Tux Training

John the Ripper is a free password cracking software tool. Initially developed for the UNIX operating system, it currently runs on fifteen different platforms (11 architecture-specific flavors of Unix, DOS, Win32, BeOS, and OpenVMS). It is one of the most popular password testing/breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix flavors (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL and others.

Compile a source file
Download a source code from http://openwall.com/john/
Extract source files: tar xvzf john-1.7.0.2.tar.gz

1) cd john-1.7.0.2/src
2) Then we need to rum make command which will return a list of available systems that John the Ripper password cracker can be compiled on.
3) Choose your appropriate architecture, and compile: make linux-x86-any
4) Go and run the john the ripper binary:
cd ../run/
ls
./john

Using John the ripper:
For testing purposes you should create a testing user “john” with password “password“.

$:~ # useradd johnripper
$:~ # passwd johnripper
Changing password for johnripper.
New Password:
Reenter New Password:
Password changed.
$:~ #

Time to Crack password:
John the Ripper’s password cracker needs to access a shadow file in order to be able crack a password. You need to run “john” as superuser “root”. Be sure that John Binary is in your path, or you are in directory where john Binary resides. Try and see how long it will take to crack your super secure password of: “password”

./john -users=johnripper /etc/shadow

Bookmark It