Version 1.0
Date: 14/1/2000
1)
First thing's first
I guess you're a newbie in pass-cracking like I was
and you've probably started John the Ripper full of
enthusiasm, and got.... nothing. So the first thought
you have is 'my god this must be hard, and I'm a newbie'.
Forget it!!! You're always a newbie, and we all are...
in pass cracking world, pardon, pass recovering world
(or any world else) you always have something to learn.
Sometimes, even if you are experienced in password cracking,
you won't be able to crack the password or even get
your own password. This is a pure technical manual and
will give you only the recipe for cracking, but every
password needs different approach...
OK, so a good
way to get somewhere is to start getting somewhere...
What you're about to learn is to crack *nix(Unix/Linux/etc.)
password files. It does not mean that you need to have
some Unix distribution on your box, but it means you'll
have to stop clicking your ass off all around the screen...
'What this fool is trying to say', you'll probably ask...
This fool is trying to say that john is a DOS program
(there is also Linux/Unix version, but I guess that
most of the people that read this tutorial have win
boxes). I will try to put this tutorial through the
examples so it wouldn't look like a boring script with
incredible amount of switches. After reading this text
it wouldn't be a bad idea to look at the texts you get
with John. I learnt it all from there, but that, of
course, was the hard way, and you want the easy way,
right? Right.
First, it wouldn't
be a bad idea to get yourself John the Ripper, I guess...
if you don't have it you can find it at:
1) packetstorm.securify.com
(look at archives, password cracking)
2) neworder.box.sk (do some searching by yourself)
John can be found
practically anywhere. For example: try going to altavista.com
and running a search for 'john the ripper'.
Second thing
you'll need is.... a HUUUUGE amount of password dictionaries
(I'll explain what these are in a minute). The best
dictionary around is at www.theargon.com and packetstorm
(look at the archives) and is called theargonlistserver1
and is about 20Mb packed, and over 200Mb
unpacked... get it!!!! The people at theargon did a
terrific job.
You should also
get some smaller dictionary files (I'll explain why
later).
2)
Do we look like *nix?
So now you have john, loaded with that huuuuge pass
dictionary, and you think that you can crack anything...
If you plan to live for 100000 years, that wouldn't
be a problem, but you only have some 80 years left in
the best case scenario (unless, of course, scientists
find a way to... oh, nevermind).
Now, the first
thing is that you have to make sure your password file
really looks like a Unix password file (were talking
about the /etc/passwd file).
Let's see how
Unix pass files look like
owner:Ejrt3EJUnh5Ms:510:102:Some
free text:/home/subdir/owner:/bin/bash
The important
part is the username and the encrypted password, which
are the first and the second parts (each line is divided
into seven parts by : symbols)
owner:Ejrt3EJUnh5Ms
Owner is the
username and 'that other thing' is the crypted password
(encrypted in altered DES (Data Encryption Standard)
encryption). For the other part you can put anything
that looks like that but the structure must be same
so the john could recognize it as unix pass. In fact
the other part
:510:102:Some
free text:/home/subdir/owner:/bin/bash
Is just some
information about the user, his home directory, etc...
Sometimes you'll
have passes that have only the first and second part,
such as password files that you got from a webboard
running matt's web board script.
owner:Ejrt3EJUnh5Ms
You'll have to
put the other part so that password would look like
unix pass, and you can do a copy-paste from another
pass, you can even use
:510:102:His
name:/home/subdir/owner:/bin/bash
What you have
now should look like:
owner:Ejrt3EJUnh5Ms:510:102:His
name:/home/subdir/owner:/bin/bash
Hell, you can
even put
owner:Ejrt3EJUnh5Ms:a:a:a:a:a
It won't matter
to john at all.
3)
We're getting somewhere... nowhere
Now
you're ready to crack. Type in
john -w:words.lst
password.file
Where words.lst
is password dictionary and password file where you have
your password or passwords. If you use it on example
i gave to you you'll probably get password because it's
really weak pass. You'd be surprised to see that people
usually use really weak passes like their names, pet
names, or even their username (for example: username=zalabuk,
password=zalabuk).
Hint: Don't be
stupid! Use strong passes like
p4sswr!@
p@s$w11s
with as many characters you can remember. Hint is to
use special characters and numbers those passes are
much harder to crack (I'll explain why in a minute).
The other hint is to use passes as long as you can remember,
8 characters are sometimes not enough... it depends
what box that someone who cracks has... on dual alpha
is certainly not enough... in other words... more than
10 characters will do fine, even more wouldn't hurt
(like 16...). By the way, older *nix have fixed pass
length of 8 chars... that is old DES crypted pass that
uses a 64-bit key... now there are 128-bit keys, and
some perverts use even more, so there is more fun now
:)
john -w:words.lst password.file
Wait wait wait!
What am I doing here?
Alright, listen up carefully. The DES encryption that
Unix uses CANNOT be reversed. Some encryptions can be
reversed using a sometimes simple or sometimes incredibly
complicated algorithm (in the 3rd century AD, Ceasar
used to send encrypted letters which used a formula
of "shift by three", which means that d stands for a,
e stands for b etc'. At that time, such an algorithm
was just fine. Today, it isn't).
So anyway, the altered DES encryption that Unix uses
for it's password files cannot be reversed. Why? Because
it's a key-based encryption. The encryption algorithm
uses a bunch of letters (lowercase and uppercase), numbers
and symbols within the algorithm. So, in other words,
to run the decryption algorithm you will need this key,
which you simply cannot just have, because the key is
the password! You see, when a user picks a password,
the system generates an encrypted password for him,
called a hash (which is what you get when you somehow
acquire a password file), which is created by running
this altered DES algorithm using the user's password
as a key. If you try to decrypt the password using standard
reversable DES encryption, you get a null string.
So how do John and other password crackers do it? Easy.
They try to recreate this process by taking passwords
out of these dictionary files (or wordlists) and using
them as keys for this altered DES algorithm process.
Then, they compare the result to all the encrypted passwords
within the password file you've given them. If the two
strings match - there you have it! The password is yours!
If the first
step doesn't work, the next step would be to do this:
john -w:words.lst
-rules password.file
This switch turn
on not only browsing through the dictionary, but it
uses some modifications of the words that are word dictionary
(like adding a number at the end of pass - fool ->
fool1, etc' etc'). This one will take long with huge
pass dictionary, but it may give better results... For
a start you could do a try with a small pass dictionary,
and if it doesn't works you can try it with a huge pass
dictionary.
Sometimes people
are not stupid when they choose passwords and basic
rules won't do a job... aaargh. As you've seen it takes
more and more time for your CPU to crack this thing
out as we go further. Now you can leave your computer
on and go to sleep....
If you want to
get even more possible passwords out of your password
file, try typing
john -i password.file
This -i stands
for incremental cracking, not a really good word for
it, but...
Okay, what the hell does it do? It uses the default
incremental mode parameters, which are defined in john.ini.
What does this mean? Do you remember -rules? Yes, well,
of course you do, unless you're either incredibly senile
or you've stopped reading after this part and only came
back, like... a couple of years later. That is very
much like rules, but much much more powerful than -rules,
and it takes much, much more time.
4)
So where are we now (dictionary vs. brute-force)?
You can see that in all cases you use so-called dictionary
cracking... but hell, why not just run John on a mode
where it tried all possible combinations of lowercase
and uppercase letters, numbers and symbols? I mean,
this would be much more efficient, right? ... WROOOOOOONGG!!!
This method is called 'brute-force' attack (basically,
dictionary attack is also sort of brute-force attack,
but most people use the word brute-force for this specific
attack).
What are the differences? First and most important,
with dictionary you go through the selected words that
could be passwords and their modifications, and with
brute force cracking you use ALL possible combinations.
That means you have
comb=nrch^let
where:
comb - number
of possible combinations
nrch - number of chars
let - number of letters used
In case you're
dealing with john's default -i 95 character set and,
presume, a 6 letter password you have possible 735091890625
combinations! OUCH!!
Sure, this is useful for passwords like 2405v7, but
still... with the computational powers of today's modern
PC, I'd just give up, unless I had access to some University's
supercomputer, which I'd bet noone would ever give me
(well, at least not for free, and certainly not to run
a password cracker on it).
As you can see it can take a looooong time until you
crack a single one pass, do a little math and try to
calculate how many possible combinations there are for
10, 12 and 16 chars.
I don't think you'll like the answer :)
Of course, sometimes dictionary attacks are not enough,
but john has very powerful 'thinking'. In 'incremental'
mode john will do all possible combinations from 0 to
8 characters (by zero password length is considered
a hashed empty string, this sometimes happens). So incremental
mode is one sort of brute-force attack in some way...
If you want to
fire all weapons at one then you use
john password.file
this will do
first basic dictionary attack, then -rules, then -i
5)
What if...
Ok,
you have to turn off your box from time to time, don't
you? If you're doing that haaard password that will
take more than 20 hours of cracking you can set john
with ctrl+c and then resume with
john -restore
If your box crashes
or if there's a power failure, you won't be able to
restore your cracking sessions (sometimes)... well that's
just too bad. Hell, it happened
to me once :-(
John is modular,
and that is the most powerful thing about john the ripper,
and that is what makes john the most advanced password
cracker. John is very, very modular. John uses modes
that are described in john.ini (do you still remember
that incremental cracking i was talking about? Modes
for rules and incremental are described in john.ini).
If you're some inventive guy then you may change the
parameters in john.ini.
Here is example
how some default parameters for -i look like:
# Incremental
modes
[Incremental:All]
File = ~/all.chr
MinLen = 0
MaxLen = 8
CharCount = 95
Ok... what do
we have here?
[Incremental:All]
- this stands for the beginning of the definition for
the -i:all switch
File - filename of file that has characters used in
mode -i:all (whole character
set)
MinLen - logically, minimum length of password that
john -i:all would try
MaxLen - even more logical, maximum length of password
that will john -i:all try
CharCount - number of chars used by john when you 'turn
on' this switch
So, there are
some more switches... heh
Yes there are and down there are all default modes pasted
from john the ripper's documents:
John
the Ripper's Command Line Options
You
can list any number of password files on John's command
line, and also
specify some of the following options (all of them are
case sensitive, but
can be abbreviated; you can also use the GNU-style long
options syntax):
- single "single crack" mode Enables the "single crack"
mode, using rules from [List.Rules:Single].
- wordfile:FILE wordlist mode, read words from FILE,
- stdin or from stdin These are used to enable the
wordlist mode.
- rules enable rules for wordlist mode Enables wordlist
rules, that are read from [List.Rules:Wordlist].
- incremental[:MODE] incremental mode [using section
MODE] Enables the incremental mode, using the specified
~/john.ini definition (section [Incremental:MODE],
or [Incremental:All] by default).
- external:MODE external mode or word filter Enables
an external mode, using external functions defined
in ~/john.ini's [List.External:MODE] section.
- stdout[:LENGTH] no cracking, write words to stdout
When used with a cracking mode, except for "single
crack", makes John print the words it generates to
stdout instead of cracking. While applying
wordlist rules, the significant password length is
assumed to be LENGTH, or unlimited by default.
- restore[:FILE] restore an interrupted session Continues
an interrupted cracking session, reading point information
from the specified file (~/restore by default).
- session:FILE set session file name to FILE Allows
you to specify another point information file's name
to use for this cracking session. This is useful for
running multiple instances of John in parallel, or
just to be able to recover an older session later,
not always continue the latest one.
- status[:FILE] print status of a session [from FILE]
Prints status of an interrupted or running session.
To get an up to date status information of a detached
running session, send that copy of John a SIGHUP before
using this option.
- makechars:FILE make a charset, overwriting FILE
Generates a charset file, based on character frequencies
from ~/john.pot, for use with the incremental mode.
The entire ~/john.pot will be used for
the charset file unless you specify some password
files. You can also use an external filter() routine
with this option.
- show show cracked passwords Shows the cracked passwords
in a convenient form. You should also specify the
password files. You can use this option while another
John is cracking, to see what it did so far.
- test perform a benchmark Benchmarks all the enabled
ciphertext format crackers, and tests them for
correct operation at the same time.
- users:[-]LOGIN|UID[,..] load this (these) user(s)
only Allows you to filter a few accounts for cracking,
etc. A dash before the list can be used to invert
the check (that is, load all the users that aren't
listed).
- groups:[-]GID[,..] load this (these) group(s) only
Tells John to load users of the specified group(s)
only.
- shells:[-]SHELL[,..] load this (these) shell(s)
only This option is useful to load accounts with a
valid shell only, or not to load accounts with a bad
shell. You can omit the path before a shell name,
so '-shells:csh' will match both '/bin/csh' and '/usr/bin/csh',
while '-shells:/bin/csh' will only match '/bin/csh'.
- salts:[-]COUNT set a passwords per salt limit This
feature sometimes allows to achieve better performance.
For example you can crack only some salts using '-salts:2'
faster, and then crack the
rest using '-salts:-2'. Total cracking time will be
about the same, but you will get some passwords cracked
earlier.
- format:NAME force ciphertext format NAME
Allows you to override the ciphertext format detection.
Currently, valid
format names are DES, BSDI, MD5, BF, AFS, LM. You
can use this option when
cracking or with '-test'. Note that John can't crack
password files with
different ciphertext formats at the same time.
- savemem:LEVEL enable memory saving, at LEVEL 1..3
You might need this option if you don't have enough
memory, or don't want
John to affect other processes too much. Level 1 tells
John not to waste
memory on login names, so you won't see them while
cracking. Higher levels
have a performance impact: you should probably avoid
using them unless John
doesn't work or gets into swap otherwise.
6)
Tips
I)
A good schedule to do your cracking job is
john -w:words.lst
password.file
john -w:words.lst -rules password.file
john -w:words.lst password.file
john -i:digits password.file
john -i:all password.file
II) If you have
a file that has only passes that look like
owner:*:510:102:His
name:/home/subdir/owner:/bin/bash
you have a shadowed passwords file.
Go to the Byte-Me page at blacksun.box.sk and try to
find out more about
password files (I'll leave it up to you to do this.
It's important that you'll
learn how to find things by yourself).
III) You have
some little tools that you get with john, they are all
listed below (from john's docs)
unshadow PASSWORD-FILE SHADOW-FILE
Combines the passwd and shadow files (when you already
have access to
both) for use with John. You might need this since if
you only used your
shadow file, the GECOS information wouldn't be used
by the "single crack"
mode, and also you wouldn't be able to use the '-shells'
option. You'll
usually want to redirect the output of 'unshadow' to
a file.
unafs DATABASE-FILE
CELL-NAME
Gets password hashes out of the binary AFS database,
and produces a file
usable by John (again, you should redirect the output
yourself).
unique OUTPUT-FILE
Removes duplicates from a wordlist (read from stdin),
without changing
the order. You might want to use this with John's '-stdout'
option, if
you got a lot of disk space to trade for the reduced
cracking time.
mailer PASSWORD-FILE
A shell script to send mail to all the users who got
weak passwords. You
should edit the message inside before using.
So, that was about it... hope you've got something from
this text.
Further readings: try reading ALL the documentation
you get with john in the docs
directory. Maybe it's a little bit chaotic, but....
man those are the docs :)
Ohh, wait, wait!!
Remember, not all password files can be cracked! Smart
admins alter the
encryption that they are using, especially when it comes
to root passwords.
But there are always other ways to get passwords. These
are covered in other
BSRF tutorials. Collect them all (lol) at http://blacksun.box.sk.
|