John The Ripper?!

[flipjargendy]

Can anyone tell me how John The Ripper (http://www.openwall.com/john/) works.

I understand that you can use it on a file to let it try to decrypt it (i think) but could you let it just keep attempting to login on a certain username on a website like http://Livejournal.com?

[adam7979]

first you would have to (legally or illegally) obtain a copy of /etc/passwd (or /etc/shadow) file, then run john ripper to "brute force" attack the password by guessing for one from a till z, aa till zz, aaa till zzz accoording to the range you specified, or using a dictionary file.

[flipjargendy]

Alright, that's what i thought. Thanks, i guess now i'll have to find out how to get the passwd file then, if possible.

[jaboua]

Mail me at jaboua@gmail.com if you find out...

EDIT: By the way have you tried through ftp? You often can log in as "anonymous" on ftp-servers...

[flipjargendy]

Yeah tried FTP and Telnet, either worked.

[jeickal]

The passwords are not in /etc/passwd but in /etc/shadows. Old *nix system used to have passwords in /etc/passwd, but since it's world readable, anyone could run a password cracker on it. This is why this user files has been split in 2. The /etc/shadow is only readable by root.
Now about how to see what's in /etc/shadow? Hum... I think this is a subjet against this forum's rules... sorry.

About the methods used by most password crackers: As far as I know, the algorythm to encode passwords is not decodable. When you log in, it encodes whatever you typed as a password and compares it to what's in /etc/shadows (the real password encoded) If it matches, the system lets you in. So do password crackers. This is why it takes ages to run them. If you suppose that the passwords are weak, using a dictionnary-like password cracker will be way faster. They used to be pretty usefull to sysadmin to check if the users are setting sufficiently secure passwords, but since few years most distros won't let user set trivial password, so no more need for password crackers.

[gwalters]

what way are passwords encrypted? if its md5 then there is always the md5-reversing website :P

[jeickal]

what way are passwords encrypted? if its md5 then there is always the md5-reversing website :P

It uses DES. I got this info about the non-decodabilty from a old unix book I read end of the 90s. Since you mentionned the reversability of MD5 I looked up DES and looks like encoding/decoding is using the same algorithm. Got this here ==> http://en.wikipedia.org/wiki/Data_Encryption_Standard

The Feistel structure ensures that decryption and encryption are very similar processes — the only difference is that the subkeys are applied in the reverse order when decrypting. The rest of the algorithm is identical. This greatly simplifies implementation, particularly in hardware, as there is no need for separate encryption and decryption algorithms.

Maybe that's what they meant in that book I read that there is no "decoding" algorythm".
Check out the man page of the fonction "crypt" for more info.

[Giro]

John the ripper works by taking a list of words and encrypting them line by line using the DES algorythem, which creates a hash of the word, then the resulting hash is compaired to the password files hash and if they match you know the word is the password (good passwords make this attack useless good for pr0n .passwd files though )

[jaboua]

Since UNIX-systems are so secure, is it possible to use the password-cracker on windows-password-files? And if so, where is the windows-password-file located?