- 1 Vapor IO Brings OpenDCRE to General Availability
- 2 VMware Takes the Wraps Off vRealize Automation and vRealize Business
- 3 Microsoft Previews Hyper-V Containers for Windows Server 2016
- 4 Mirantis Led FUEL Project Gets Installed Under OpenStack Big Tent
- 5 Red Hat Enterprise Linux 7.2 Adds Security, DR Features
The first step is to extract the username/password information from the relevant files, using the provided unshadow tool:
unshadow /etc/passwd /etc/shadow > /tmp/password.db
After that, john has three cracking modes:
» Aliases and Variables Keep Things Short and Simple
» Nagios Plugins
Read All Tips of the Trade
- Dictionary mode, which tests passwords based on dictionary words. You can use the provided dictionary or provide your own, and there's an option to enable "word mangling" rules.
- "Single crack" mode, which uses login names and various /etc/passwd values as password candidates, as well as applying word mangling rules.
Incremental mode, which tries all possible character combinations and will obviously take a very, very long time to run. You can change the parameters for this via the config file.
You can run one at a time (in which case, try "single crack" mode first), or run all of them consecutively with
To show results, use
john --show /tmp/password.db
unshadow will produce a password database only on systems that use /etc/passwd and /etc/shadow for login. For centralized systems, there's a Kerberos5 module available, or the supplied unafs utility extracts Kerberos AFS passwords. There's also a LDAP module.
Also remember that you can limit cracking attempts through measures such as locking out specific IP addresses after multiple failed ssh attempts or limiting the number of times a user can get a password wrong when logging on.