Cracking Passwords

Enforcing password security with a multiple-user system can be a hassle —
users all too often use inadequate passwords. john-the-ripper (also available
via most distros) is a password-cracking tool that enables the identification of
vulnerable passwords before someone with nefarious intentions finds the
weakness.

Tip of the Trade: Find password weaknesses before it’s too late. john-the-ripper offers three cracking modes to evaluate passwords.

The first step is to extract the username/password information from the relevant files, using the provided unshadow tool:

unshadow /etc/passwd /etc/shadow > /tmp/password.db

After that, john has three cracking modes:

1. Dictionary mode, which tests passwords based on dictionary words. You can
   use the provided dictionary or provide your own, and there’s an option to
   enable “word mangling” rules.
2. “Single crack” mode, which uses login names and various
   /etc/passwd values as password candidates, as well as applying
   word mangling rules.

Incremental mode, which tries all possible character combinations and
will obviously take a very, very long time to run. You can change the
parameters for this via the config file.

You can run one at a time (in which case, try “single crack” mode
first), or run all of them consecutively with

john /tmp/password.db

To show results, use

john --show /tmp/password.db

unshadow will produce a password database only on systems that
use /etc/passwd and /etc/shadow for login. For centralized
systems, there’s a Kerberos5
module available, or the supplied unafs utility extracts
Kerberos AFS passwords. There’s also a LDAP module.

Also remember that you can limit cracking attempts
through measures such as locking out specific IP addresses after multiple failed ssh attempts or limiting the number of times a user can get a password wrong when logging on.