John the Ripper(JTR) is a free password cracking software tool. Initially developed for the UNIX based environment, it currently runs on fifteen different platforms (11 architecture-specific flavors of Unix, DOS, Win32, BeOS, and OpenVMS). It is one of the most popular password testing/breaking programs as it combines a number of password crackers into one package, auto-detects password hash types, and includes a customizable cracker [wiki].
Few weeks back in my "Network and Information Security" class I was assigned to crack a password file. The password file was a unix based password file with 447 password hashes. I first tried to start JTR in Ubuntu, and downloaded the Unix src of JTR from http://www.openwall.com/john/ . To build the program in Ubuntu I first unzipped the tar :
dilip$tar -xzf john-1.7.2.tar.gz
then changed the folder to the run folder inside the john-1.7.2 directory
dilip$cd john-1.7.2
dilip$cd run
Here we can see a make file. I tried running the make.
dilip$make
Now, at this point the make returns a number of options for the platform its being build on. For ubuntu I did not saw any speicific platform option so I went with the generic one.
dilip$make clean generic
If everything goes well then the john executables will be created in the same directory as run. Now, to start cracking the password I ran the command.
dilip$./john passwd
where passwd is the password file that contains the password hashes. This should be all for John to start cracking the password. Optionally, john also takes some password list to compare with the password file. The password list are basically a huge collection of word lists or dictionaries. Lot of these kind of world lists can be found in the internet. Even different kind of wordlists can be downloaded from different sites and combined in one file using any .txt file joiner as all these wordlists are in .txt format. The command to supply a wordlist is:
dilip$./john w:wordlist.txt passwd
where wordlist.txt is the wordlist created.
In Windows
John also works on windows. For that a windows version of John should be downloaded from http://www.openwall.com/john/. In contrast to linux version, John in windows is reaady to use once you extract the john zipped folder. John can be invoked from the windows command line and supplied the password or wordlist as mentioned above. For windows I used:
C:>/john-mmx passwd
where mmx option utilizes the mmx feature of the processor.
John takes a long time depending upon the speed of the processor and the length of the password file. I kept it running for about 2 weeks to get just 75 password :).
Links for some wordlists:
ftp://ftp.cerias.purdue.edu/pub/dict/dictionaries/English/
ftp://ftp.ox.ac.uk/pub/wordlists/
http://sourceforge.net/project/downloading.php?groupname=cracklib&filename=cracklib-words.gz&use_mirror=voxel
http://www.openwall.com/wordlists/
Thanks,
