Learning the usage of John The Ripper....few questions

For beginners, flames not allowed...(just by the staff :P)
Post Reply
User avatar
the_gr8_rules
forum buddy
forum buddy
Posts: 14
Joined: 05 Sep 2006, 16:00
14
Contact:

Learning the usage of John The Ripper....few questions

Post by the_gr8_rules »

Hello all,
I'm learning the usage of JTR.
Read the docs a bit ( not whole ) and did some search on tutorial on it.
Found one by "weazy" also.

My processor is quite old one....its p3 600 MHz processor only. So i know it will take a long to crack the password.

I tried cracking some simple passwords...it did in short time.
now i've assigned the password "kill#23" to a user (slackware) and JTR is running for last 9-10 hrs trying cracking it.

1. Could something be done to make it faster (don't want to change my processor lol ). Means using some word list etc will help or just brute forcing is only option in this case (kill#23)

2. Making any changes in "rules" will help ???

3. Any guidelines using it in a better way.


regards

User avatar
Gogeta70
^_^
^_^
Posts: 3251
Joined: 25 Jun 2005, 16:00
15

Post by Gogeta70 »

Well, you can set a specific set of characters, and the max length of the words and stuff that you want to try.
¯\_(ツ)_/¯ It works on my machine...

User avatar
n3rd
Staff Member
Staff Member
Posts: 1474
Joined: 15 Nov 2005, 17:00
15
Location: my own perfect world in ma head :)
Contact:

Post by n3rd »

try a minimum of alphanumerics,

so dont start your wordlist with

a
aa
aaa
aaaa
aaaaa

just start with

aaaaa

because no 1 has a password of 1 letter XD

User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
15
Location: Michigan USA
Contact:

cracking my lips are smackin'

Post by DNR »

/www.outpost9.com/files/WordLists.html

When you fingerprint a computer or the person using the computer, you try to guess on which wordlist to try on that person. If the person is albanian, I know I will try a albanian wordlist. If the kid has a screen name of a movie or rock star or hacker-wanna-be, you try that kind of wordlist.

passphrases are the best kinds of passwords, dictionary and most created wordlist cannot match them easily if at all. Imagine passphrases that are misspelled 'yermahbieotch' or include alpha-numeric imposition 'c0vertlish3r3n0w'

Bruteforcing could eventually crack a passphrase, thats why I am sure the Feds could eventually crack anyone's password.

Change your passwords often and avoid using the same password for other not-so-secure logins. If you use the same password for AIM as you did on a Blowfish encrypted file, I am not going to bother cracking the blowfish, I'll crack the AIM login first and try that password.

DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.

User avatar
the_gr8_rules
forum buddy
forum buddy
Posts: 14
Joined: 05 Sep 2006, 16:00
14
Contact:

Re: cracking my lips are smackin'

Post by the_gr8_rules »

Thanks you all for the suggestions .
DNR wrote: Bruteforcing could eventually crack a passphrase, thats why I am sure the Feds could eventually crack anyone's password.
I didn't get this "Feds".
I'll crack the AIM login first and try that password.
DNR
How is it possible to crack AIM or yahoo passwords.
To best of my knowledge its not possbile to run cracker on them as we won't have the hashes etc.
curious to know if its possible.

regards

User avatar
Gogeta70
^_^
^_^
Posts: 3251
Joined: 25 Jun 2005, 16:00
15

Post by Gogeta70 »

Their passwords are stored in the windows registry often, if the user decides to have yahoo or aim "remember him".
¯\_(ツ)_/¯ It works on my machine...

User avatar
n3rd
Staff Member
Staff Member
Posts: 1474
Joined: 15 Nov 2005, 17:00
15
Location: my own perfect world in ma head :)
Contact:

Post by n3rd »

also if u are behind the persons pc u want to hack ... use rainbow tables XD

User avatar
the_gr8_rules
forum buddy
forum buddy
Posts: 14
Joined: 05 Sep 2006, 16:00
14
Contact:

Post by the_gr8_rules »

Thanks for the suggestions guys...


regards

User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
15
Location: Michigan USA
Contact:

feds?

Post by DNR »

feds, 1088's, badges, and even lawyers. Fed is a reference to government agencies that are tasked with computer crimes investigations, even NCSC.MIL , the national computer security center.

For thought. If you have a machine or network that can try 100,000 passwords _per second_ it will likely crack your password in an hour if not a few hours.
Changing your password often is one way to defeat this, sort of like a RSA mobile key that issues a new login password each time you have to login.

The key to this problem is a cracker gaining access to that hash or registry value to crack it.
The idea is to protect your personal computer from physical/remote access from spyware and ex-friends. If they can't get the hash or reg value, they can't crack it.

DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.

User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
15
Location: Michigan USA
Contact:

rainbow crack?

Post by DNR »

-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.

z3mwaz
suck-o-fied!
suck-o-fied!
Posts: 85
Joined: 23 Jul 2006, 16:00
14
Location: Texas
Contact:

Post by z3mwaz »

Also , if u try JTR on "other" pass words that they will likey be atleast 6-8 chacters long, since most system admin's make tham mandatory
on good site for JTR Guide's I found was:

windowz =
http://www.governmentsecurity.org/artic ... inners.php

http://www.governmentsecurity.org/artic ... torial.php

Linux = (get back to ya soon) sorry
“Yes, I am a criminal. My crime is that of curiosity.”

Post Reply