The first step is to extract the username/password information from the relevant files, using the provided unshadow tool:
unshadow /etc/passwd /etc/shadow > /tmp/password.db
After that, john has three cracking modes:
» Aliases and Variables Keep Things Short and Simple
» Nagios Plugins
Read All Tips of the Trade
- Dictionary mode, which tests passwords based on dictionary words. You can use the provided dictionary or provide your own, and there's an option to enable "word mangling" rules.
- "Single crack" mode, which uses login names and various /etc/passwd values as password candidates, as well as applying word mangling rules.
Incremental mode, which tries all possible character combinations and will obviously take a very, very long time to run. You can change the parameters for this via the config file.
You can run one at a time (in which case, try "single crack" mode first), or run all of them consecutively with
To show results, use
john --show /tmp/password.db
unshadow will produce a password database only on systems that use /etc/passwd and /etc/shadow for login. For centralized systems, there's a Kerberos5 module available, or the supplied unafs utility extracts Kerberos AFS passwords. There's also a LDAP module.
Also remember that you can limit cracking attempts through measures such as locking out specific IP addresses after multiple failed ssh attempts or limiting the number of times a user can get a password wrong when logging on.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...