Saturday, January 10, 2009

*** How to Use John the Ripper ***


Alright, here is a step-by-step walk-through/tutorial on how to use John the Ripper, one of the most frequently used password crackers. It’s very easy if you know what you’re doing. First off you need to 20nsy58omb6hjpuxmf3.png John the Ripper (JTR), which you can do from: http://www.openwall.com/john/.

If you’re running on Windows, just 20nsy58omb6hjpuxmf3.png the win32 binaries. Once you have downloaded JTR to your desktop, unzip the files (it will automatically be saved in the folder john-16). Now proceed to moving this folder straight to the C:\ drive. Open it and you should see 2 directories: run and doc. All you need to be concerned about is the run directory. Now I suppose that you have a password hash and want to figure out what the password is (a hash is just your encrypted password, which is encrypted using algorithms such a message digest, most commonly referred as MD(2,4, and 5), DES (data encryption standard) and sha). Your password is encrypted for security reasons, so that if, for example, the database gets hacked, someone can’t just read your passwords and login as you.

This makes the hacker have to use a program to match a password to your hash, which can take a very long time if you use a secure password.

Open up notepad and print the following information: [username]:[hash] like that. The username should be exchanged w/ whosever username the hash is, this is often administrator, and of course then put the hash afterwards, separated by a “:” no spaces.

Save this file as a text file, for example “hash.txt”, in the run dir of john-16.

Now ‘re ready to use JTR to crack that hash!

Open up command prompt (start > run > cmd), it will most likely start out in the dir documents and settings/, just type the command ‘.cd \’ to go to C:\. Now type “cd john-16\run\” w/o the ” “, and then just simply type: john (john is the .exe file). This will open up JTR and you should see a screen full of all the commands that you use in JTR. Now simply type this: “john.exe [name of the text file we saved earlier]” without the ” ” (we used the example hash.txt earlier), and it should say loaded 2 passwords and then start cracking.

After it notifies you it’s done (if its able to find the password), this info will be saved to a .pot file in the run folder of JTR, so just open that to look what the password is after its done. Voila! You’ve just successfully used JTR, not too bad eh? I hope that helped anyone out there that was stuck on how to use JTR. It’s a little challenging the first time you 20nsy58omb6hjpuxmf3.png it and having to use command prompt.

I would also recommend you 20nsy58omb6hjpuxmf3.png Cain & Abel, which is another awesome program that can be used to crack hashes, including MD and sha hashes, and it has a very nice GUI (Graphical User Interface). It lets you have the option of using a dictionary attack (exactly what it sounds like, uses dictionary words and tries to match them), brute force attack (goes through every single possible combination), and plain text attack. You can 20nsy58omb6hjpuxmf3.png Cain and Abel from http://www.oxid.it/cain.html.

The only bad thing is that when you run a brute force attack, which is what you use most often, the program takes a very long time to match up rather long passwords; the jump from a 7 to 8 character password is huge. The best idea is just simply to program your own tool to do this, which would be much quicker than John the Ripper or Cain and Abel. Anyways, hope that helped, pm me if you have any questions


-------------------------------------------------------------------

0 comments:

Post a Comment

Followers

Archive

 

╚►ITECHNOGURU™◄╝. Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com