|
Using John the Ripper to Crack Unix Passwords
1)
First thing's first
I guess you're a newbie in pass-cracking like I was and
you've probably started John the Ripper full of enthusiasm,
and got.... nothing. So the first thought you have is 'my
god this must be hard, and I'm a newbie'. Forget it!!!
You're always a newbie, and we all are... in pass cracking
world, pardon, pass recovering world (or any world else) you
always have something to learn. Sometimes, even if you are
experienced in password cracking, you won't be able to crack
the password or even get your own password. This is a pure
technical manual and will give you only the recipe for
cracking, but every password needs different approach...
OK, so a good way to get somewhere is to start getting
somewhere...
What you're about to learn is to crack
*nix(Unix/Linux/etc.) password files. It does not mean that
you need to have some Unix distribution on your box, but it
means you'll have to stop clicking your ass off all around
the screen...
'What this fool is trying to say', you'll probably ask...
This fool is trying to say that john is a DOS program (there
is also Linux/Unix version, but I guess that most of the
people that read this tutorial have win boxes). I will try
to put this tutorial through the examples so it wouldn't
look like a boring script with incredible amount of
switches. After reading this text it wouldn't be a bad idea
to look at the texts you get with John. I learnt it all from
there, but that, of course, was the hard way, and you want
the easy way, right? Right.
First, it wouldn't be a bad idea to get yourself John the
Ripper, I guess... if you don't have it you can find it at:
1) packetstorm.securify.com (look at archives, password
cracking)
2) neworder.box.sk (do some searching by yourself)
John can be found practically anywhere. For example: try
going to altavista.com and running a search for 'john the
ripper'.
Second thing you'll need is.... a HUUUUGE amount of
password dictionaries (I'll explain what these are in a
minute). The best dictionary around is at www.theargon.com
and packetstorm (look at the archives) and is called
theargonlistserver1 and is about 20Mb packed, and over 200Mb
unpacked... get it!!!! The people at theargon did a terrific
job.
You should also get some smaller dictionary files (I'll
explain why later).
2) Do
we look like *nix?
So now you have john, loaded with that huuuuge pass
dictionary, and you think that you can crack anything... If
you plan to live for 100000 years, that wouldn't be a
problem, but you only have some 80 years left in the best
case scenario (unless, of course, scientists find a way
to... oh, nevermind).
Now, the first thing is that you have to make sure your
password file really looks like a Unix password file (were
talking about the /etc/passwd file).
Let's see how Unix pass files look like
owner:Ejrt3EJUnh5Ms:510:102:Some free
text:/home/subdir/owner:/bin/bash
The important part is the username and the encrypted
password, which are the first and the second parts (each
line is divided into seven parts by : symbols)
owner:Ejrt3EJUnh5Ms
Owner is the username and 'that other thing' is the crypted
password (encrypted in altered DES (Data Encryption
Standard) encryption). For the other part you can put
anything that looks like that but the structure must be same
so the john could recognize it as unix pass. In fact the
other part
:510:102:Some free text:/home/subdir/owner:/bin/bash
Is just some information about the user, his home
directory, etc...
Sometimes you'll have passes that have only the first and
second part, such as password files that you got from a
webboard running matt's web board script.
owner:Ejrt3EJUnh5Ms
You'll have to put the other part so that password would
look like unix pass, and you can do a copy-paste from
another pass, you can even use
:510:102:His name:/home/subdir/owner:/bin/bash
What you have now should look like:
owner:Ejrt3EJUnh5Ms:510:102:His
name:/home/subdir/owner:/bin/bash
Hell, you can even put
owner:Ejrt3EJUnh5Ms:a:a:a:a:a
It won't matter to john at all.
3)
We're getting somewhere... nowhere
Now you're ready to crack. Type in
john -w:words.lst password.file
Where words.lst is password dictionary and password file
where you have your password or passwords. If you use it on
example i gave to you you'll probably get password because
it's really weak pass. You'd be surprised to see that people
usually use really weak passes like their names, pet names,
or even their username (for example: username=zalabuk,
password=zalabuk).
Hint: Don't be stupid! Use strong passes like
p4sswr!@
p@s$w11s
with as many characters you can remember. Hint is to use
special characters and numbers those passes are much harder
to crack (I'll explain why in a minute).
The other hint is to use passes as long as you can
remember, 8 characters are sometimes not enough... it
depends what box that someone who cracks has... on dual
alpha is certainly not enough... in other words... more than
10 characters will do fine, even more wouldn't hurt (like
16...). By the way, older *nix have fixed pass length of 8
chars... that is old DES crypted pass that uses a 64-bit
key... now there are 128-bit keys, and some perverts use
even more, so there is more fun now :)
john -w:words.lst password.file
Wait
wait wait! What am I doing here?
Alright, listen up carefully. The DES encryption that Unix
uses CANNOT be reversed. Some encryptions can be reversed
using a sometimes simple or sometimes incredibly complicated
algorithm (in the 3rd century AD, Ceasar used to send
encrypted letters which used a formula of "shift by three",
which means that d stands for a, e stands for b etc'. At
that time, such an algorithm was just fine. Today, it
isn't).
So anyway, the altered DES encryption that Unix uses for
it's password files cannot be reversed. Why? Because it's a
key-based encryption. The encryption algorithm uses a bunch
of letters (lowercase and uppercase), numbers and symbols
within the algorithm. So, in other words, to run the
decryption algorithm you will need this key, which you
simply cannot just have, because the key is the password!
You see, when a user picks a password, the system generates
an encrypted password for him, called a hash (which is what
you get when you somehow acquire a password file), which is
created by running this altered DES algorithm using the
user's password as a key. If you try to decrypt the password
using standard reversable DES encryption, you get a null
string.
So how do John and other password crackers do it? Easy.
They try to recreate this process by taking passwords out of
these dictionary files (or wordlists) and using them as keys
for this altered DES algorithm process. Then, they compare
the result to all the encrypted passwords within the
password file you've given them. If the two strings match -
there you have it! The password is yours!
If the first step doesn't work, the next step would be to
do this:
john -w:words.lst -rules password.file
This switch turn on not only browsing through the
dictionary, but it uses some modifications of the words that
are word dictionary (like adding a number at the end of pass
- fool -> fool1, etc' etc'). This one will take long with
huge pass dictionary, but it may give better results... For
a start you could do a try with a small pass dictionary, and
if it doesn't works you can try it with a huge pass
dictionary.
Sometimes people are not stupid when they choose passwords
and basic rules won't do a job... aaargh. As you've seen it
takes more and more time for your CPU to crack this thing
out as we go further. Now you can leave your computer on and
go to sleep....
If you want to get even more possible passwords out of your
password file, try typing
john -i password.file
This -i stands for incremental cracking, not a really good
word for it, but...
Okay, what the hell does it do? It uses the default
incremental mode parameters, which are defined in john.ini.
What does this mean? Do you remember -rules? Yes, well, of
course you do, unless you're either incredibly senile or
you've stopped reading after this part and only came back,
like... a couple of years later. That is very much like
rules, but much much more powerful than -rules, and it takes
much, much more time.
4) So
where are we now (dictionary vs. brute-force)?
You can see that in all cases you use so-called dictionary
cracking... but hell, why not just run John on a mode where
it tried all possible combinations of lowercase and
uppercase letters, numbers and symbols? I mean, this would
be much more efficient, right? ... WROOOOOOONGG!!!
This method is called 'brute-force' attack (basically,
dictionary attack is also sort of brute-force attack, but
most people use the word brute-force for this specific
attack).
What are the differences? First and most important, with
dictionary you go through the selected words that could be
passwords and their modifications, and with brute force
cracking you use ALL possible combinations. That means you
have
comb=nrch^let
where:
comb - number of possible combinations
nrch - number of chars
let - number of letters used
In case you're dealing with john's default -i 95 character
set and, presume, a 6 letter password you have possible
735091890625 combinations! OUCH!!
Sure, this is useful for passwords like 2405v7, but
still... with the computational powers of today's modern PC,
I'd just give up, unless I had access to some University's
supercomputer, which I'd bet noone would ever give me (well,
at least not for free, and certainly not to run a password
cracker on it).
As you can see it can take a looooong time until you crack
a single one pass, do a little math and try to calculate how
many possible combinations there are for 10, 12 and 16
chars.
I don't think you'll like the answer :)
Of course, sometimes dictionary attacks are not enough, but
john has very powerful 'thinking'. In 'incremental' mode
john will do all possible combinations from 0 to 8
characters (by zero password length is considered a hashed
empty string, this sometimes happens). So incremental mode
is one sort of brute-force attack in some way...
If you want to fire all weapons at one then you use
john password.file
this will do first basic dictionary attack, then -rules,
then -i
5)
What if...
Ok, you have to turn off your box from time to time, don't
you? If you're doing that haaard password that will take
more than 20 hours of cracking you can set john with ctrl+c
and then resume with
john -restore
If your box crashes or if there's a power failure, you
won't be able to restore your cracking sessions
(sometimes)... well that's just too bad. Hell, it happened
to me once :-(
John is modular, and that is the most powerful thing about
john the ripper, and that is what makes john the most
advanced password cracker. John is very, very modular. John
uses modes that are described in john.ini (do you still
remember that incremental cracking i was talking about?
Modes for rules and incremental are described in john.ini).
If you're some inventive guy then you may change the
parameters in john.ini.
Here is example how some default parameters for -i look
like:
# Incremental modes
[Incremental:All]
File = ~/all.chr
MinLen = 0
MaxLen = 8
CharCount = 95
Ok... what do we have here?
[Incremental:All] - this stands for the beginning of the
definition for the -i:all switch File - filename of file
that has characters used in mode -i:all (whole character
set) MinLen - logically, minimum length of password that
john -i:all would try MaxLen - even more logical, maximum
length of password that will john -i:all try CharCount -
number of chars used by john when you 'turn on' this switch
So, there are some more switches... heh
Yes there are and down there are all default modes pasted
from john the ripper's documents:
John
the Ripper's Command Line Options
You can list any number of password files on John's command
line, and also specify some of the following options (all of
them are case sensitive, but can be abbreviated; you can
also use the GNU-style long options syntax):
- single "single crack" mode Enables the "single crack"
mode, using rules from [List.Rules:Single].
- wordfile:FILE wordlist mode, read words from FILE,
- stdin or from stdin These are used to enable the wordlist
mode.
- rules enable rules for wordlist mode Enables wordlist
rules, that are read from [List.Rules:Wordlist].
- incremental[:MODE] incremental mode [using section MODE]
Enables the incremental mode, using the specified ~/john.ini
definition (section [Incremental:MODE], or [Incremental:All]
by default).
- external:MODE external mode or word filter Enables an
external mode, using external functions defined in
~/john.ini's [List.External:MODE] section.
- stdout[:LENGTH] no cracking, write words to stdout When
used with a cracking mode, except for "single crack", makes
John print the words it generates to stdout instead of
cracking. While applying
- wordlist rules, the significant password length is
assumed to be LENGTH, or unlimited by default.
- restore[:FILE] restore an interrupted session Continues
an interrupted cracking session, reading point information
from the specified file (~/restore by default).
- session:FILE set session file name to FILE Allows you to
specify another point information file's name to use for
this cracking session. This is useful for running multiple
instances of John in parallel, or just to be able to recover
an older session later, not always continue the latest one.
- status[:FILE] print status of a session [from FILE]
Prints status of an interrupted or running session. To get
an up to date status information of a detached running
session, send that copy of John a SIGHUP before using this
option.
- makechars:FILE make a charset, overwriting FILE Generates
a charset file, based on character frequencies from
~/john.pot, for use with the incremental mode. The entire
~/john.pot will be used for
- the charset file unless you specify some password files.
You can also use an external filter() routine with this
option.
- show show cracked passwords Shows the cracked passwords
in a convenient form. You should also specify the password
files. You can use this option while another John is
cracking, to see what it did so far.
- test perform a benchmark Benchmarks all the enabled
ciphertext format crackers, and tests them for
correct operation at the same time.
- users:[-]LOGIN|UID[,..] load this (these) user(s) only
Allows you to filter a few accounts for cracking, etc. A
dash before the list can be used to invert the check (that
is, load all the users that aren't listed).
groups:[-]GID[,..] load this (these) group(s) only Tells
John to load users of the specified group(s) only.
- shells:[-]SHELL[,..] load this (these) shell(s) only This
option is useful to load accounts with a valid shell only,
or not to load accounts with a bad shell. You can omit the
path before a shell name, so '-shells:csh' will match both
'/bin/csh' and '/usr/bin/csh', while '-shells:/bin/csh' will
only match '/bin/csh'.
salts:[-]COUNT set a passwords per salt limit This
feature sometimes allows to achieve better performance. For
example you can crack only some salts using '-salts:2'
faster, and then crack the
rest using '-salts:-2'. Total cracking time will be about
the same, but you will get some passwords cracked earlier.
- format:NAME force ciphertext format NAME
Allows you to override the ciphertext format detection.
Currently, valid
format names are DES, BSDI, MD5, BF, AFS, LM. You can use
this option when
cracking or with '-test'. Note that John can't crack
password files with
different ciphertext formats at the same time.
- savemem:LEVEL enable memory saving, at LEVEL 1..3
You might need this option if you don't have enough
memory, or don't want
John to affect other processes too much. Level 1 tells
John not to waste
memory on login names, so you won't see them while
cracking. Higher levels
have a performance impact: you should probably avoid
using them unless John
doesn't work or gets into swap otherwise.
6)
Tips
I) A
good schedule to do your cracking job is
john -w:words.lst password.file
john -w:words.lst -rules password.file
john -w:words.lst password.file
john -i:digits password.file
john -i:all password.file
II) If
you have a file that has only passes that look like
owner:*:510:102:His name:/home/subdir/owner:/bin/bash
you have a shadowed passwords file. Go to the Byte-Me page
at blacksun.box.sk and try to find out more about password
files (I'll leave it up to you to do this. It's important
that you'll learn how to find things by yourself).
III)
You have some little tools that you get with john, they are
all listed below (from john's docs)
unshadow PASSWORD-FILE SHADOW-FILE
Combines the passwd and shadow files (when you already have
access to both) for use with John. You might need this since
if you only used your shadow file, the GECOS information
wouldn't be used by the "single crack" mode, and also you
wouldn't be able to use the '-shells' option. You'll usually
want to redirect the output of 'unshadow' to a file.
unafs DATABASE-FILE CELL-NAME
Gets password hashes out of the binary AFS database, and
produces a file usable by John (again, you should redirect
the output yourself).
unique OUTPUT-FILE
Removes duplicates from a wordlist (read from stdin),
without changing the order. You might want to use this with
John's '-stdout' option, if you got a lot of disk space to
trade for the reduced cracking time.
mailer PASSWORD-FILE
A shell script to send mail to all the users who got weak
passwords. You should edit the message inside before using.
So, that was about it... hope you've got something from
this text. Further readings: try reading ALL the
documentation you get with john in the docs directory. Maybe
it's a little bit chaotic, but.... man those are the docs :)
Ohh, wait, wait!!
Remember, not all password files can be cracked! Smart
admins alter the encryption that they are using, especially
when it comes to root passwords. But there are always other
ways to get passwords. These are covered in other BSRF
tutorials. Collect them all (lol) at
http://blacksun.box.sk.
Credits:
Written by caboom Raven
Version 1.0
Date: 14/1/2000 |