Difference between revisions of "johntheripper mini howto"

From thelinuxwiki
Jump to: navigation, search
(showing successfully cracked password)
(showing successfully cracked password)
Line 32: Line 32:
 
john will report successfully guesses to stdout as in the example above.  but, if you backgrounded or closed you terminal and want to view it after the fact... then john records them in $HOME/.john/john.pot.  this file is not human readable.  to view contents run...
 
john will report successfully guesses to stdout as in the example above.  but, if you backgrounded or closed you terminal and want to view it after the fact... then john records them in $HOME/.john/john.pot.  this file is not human readable.  to view contents run...
  
  ''john --show  <path_to_cracked_passwd_file>''
+
  john --show  ''<path_to_cracked_passwd_file>''
  
 
  # '''john --show /etc/passwd'''
 
  # '''john --show /etc/passwd'''

Revision as of 05:50, 7 June 2014



Contents

cracking passwords

simple crack on single user "admin" in password file using default john word list and settings

# john --users=admin --session=mycrack /etc/passwd

the password file must include the password hashes

crack using specified word list...

# john --users=admin --wordlist=/var/tmp/wordlist.txt /etc/passwd
Loaded 1 password hash (FreeBSD MD5 [128/128 SSE2 intrinsics 12x])
abc123       (admin)
guesses: 1  time: 0:00:00:00 DONE (Sat Jun  7 00:35:56 2014)  c/s: 3.33  trying: abc123
Use the "--show" option to display all of the cracked passwords reliably

crack status

to view status of an ongoing session

john --status=<session_name>

example

# john --status=mycrack

showing successfully cracked password

john will report successfully guesses to stdout as in the example above. but, if you backgrounded or closed you terminal and want to view it after the fact... then john records them in $HOME/.john/john.pot. this file is not human readable. to view contents run...

john --show  <path_to_cracked_passwd_file>
# john --show /etc/passwd

shadow files

if the system you are trying to crack passwords on uses the /etc/shadow file to store password hashes (very likely), then use john's unshadow utility to construct / consolidate the /etc/passwd and /etc/shadow into one file for cracking

example

# unshadow /etc/passwd /etc/shadow > /var/tmp/passwd-shadow