Learning the usage of John The Ripper....few questions

[the_gr8_rules]

Hello all,
I'm learning the usage of JTR.
Read the docs a bit ( not whole ) and did some search on tutorial on it.
Found one by "weazy" also.

My processor is quite old one....its p3 600 MHz processor only. So i know it will take a long to crack the password.

I tried cracking some simple passwords...it did in short time.
now i've assigned the password "kill#23" to a user (slackware) and JTR is running for last 9-10 hrs trying cracking it.

1. Could something be done to make it faster (don't want to change my processor lol ). Means using some word list etc will help or just brute forcing is only option in this case (kill#23)

2. Making any changes in "rules" will help ???

3. Any guidelines using it in a better way.


regards

[Gogeta70]

Well, you can set a specific set of characters, and the max length of the words and stuff that you want to try.

[n3rd]

try a minimum of alphanumerics,

so dont start your wordlist with

a
aa
aaa
aaaa
aaaaa

just start with

aaaaa

because no 1 has a password of 1 letter XD

[DNR]

/www.outpost9.com/files/WordLists.html

When you fingerprint a computer or the person using the computer, you try to guess on which wordlist to try on that person. If the person is albanian, I know I will try a albanian wordlist. If the kid has a screen name of a movie or rock star or hacker-wanna-be, you try that kind of wordlist.

passphrases are the best kinds of passwords, dictionary and most created wordlist cannot match them easily if at all. Imagine passphrases that are misspelled 'yermahbieotch' or include alpha-numeric imposition 'c0vertlish3r3n0w'

Bruteforcing could eventually crack a passphrase, thats why I am sure the Feds could eventually crack anyone's password.

Change your passwords often and avoid using the same password for other not-so-secure logins. If you use the same password for AIM as you did on a Blowfish encrypted file, I am not going to bother cracking the blowfish, I'll crack the AIM login first and try that password.

DNR

[the_gr8_rules]

Thanks you all for the suggestions .

Bruteforcing could eventually crack a passphrase, thats why I am sure the Feds could eventually crack anyone's password.

I didn't get this "Feds".

I'll crack the AIM login first and try that password.
DNR

How is it possible to crack AIM or yahoo passwords.
To best of my knowledge its not possbile to run cracker on them as we won't have the hashes etc.
curious to know if its possible.

regards

[Gogeta70]

Their passwords are stored in the windows registry often, if the user decides to have yahoo or aim "remember him".

[n3rd]

also if u are behind the persons pc u want to hack ... use rainbow tables XD

[the_gr8_rules]

Thanks for the suggestions guys...


regards

[DNR]

feds, 1088's, badges, and even lawyers. Fed is a reference to government agencies that are tasked with computer crimes investigations, even NCSC.MIL , the national computer security center.

For thought. If you have a machine or network that can try 100,000 passwords _per second_ it will likely crack your password in an hour if not a few hours.
Changing your password often is one way to defeat this, sort of like a RSA mobile key that issues a new login password each time you have to login.

The key to this problem is a cracker gaining access to that hash or registry value to crack it.
The idea is to protect your personal computer from physical/remote access from spyware and ex-friends. If they can't get the hash or reg value, they can't crack it.

DNR

[DNR]

n3rd,
you mean
www.antsight.com/zsl/rainbowcrack/

[z3mwaz]

Also , if u try JTR on "other" pass words that they will likey be atleast 6-8 chacters long, since most system admin's make tham mandatory
on good site for JTR Guide's I found was:

windowz =
http://www.governmentsecurity.org/artic ... inners.php

http://www.governmentsecurity.org/artic ... torial.php

Linux = (get back to ya soon) sorry