The accounts which JTR can c*a* must have the following format:
Fabian:56FgemjhWD9g6
colsen:99lu/CUMikgxM
ibunton:52plhWx7Iv.Cg
tommyb:90rhlDur.3ofE
Minutolo:86c9kUFc/2qxE
schwange:92LsZO7AsKIZA
^^user^^:^^^^hash^^^^^
The "weird" characters after the ':' is called the hash. A hash is nothing more than a code/number generated from a string of text. These hashes can be c*a* with JTR. The DES hashes which are used in cc*ill.logs are always 13 chars long.
WORDLIST MODE
JTR has different c*a* modes. One of the fastest way is to use a wordlist. The wordlist has to be a single wordlist and NOT a combolist. To make your own single wordlist (text file containing one word per line), you could think of using dictionaries of different languages, familynames, petnames, movie names, etc. I will supply some links where you can find such wordlists.
To let JTR work with a wordlist you run JTR like this (in a command-window):
john -wordfile:WORDLIST.TXT PORN_ACCOUNTS.TXT
where PASSES.TXT is your wordlist file, and PORN_ACCOUNTS.TXT is the file containing the usernames and hashes like shown above.
You can do a more advanced way of wordlist c*a* by supplying a
-rules parameter like this:
john -wordfile:WORDLIST.TXT -rules PORN_ACCOUNTS.TXT
This mode will take some more time, but the chance to c*a* more accounts increases quite a lot.In this mode JTR will test each word in the wordlist including variations of that word, like adding a number before or after the word, removing vowels and other nifty tricks.
Here you have a screenshot if you start john c*a* with a wordlist:
Loaded 945 passwords with 97 different salts (Traditional DES [64/64 BS MMX])
forest5 (temptor)
tomato (marley)
guesses:2 time: 0:00:00:08 0% c/s:109080040 trying: aljarfa - alkamin
anubis (jbwein)
guesses:3 time: 0:00:00:23 1% c/s:109082277 trying: berozo - berryton
Session aborted
If JTR is busy, you can hit [space] to display the current status. As seen in the above screenshot, you will get a status line with the number of guesses so far, how long JTR has been running (days:hours:minutes:seconds), the progress indicator, the speed in combinations of login and password per second and the current password tries. If JTR c*a* an account it will show you the password first and between the ( ) the loginname. If you have enough passes and you want to quit JTR, use ctrl-break (do NOT press ctrl-c twice, because that will not save your results to JTR's history (.POT file) and the restore file). In windows I have the experience that CTRL-C will not save the session either. You have explicitly use the Ctrl-Break combination!
If you have aborted JTR and want to let JTR resume the c*a*, you can restore the interrupted session with this: john -restore
If you want to see which accounts JTR has been c*a*, you use the option -show: john -show PORN_ACCOUNTS.TXT
To save the c*a* accounts to a file, you can use the standard redirection: john -show PORN_ACCOUNTS.TXT > c*a*.txt
SINGLE c*a* MODE
This is the most easiest and probably fastest mode you should try first on your password files. It uses the logins to construct passwords with many different rules.
john -single PORN_ACCOUNTS.TXT
INCREMENTAL c*a* MODE
This is the most advanced and powerful c*a* mode of JTR. In this mode JTR will try every possible character combination. With the maximum length of passwords around 8, it will seem that JTR will never terminate his session. It will end eventually but it can take months, even years to complete it. JTR has some advanced methods when it comes to trying every possible character combination. It uses character frequency tables and stuff, to improve the chance of success.
There are different character sets which you can use. The charsets which are delivered with JTR are the following:
All : this character sets contains 95 different chars (all letters, numbers, chars like !@#$%^&*()_+)
Alpha : this character sets contains 26 different chars (a to z)
Digits : this character sets contains 10 different chars (0 to 9)
LanMan : this character sets contains 65 different chars, and is primarly used for c*a* LanMan passwords which are used by WindowsNT.
If you don't specify a
john -i PORN_ACCOUNTS.TXT
john -i:digits PORN_ACCOUNTS.TXT
john -i:alpha PORN_ACCOUNTS.TXT
Some tips - some are advanced
1. If you alphabeticly sort your wordlist, JTR will be running a little faster. Another advantage of sorting is that JTR can detect dupes by himself.
2. Although the maximum length of the password is normally 8 chars, don't remove or truncate the words in the wordlist which are larger than 8 chars. The rest maybe needed by the -rules option (think of the vowel-removing rule). John is btw smart enough not to test two passwords again if the list is sorted.
3. JTR can make use of wildcards, such as:
john -wordfile:WORDLIST.TXT -rules accounts*.txt
It will load all accounts*.txt file and starts c*a* all the accounts in them.
4. The amount of different salts has effect on the speed of JTR. How more salts must be calculated, the slower JTR is. To speed up the whole process you can chose to let JTR try salts with
john -wordfile:WORDLIST.TXT -rules -salts:5 PORN_ACCOUNTS.TXT
To test the rest of the salts (those with less than 5 passwords), use -
john -wordfile:WORDLIST.TXT -rules -salts:-5 PORN_ACCOUNTS.TXT
5. To have more than one session which you can restore, you can let the session be saved as
john -wordfile:WORDLIST.TXT -rules -session:firsttry PORN_ACCOUNTS.TXT
john -restore:firsttry
john -status:firsttry
6. If you have c*a* a lot of accounts, it can be more effective to make your own charset. Your custom made charset will not only contain the chars used in the c*a* passwords, but will determine the character frequencies too to make JTR more efficient and faster in c*a* passwords. To make your own charset the following steps have to be made:
a) Make your own charset
john -makechars:THEBEST.CHR PORN_ACCOUNTS.TXT
Loaded 73618 plaintexts
Generating charsets... 1 2 3 4 5 6 7 8 DONE
Generating c*a* order... DONE
Successfully written charset file: thebest.chr (65 characters)
Edit the config file JOHN.CONF
- search for "[Incremental:All]" and you will see a section like this:
# Incremental modes
[Incremental:All]
File = $JOHN/all.chr
MinLen = 0
MaxLen = 8
CharCount = 95
- here you can add your own section (the CharCount will be given by JTR if you created a custom charset) to the config file
[Incremental:THEBEST]
File = $JOHN/THEBEST.CHR
MinLen = 3
MaxLen = 8
CharCount = 65
c) Now you can run JTR with -i:THEBEST
Posts
No comments:
Post a Comment