhon-- wordlist=password.lst passwd.txt

Or

The code is as follows:

. / jhon-wordlist=password.lst-rules passwd.txt

4 the fourth step is to crack it with Incremental Mode

Incremental is the most powerful mode, it will enumerate all the combinations, and then crack it as a password, which is very time-consuming, and there are [Incremental:All], [Incremental:Alpha], [Incremental:Digits], [Incremental:Alnum], [Incremental:LanMan] and other modules in the configuration file. Each module name has a corresponding date file under run.

The code is as follows:

. / jhon-- incremental=All passwd.txt

The fifth step is to crack it with External Mode.

External allows users to write their own cracking patterns for the C language, and some pattern-cracking programs have been included in jhon.conf.

Parameter interpretation

-- stdout outputs the results to the screen

-- restore continues execution from the place where the last decryption was interrupted, ctrl+c interrupts execution, and the current state is stored in a document called restore. Use-- restore to read the location of the last interrupt from the restore, and then continue to crack.

-- session sets the name of the current log file

Make-charset character frequency table, which generates a character frequency table based on the cracked password, which can be used in Incremental mode

-- show shows that the password has been cracked, because john.POT does not store account information, so you should enter the relevant passwd file when using show

-- test testing the speed at which various types of passwords can be cracked by the machine

-- users can only crack the password of an account, which can be a user name or UID number. Preceded by'-', the password of the relevant user is not cracked.

-- groups only cracked the passwords of users in a group, and preceded them with'-'to indicate that they would not crack the passwords of users in a group.

Users who use a certain type of shell to crack shells are preceded by'-'to indicate that they will not crack it.

-- salts only deciphers passwords where salts is greater than count. Salts is the basic unit used by unix as password encoding.

-- format predefined password cracking type DES/BSDI/MD5/BF/AFS/LM/

At this point, the study on "how to use the John the ripper tool to try to crack the Linux password" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.