John

De Linuxmemo.

John the Ripper password cracker

http://www.openwall.com/john/

John est capable de casser différents formats de chiffrement de mots de passe, notamment les mots de passe:

crypt(Unix), MD5, Blowfish, Kerberos, AFS, et les LM hashes de Windows NT/2000/XP/2003.

Des modules additionnels sont disponibles pour lui permettre de casser les mots de passe basés sur les hash MD4 et les mots de passe enregistrés dans MySQL ou LDAP, ainsi que les mots de passe NTLM, pour les de rnières versions de Windows.


Usage: john [OPTIONS] [PASSWORD-FILES]

Les modes

If no mode is specified, john will try "single" first, then "wordlist" and finally "incremental". 

--single                   "single crack" mode
--wordlist=FILE --stdin    wordlist mode, read words from FILE or stdin
--rules                    enable word mangling rules for wordlist mode
--incremental[=MODE]       "incremental" mode [using section MODE]
--external=MODE            external mode or word filter

--stdout[=LENGTH]          just output candidate passwords [cut at LENGTH]
--restore[=NAME]           restore an interrupted session [called NAME]
--session=NAME             give a new session the NAME
--status[=NAME]            print status of a session [called NAME]
--make-charset=FILE        make a charset, FILE will be overwritten
--show                     show cracked passwords
--test[=TIME]              run tests and benchmarks for TIME seconds each
--users=[-]LOGIN|UID[,..]  [do not] load this (these) user(s) only
--groups=[-]GID[,..]       load users [not] of this (these) group(s) only
--shells=[-]SHELL[,..]     load users with[out] this (these) shell(s) only
--salts=[-]COUNT           load salts with[out] at least COUNT passwords only
--format=NAME              force hash type NAME: DES/BSDI/MD5/BF/AFS/LM/crypt
--save-memory=LEVEL        enable memory saving, at LEVEL 1..3



--format=NAME              Override the ciphertext format detection. Currently, valid format names are DES, BSDI, MD5, BF,  AFS,  LM.

Résultats

Once John finds a password, it will be printed to the terminal and saved into a file called ~/.john/john.pot. 

cat ~/.john/john.pot

John will read this file when it restarts so it doesn't try to crack already done passwords. To see the cracked passwords, use 

john -show passwd.txt

Session

Press 'q' or Ctrl-C to abort saving point information to a file ( ~/.john/john.rec by default) To continue an interrupted session, run: 

john -restore
Récupérée de « http://linuxmemo.free.fr/index.php?title=John »
Outils personnels