John
De Linuxmemo.
(Différences entre les versions)
(→Les modes) |
(→Install Jumbo version) |
||
| (25 versions intermédiaires masquées) | |||
| Ligne 18 : | Ligne 18 : | ||
*Wordlist (a text file containing one word per line) | *Wordlist (a text file containing one word per line) | ||
John will simply use a file with a list of words that will be checked against the passwords. See RULES for the format of wordlist files. | John will simply use a file with a list of words that will be checked against the passwords. See RULES for the format of wordlist files. | ||
| - | + | -wordlist:FILE -stdin wordlist mode, read words from FILE or stdin | |
| - | *Single crack | + | *Single crack (depuis les champs login/GECOS) |
In this mode, john will try to crack the password using the login/GECOS information as passwords. | In this mode, john will try to crack the password using the login/GECOS information as passwords. | ||
| - | + | -single "single crack" mode | |
| - | *Incremental | + | *Incremental (Brut Force) |
This is the most powerful mode. John will try any character combination to resolve the password. Details about these modes can be found in the MODES file in john's documentation, including how to define your own cracking methods. | This is the most powerful mode. John will try any character combination to resolve the password. Details about these modes can be found in the MODES file in john's documentation, including how to define your own cracking methods. | ||
| - | + | -incremental[=MODE] "incremental" mode [using section MODE] | |
| + | [Incremental:All] (by default) | ||
| + | [Incremental:ASCII] | ||
| + | [Incremental:LM_ASCII] | ||
| + | [Incremental:Alnum] | ||
| + | [Incremental:Alpha] | ||
| + | [Incremental:LowerNum] | ||
| + | [Incremental:UpperNum] | ||
| + | [Incremental:LowerSpace] | ||
| + | [Incremental:Lower] | ||
| + | [Incremental:Upper] | ||
| + | [Incremental:Digits] | ||
*External | *External | ||
| - | + | -external=MODE external mode or word filter | |
| - | Pour chaque mode: | + | Pour chaque mode (a utiliser car enrichi chaque mode): |
| - | + | -rules enable word mangling rules for selected mode | |
==Autres options== | ==Autres options== | ||
| - | + | -stdout[=LENGTH] just output candidate passwords [cut at LENGTH] | |
| - | + | -session=NAME give a new session the NAME | |
| - | + | -status[=NAME] print status of a session [called NAME] | |
| - | + | -make-charset=FILE make a charset, FILE will be overwritten | |
| - | + | -test[=TIME] run tests and benchmarks for TIME seconds each | |
| - | + | -users=[-]LOGIN|UID[,..] [do not] load this (these) user(s) only | |
| - | + | -groups=[-]GID[,..] load users [not] of this (these) group(s) only | |
| - | + | -shells=[-]SHELL[,..] load users with[out] this (these) shell(s) only | |
| - | + | -salts=[-]COUNT load salts with[out] at least COUNT passwords only | |
| - | + | -save-memory=LEVEL enable memory saving, at LEVEL 1..3 | |
| - | + | -format=NAME Override the ciphertext format detection. Currently, valid format names are DES, BSDI, MD5, BF, AFS, LM. | |
==Résultats== | ==Résultats== | ||
| Ligne 55 : | Ligne 66 : | ||
john -show passwd.txt | john -show passwd.txt | ||
==Session== | ==Session== | ||
| - | + | #Start: john --incremental[=MODE] --save-memory=2 [--session=crack1] --min-len=9 --max-len=14 fileWithPasse | |
| - | + | #Abort: Press 'q' or Ctrl-C to abort saving point information to a file (john.rec by default) | |
| - | + | #status: john --status[=crack1] | |
| - | + | #restore session: john --restore[=crack1] | |
| + | #show: john --show fileWithPasse | ||
| + | |||
| + | ==Mask== | ||
| + | https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/doc/MASK | ||
| + | |||
| + | - Static letters. | ||
| + | - Ranges in [aouei] or [a-z] syntax. Or both, [0-9abcdef] is the same as | ||
| + | [0-9a-f]. | ||
| + | - Placeholders that are just a short form for ranges, like ?l which is | ||
| + | 100% equivalent to [a-z]. | ||
| + | - ?l lower-case ASCII letters | ||
| + | - ?u upper-case ASCII letters | ||
| + | - ?d digits | ||
| + | - ?s specials (all printable ASCII characters not in ?l, ?u or ?d) | ||
| + | - ?a full 'printable' ASCII. Note that for formats that don't recognize case | ||
| + | (eg. LM), this only includes lower-case characters which is a tremendous | ||
| + | reduction of keyspace for the win. | ||
| + | - ?B all 8-bit (0x80-0xff) | ||
| + | - ?b all (0x01-0xff) (the NULL character is currently not supported by core). | ||
| + | - ?h lower-case HEX digits (0-9, a-f) | ||
| + | - ?H upper-case HEX digits (0-9, A-F) | ||
| + | - ?L lower-case non-ASCII letters | ||
| + | - ?U upper-case non-ASCII letters | ||
| + | - ?D non-ASCII "digits" | ||
| + | - ?S non-ASCII "specials" | ||
| + | - ?A all valid characters in the current code page (including ASCII). Note | ||
| + | that for formats that don't recognize case (eg. LM), this only includes | ||
| + | lower-case characters which is a tremendous reduction of keyspace. | ||
| + | - Placeholders that are custom defined, so we can e.g. define ?1 to mean [?u?l] | ||
| + | ?1 .. ?9 user-defined place-holder 1 .. 9 | ||
| + | - Placeholders for Hybrid Mask mode: | ||
| + | ?w is a placeholder for the original word produced by the parent mode in | ||
| + | Hybrid Mask mode. | ||
| + | ?W is just like ?w except the original word is case toggled (so PassWord | ||
| + | becomes pASSwORD). | ||
| + | |||
==Unix like== | ==Unix like== | ||
unshadow /etc/passwd /etc/shadow > mypasswd | unshadow /etc/passwd /etc/shadow > mypasswd | ||
| + | |||
| + | ==Install Jumbo version== | ||
| + | git clone https://github.com/magnumripper/JohnTheRipper.git JohnTheRipper | ||
| + | apt install libssl-dev libgmp-dev libbz2-dev libmeep-openmpi-dev ocl-icd-opencl-dev libblacs-mpi-dev | ||
| + | cd JohnTheRipper/src | ||
| + | ./configure | ||
| + | make -s clean && make -sj4 | ||
| + | ./john | ||
| + | |||
| + | cd /home/ici/git/JohnTheRipper/run | ||
| + | ./keepass2john keepass2.kdbx | ||
| + | |||
| + | |||
| + | all files (john.conf, john.pot, john.rc) is in the same directory. | ||
Version actuelle en date du 21 décembre 2020 à 14:47
John the Ripper password cracker
John est capable de casser différents formats de chiffrement de mots de passe, notamment les mots de passe:
crypt(Unix), MD5, Blowfish, Kerberos, AFS, et les LM hashes de Windows NT/2000/XP/2003.
Des modules additionnels sont disponibles pour lui permettre de casser les mots de passe basés sur les hash MD4 et les mots de passe enregistrés dans MySQL ou LDAP, ainsi que les mots de passe NTLM, pour les de rnières versions de Windows.
Usage: john [OPTIONS] [PASSWORD-FILES]
All the options recognized by john start with a single dash (`-').
Sommaire |
[modifier] Les modes
If no mode is specified, john will try "single" first, then "wordlist" and finally "incremental".
- Wordlist (a text file containing one word per line)
John will simply use a file with a list of words that will be checked against the passwords. See RULES for the format of wordlist files.
-wordlist:FILE -stdin wordlist mode, read words from FILE or stdin
- Single crack (depuis les champs login/GECOS)
In this mode, john will try to crack the password using the login/GECOS information as passwords.
-single "single crack" mode
- Incremental (Brut Force)
This is the most powerful mode. John will try any character combination to resolve the password. Details about these modes can be found in the MODES file in john's documentation, including how to define your own cracking methods.
-incremental[=MODE] "incremental" mode [using section MODE] [Incremental:All] (by default) [Incremental:ASCII] [Incremental:LM_ASCII] [Incremental:Alnum] [Incremental:Alpha] [Incremental:LowerNum] [Incremental:UpperNum] [Incremental:LowerSpace] [Incremental:Lower] [Incremental:Upper] [Incremental:Digits]
- External
-external=MODE external mode or word filter
Pour chaque mode (a utiliser car enrichi chaque mode):
-rules enable word mangling rules for selected mode
[modifier] Autres options
-stdout[=LENGTH] just output candidate passwords [cut at LENGTH] -session=NAME give a new session the NAME -status[=NAME] print status of a session [called NAME] -make-charset=FILE make a charset, FILE will be overwritten -test[=TIME] run tests and benchmarks for TIME seconds each
-users=[-]LOGIN|UID[,..] [do not] load this (these) user(s) only -groups=[-]GID[,..] load users [not] of this (these) group(s) only
-shells=[-]SHELL[,..] load users with[out] this (these) shell(s) only
-salts=[-]COUNT load salts with[out] at least COUNT passwords only
-save-memory=LEVEL enable memory saving, at LEVEL 1..3
-format=NAME Override the ciphertext format detection. Currently, valid format names are DES, BSDI, MD5, BF, AFS, LM.
[modifier] Résultats
Once John finds a password, it will be printed to the terminal and saved into a file called ~/.john/john.pot.
cat ~/.john/john.pot
John will read this file when it restarts so it doesn't try to crack already done passwords. To see the cracked passwords, use
john -show passwd.txt
[modifier] Session
- Start: john --incremental[=MODE] --save-memory=2 [--session=crack1] --min-len=9 --max-len=14 fileWithPasse
- Abort: Press 'q' or Ctrl-C to abort saving point information to a file (john.rec by default)
- status: john --status[=crack1]
- restore session: john --restore[=crack1]
- show: john --show fileWithPasse
[modifier] Mask
https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/doc/MASK
- Static letters.
- Ranges in [aouei] or [a-z] syntax. Or both, [0-9abcdef] is the same as
[0-9a-f].
- Placeholders that are just a short form for ranges, like ?l which is
100% equivalent to [a-z].
- ?l lower-case ASCII letters
- ?u upper-case ASCII letters
- ?d digits
- ?s specials (all printable ASCII characters not in ?l, ?u or ?d)
- ?a full 'printable' ASCII. Note that for formats that don't recognize case
(eg. LM), this only includes lower-case characters which is a tremendous
reduction of keyspace for the win.
- ?B all 8-bit (0x80-0xff)
- ?b all (0x01-0xff) (the NULL character is currently not supported by core).
- ?h lower-case HEX digits (0-9, a-f)
- ?H upper-case HEX digits (0-9, A-F)
- ?L lower-case non-ASCII letters
- ?U upper-case non-ASCII letters
- ?D non-ASCII "digits"
- ?S non-ASCII "specials"
- ?A all valid characters in the current code page (including ASCII). Note
that for formats that don't recognize case (eg. LM), this only includes
lower-case characters which is a tremendous reduction of keyspace.
- Placeholders that are custom defined, so we can e.g. define ?1 to mean [?u?l]
?1 .. ?9 user-defined place-holder 1 .. 9
- Placeholders for Hybrid Mask mode:
?w is a placeholder for the original word produced by the parent mode in
Hybrid Mask mode.
?W is just like ?w except the original word is case toggled (so PassWord
becomes pASSwORD).
[modifier] Unix like
unshadow /etc/passwd /etc/shadow > mypasswd
[modifier] Install Jumbo version
git clone https://github.com/magnumripper/JohnTheRipper.git JohnTheRipper apt install libssl-dev libgmp-dev libbz2-dev libmeep-openmpi-dev ocl-icd-opencl-dev libblacs-mpi-dev cd JohnTheRipper/src ./configure make -s clean && make -sj4 ./john
cd /home/ici/git/JohnTheRipper/run ./keepass2john keepass2.kdbx
all files (john.conf, john.pot, john.rc) is in the same directory.
