I'm a noob to Linux and want to learn how to use John The Ripper. Please help:)
Printable View
I'm a noob to Linux and want to learn how to use John The Ripper. Please help:)
Quote:
Originally Posted by heng5150
PLEASE NOTE THIS IS NOT MY WORK!!!
I SPACED OUT THE : D BECAUSE OUR FORM MAKES THOSE 2 CHARACTERS WHEN TOGETHER..A GRIN SMILEY!!!
BTW This is for windows.........not Linux.
John the Ripper is a decrypting program for passwords. Although it has many
functions we will be looking at using it as a decryper for password files
you possess.
We will be looking at Password Files which you have put on your Hard Disk
-----------------
TABLE OF CONTENTS
-----------------
- PREPARATION
SHORTCUT TIP FOR WINDOWS 95
PASSWORD FILES
- DECRYPTING
JTR MODES
SINGLE MODE
WORDFILE MODE
INCREMENTAL MODE
ALPHA
DIGITS
ALL
SHOW MODE - Saving the Decrypted Files
- ADVANCED COMMANDS
STOPPING JTR
RULES
SESSION and RESTORE
- JTR QUICK REFERENCE
- SCREEN SHOT OF A JTR SESSION
--------------------
-----------
PREPARATION
-----------
1. Download the correct version of JTR, use win32 for Win 95/98
2. Extract the zip File into a Directory
3. Make sure you have your Password Files in the same directory
---------------------------
SHORTCUT TIP FOR WINDOWS 95
---------------------------
1. Right Click on the [Start] Button, and choose Open
2. Double Click on [Programs] Folder
3. Right Click and Copy, [MS-DOS Prompt]
4. Close the [Programs] Folder
5. Right Click and Paste on the Desktop, a [MS-DOS Prompt] should appear
6. Right Click on the [MS-DOS Prompt] icon and choose Properties
7. Click on the Program Tab
8. In the box next to Working (It should have C:\WINDOWS in there) Change
it to the Directory of where-ever the Program JOHN.EXE has been
extracted
9. Click on the [OK] button
10. Test what you have done by Double Clicking on the Icon, If you wish to
rename [MS-DOS Prompt] to JTR, then do so
--------------
PASSWORD FILES
--------------
A. Naming
I personally name my files with a p extension, some people use txt
eg If i had the password file to Dannis', I would name it danni.p
The reason is that p stands for password file, I then name my decrypted
password files with a txt extension
It is really up to you what you name your password files, just remember
that the names should be less than 8 characters
eg likethis.p
B. Where should I put them?
Always have the password files you have found in the same directory as
JOHN.EXE, Its just easier to handle them that way
----------
DECRYPTING
----------
Depending on what JTR version you have downloaded, you have to change into
the directory JOHN.EXE is
---------
JTR MODES
---------
There are 3 main modes we will be dealing with
-single, -wordfile, -incremental
[KEYS]
[passfile] - this is the name of your password file
[wordlist] - this is the name of your wordlist
[output] - this is the name of the file you will name when you want to
save your decrypted passwords
-----------
SINGLE MODE
-----------
Single Mode attempts to find the weakest of all the passwords. This is one
of the fastest methods.
SINGLE MODE SYNTAX
john -single [passfile]
or you could use
john -si [passfile]
Example:
If you found a [passfile] and named it danni.p then you would type
john -si danni.p
Take a look at SCREEN SHOT OF A JTR SESSION
-------------
WORDFILE MODE
-------------
Wordfile Mode is the next quickest method. It requires the use of a wordlist
The wordlist must be in a single wordlist and not a combo list
WORDFILE SYNTAX
john -wordfile:[wordlist] [passfile]
or
john -w:[wordlist] [passfile]
Example:
If you found a [passfile] and named it danni.p and you had a [wordlist]
named mydict.txt then you would type
john -w:mydict.txt danni.p
Take a look at SCREEN SHOT OF A JTR SESSION
----------------
INCREMENTAL MODE
----------------
Incremental mode is the slowest mode and will try to decrypt every pass in
your passfile, as this can take days, months even years, I would use it as
a last resort
There are 4 basic commands we will be dealing with
digits, alpha, all, and leaving it blank
DIGITS mode
This will try to decrypt all the Passwords that are in numbers
ALPHA mode
This will try to decrypt all the Passwords that are letters only
ALL mode
This will try to decrypt all the Passwords, whether they are in numbers, in
letters or some special characters (@!^&...etc)
WITH NO MODE SELECTED
This will basically do everything to try to decrypt the password file
SYNTAX
john -i [passfile]
john -i: DIGITS [passfile]
john -i:ALPHA [passfile]
john -i:ALL [passfile]
Example:
If you found a [passfile] and named it danni.p
john -i danni.p
john -i: DIGITS danni.p
john -i:ALPHA danni.p
john -i:ALL danni.p
Take a look at SCREEN SHOT OF A JTR SESSION
When running in this mode, If you ever want to stop it push CTRL - C
--------------------------------------
SHOW MODE - Saving the Decrypted Files
--------------------------------------
Finally, once JTR has finished its decrypting process, you will be ready
to enjoy the results. These you will save in a file name of your choice.
SHOW SYNTAX
john -show [passfile]>[output]
Example:
If you found a [passfile] and named it danni.p, you decide you want to name the
decrypted password file or [output] to danni.txt
john -show danni.p>danni.txt
Now you can open danni.txt in a TEXT EDITOR
You will see something like this
italia:italiano
makoto:makotox
PADWICK:PADWICKH
kelley:kelleyaj
bechtel:jbechtel
mequery:queryme
seeeee:meeeee
stevewm:stevenm
8 passwords cracked, 246 left
Hopefully you will get more passwords than the example though
-----------------
ADVANCED COMMANDS
-----------------
Here are a few more commands which prove handy when using JTR
------------
STOPPING JTR
------------
If at anytime you wish to stop the decrypting process then
Hold down the [ CTRL ] key and Push the [ C ] key
-----
RULES
-----
This command is used with the Wordfile Option, without it JTR will try only
the words in your wordlist. When this is activated it will try variations as
outlined in the john.ini file. This is also quite slow
RULES SYNTAX
john w:[wordlist] -rules [passfile]
------------------
SESSION & RESTORE
------------------
Decrypting by now you will notice can become a long a slow process, JTR
allows you to save save and restore sessions. A session is like a snap
shot of what you are decrypting. It remembers what file you used, and
where you were at if you decide to stop it. session can be used with any
of the main modes.
SESSION & RESTORE SYNTAX
john -restore
john -restore:[session name]
john -session:[session name]
[session name] is any name you choose
EXAMPLE
-------
Lets say you want to decrypt a file named danni.p
OK you've used the -si mode, which was quick
With your trusty wordlist file named biglist.txt you next run the -w mode
FINAL NOTES
-----------
There are many other features that JTR uses, that are Advanced, these can be
found in the DOC folder in JTR, just use a text editor to open and read them
We were only concerned with getting at least 50% of the passwords. This may
be achieved by SINGLE and WORDFILE modes
SPEED is dependant on your CPU, If you screen looks like its frozen and
doing nothing, just hit any key a couple of times, you will see a mini
progress report.
Speed is also dependant on the size of your password file and the number of
salts, A salt can be thought of as a slightly different way to encrypt a
file. As there are many ways to encrypt a single password
-------------------
JTR QUICK REFERENCE
-------------------
[KEYS]
[passfile] - this is the name of your password file
[wordlist] - this is the name of your wordlist
[output] - this is the name of the file you will name when you want to
save your decrypted passwords
: - whenever you see a colon then use it in the command
- - whenever you see a minus sign then use it in the command
> - whenever you see this sign then use it in the command
[] - DO NOT INCLUDE THESE IN THE COMMAND
SINGLE MODE
john -si [passfile]
WORDFILE MODE
john -w:[wordlist] [passfile]
INCREMENTAL MODES
john -i [passfile]
john -i:ALL [passfile]
john -i: DIGITS [passfile]
john -i:ALPHA [passfile]
SHOW MODES
john -show [passfile]>[output]
------------------- SCREEN SHOT OF A JTR SESSION --------------------
Loaded 254 passwords with 85 different salts (Standard DES [32/32 BS])
italia (italiano)
makoto (makotox)
PADWICK (PADWICKH)
kelley (kelleyaj)
bechtel (jbechtel)
mequery (queryme)
seeeee (meeeee)
stevewm (stevenm)
guesses: 8 time: 0:00:01:23 100% c/s: 25771 trying: zcatcatk - zcatcatz
documentation for john if you're trying to run it on linux - "openwall.com/john/doc/" (there are instructions for obtaining your shadow file under the "examples" link if you're having trouble finding it).
Google is your friend!Quote:
Originally Posted by heng5150
If you're a noob to linux, shouldn't you learn linux first?Quote:
Originally Posted by heng5150
Sounds like he'd rather learn JTR and just forget about Linux... :pQuote:
Originally Posted by streaker69
Hes just like alot of misled folks who think linux is a hack tool made by hackers. Totally untrue. Anyway streaker's right your going to have a very hard time with john if you cant even operate linux. there are some other distros out there with a program called winpass which is easy to use to recover forgotten or lost pass words in windows. I will not link you to the distro as I think BT is the best and all other must balk in the might of the MIGHTY BACKTRACK :DSecond thought you could try Brutus and stick with winblowsQuote:
Originally Posted by streaker69
If you aren't going to learn linux, might I reccomend you burn LINNT for lost passwords. I say this because if you do not learn linux, there is a 0% chance that you will crack any password remotely. And that is true 100% of the time.Quote:
Originally Posted by heng5150
63.7% of all statistics are made up, 85.2% of all people know that.Quote:
Originally Posted by Eristic
:D :D :D :DQuote:
Originally Posted by streaker69