Crack a linux password with John the Ripper
John the Ripper is an excellent password cracker available at http://www.openwall.com/john/
Identify weak passwords (e.g. MD5 passwords, shadow passwords, and NIS passwd maps that do not contain the password hash).
Installing on Linux:
- wget http://openwall.com/john/john-1.6.tar.gz
- tar zxvf john-1.6.tar.gz
- cd john-1.6/src
- make linux-x86-any-elf
- cd ../run (change to directory containing john executable)
(or apt-get install john)
wget http://openwall.com/john/g/john-1.7.9.tar.gz # FYI JUMBO has gpu support but lower quality tar -xf john-1.7.9.tar.gz cd john-1.7.9/src sudo apt-get install libssl-dev # otherwise fatal error: openssl/sha.h make clean linux-x86-sse2 # the most common 32bit architecture, otherwise make linux-x86-64
Note: if you are using shadow passwords (very likely on any modern UNIX system), you will need access to the /etc/shadow file on the target system. /etc/shadow contains the password hash needed to crack the password and is by default only readable and writable by the root user.
(e.g. cp /etc/shadow /home/ubuntu/shadow and chmod 600 shadow)
To crack a UNIX shadow file named shadow using John's default order of cracking modes:
./john shadow # Loaded 4 password hashes with 4 different salts (sha512crypt [32/32])
or run John in the background with a very low priority:
nice -n 20 ./john shadow &
Cracked passwords will be displayed on STDOUT (if running interactively) as well as stored in a file named john.pot. To display passwords already cracked by John, use the following command (assuming a password file named shadow):
./john -show shadow
Please employ the secure password practices listed above, and educate users on choosing strong passwords.
john -i:digits shadowfile
Took 8 seconds to find a 4 digit password...
john -i=alpha shadow # only 26 alphabetic characters john -i=all shadow # 95 ascii characters