Both unshadow and john commands are distributed with "John the Ripper security" software. It act as a fast password cracker software. It is a free and Open Source software. It runs on Windows, UNIX and Linux operating system. Use this tool to find out weak users passwords on your own server or workstation powered by Unix-like systems.
John cracking modes
|Requirements||John the Ripper|
|Estimated completion time||N/A|
[a] Wordlist : John will simply use a file with a list of words that will be checked against the passwords. See RULES for the format of wordlist files.
[b] Single crack : In this mode, john will try to crack the password using the login/GECOS information as passwords.
[c] Incremental : This is the most powerful mode. John will try any character combination to resolve the password. Details about these modes can be found in the MODES file in john’s documentation, including how to define your own cracking methods.
Install John the Ripper Password Cracking Tool
John the ripper is not installed by default. If you are using Debian / Ubuntu Linux, enter:
$ sudo apt-get install john
RHEL, CentOS, Fedora, Redhat Linux user can grab john the ripper here. Once downloaded use the rpm command as follows to install the same:
# rpm -ivh john*
How do I use John the ripper to check weak passwords or crack passwords?
First use the unshadow command to combines the /etc/passwd and /etc/shadow files so John can use them. You might need this since if you only used your shadow file, the GECOS information wouldn’t be used by the "single crack" mode, and also you wouldn’t be able to use the -shells option. On a normal system you’ll need to run unshadow as root to be able to read the shadow file. So login as root or use old good sudo / su command under Debian / Ubuntu Linux:
$ sudo /usr/sbin/unshadow /etc/passwd /etc/shadow > /tmp/crack.password.db
RHEL / CentOS / Fedora Linux user type the following command:
# /usr/bin/unshadow /etc/passwd /etc/shadow > /tmp/crack.password.db
To check weak password (crack password), enter the following command:
To use John, you just need to supply it a password file created using unshadow command along with desired options. If no mode is specified, john will try "single" first, then "wordlist" and finally "incremental" password cracking methods.
$ john /tmp/crack.password.db
john /tmp/crack.password.db Loaded 1 password (FreeBSD MD5 [32/32])
This procedure will take its own time. To see the cracked passwords, enter:
$ john -show /tmp/crack.password.db
test:123456:1002:1002:test,,,:/home/test:/bin/bash didi:abc123:1003:1003::/home/didi:/usr/bin/rssh 2 passwords cracked, 1 left
Above output clearly indicates that user test has 123456 and didi has abc123 password.
- Linux check passwords against a dictionary attack
- John the ripper examples text file for more information.
- John the ripper project home page.
- See john and unshadow command man pages.
- John the ripper examples text file
- John configuration file /etc/john/john.conf
- Rainbow table - Rainbow Cracking uses differs from brute force crackers in that it uses large pre-computed tables called rainbow tables to reduce the length of time needed to crack a password drastically. See Ophcrack Live CD.
- 30 Cool Open Source Software I Discovered in 2013
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop