Linux Password Cracking: Explain unshadow and john commands ( john the ripper tool )

John cracking modes

John can work in the following modes:
[a] Wordlist : John will simply use a file with a list of words that will be checked against the passwords. See RULES for the format of wordlist files.

[b] Single crack : In this mode, john will try to crack the password using the login/GECOS information as passwords.

[c] Incremental : This is the most powerful mode. John will try any character combination to resolve the password. Details about these modes can be found in the MODES file in john’s documentation, including how to define your own cracking methods.
Install John the Ripper Password Cracking Tool

John the ripper is not installed by default. If you are using Debian / Ubuntu Linux, enter:
$ sudo apt-get install john
Note: RHEL, CentOS, Fedora, Redhat Linux user can grab john the ripper here. Once downloaded use rpm command:
# rpm -ivh john*
How do I use John the ripper to check weak passwords / crack passwords?

First use the unshadow command to combines the /etc/passwd and /etc/shadow files so John can use them. You might need this since if you only used your shadow file, the GECOS information wouldn’t be used by the “single crack” mode, and also you wouldn’t be able to use the -shells option. On a normal system you’ll need to run unshadow as root to be able to read the shadow file. So login as root or use old good sudo / su command under Debian / Ubuntu Linux:
$ sudo /usr/sbin/unshadow /etc/passwd /etc/shadow > /tmp/crack.password.db
RHEL / CentOS / Fedora Linux user type the following command:
# /usr/bin/unshadow /etc/passwd /etc/shadow > /tmp/crack.password.db
To check weak password (crack password), enter the following command:
[Warning examples may eat up lots of CPU time.] WARNING! These examples uses brute-force ~ CPU-time consuming password cracking techniques.

To use John, you just need to supply it a password file created using unshadow command along with desired options. If no mode is specified, john will try “single” first, then “wordlist” and finally “incremental” password cracking methods.
$ john /tmp/crack.password.db
Output:

john /tmp/crack.password.db
Loaded 1 password (FreeBSD MD5 [32/32])

This procedure will take its own time. To see the cracked passwords, enter:
$ john -show /tmp/crack.password.db

test:123456:1002:1002:test,,,:/home/test:/bin/bash
didi:abc123:1003:1003::/home/didi:/usr/bin/rssh

2 passwords cracked, 1 left

Above output clearly indicates – user test has 123456 and didi has abc123 password.

About these ads
This entry was posted in Tips. Bookmark the permalink.

2 Responses to Linux Password Cracking: Explain unshadow and john commands ( john the ripper tool )

  1. Pingback: 20 Linux Server Hardening Security Tips | NixtoForge

  2. Medical Jobs says:

    Useful blog website, keep me personally through searching it, I am seriously interested to find out another recommendation of it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s