Linux Password Cracking: Explain unshadow and john commands ( john the ripper tool )
Q. Can you tell me more about unshadow and john command line tools? How does it protect my server from crackers?
A. Both unshadow and john distributed with - John the Ripper security software or fast password cracker software. It is free and Open Source software. It runs on Windows, UNIX and Linux operating system. Use this tool to find out weak users passwords on your own server.
John cracking modes
John can work in the following modes:
[a] Wordlist : John will simply use a file with a list of words that will be checked against the passwords. See RULES for the format of wordlist files.
[b] Single crack : In this mode, john will try to crack the password using the login/GECOS information as passwords.
[c] Incremental : This is the most powerful mode. John will try any character combination to resolve the password. Details about these modes can be found in the MODES file in john’s documentation, including how to define your own cracking methods.
Install John the Ripper Password Cracking Tool
John the ripper is not installed by default. If you are using Debian / Ubuntu Linux, enter:
$ sudo apt-get install john
Note: RHEL, CentOS, Fedora, Redhat Linux user can grab john the ripper here. Once downloaded use rpm command:
# rpm -ivh john*
How do I use John the ripper to check weak passwords / crack passwords?
First use the unshadow command to combines the /etc/passwd and /etc/shadow files so John can use them. You might need this since if you only used your shadow file, the GECOS information wouldn’t be used by the "single crack" mode, and also you wouldn’t be able to use the -shells option. On a normal system you’ll need to run unshadow as root to be able to read the shadow file. So login as root or use old good sudo / su command under Debian / Ubuntu Linux:
$ sudo /usr/sbin/unshadow /etc/passwd /etc/shadow > /tmp/crack.password.db
RHEL / CentOS / Fedora Linux user type the following command:
# /usr/bin/unshadow /etc/passwd /etc/shadow > /tmp/crack.password.db
To check weak password (crack password), enter the following command:
WARNING! These examples uses brute-force ~ CPU-time consuming password cracking techniques.To use John, you just need to supply it a password file created using unshadow command along with desired options. If no mode is specified, john will try "single" first, then "wordlist" and finally "incremental" password cracking methods.
$ john /tmp/crack.password.db
Output:
john /tmp/crack.password.db Loaded 1 password (FreeBSD MD5 [32/32])
This procedure will take its own time. To see the cracked passwords, enter:
$ john -show /tmp/crack.password.db
test:123456:1002:1002:test,,,:/home/test:/bin/bash didi:abc123:1003:1003::/home/didi:/usr/bin/rssh 2 passwords cracked, 1 left
Above output clearly indicates - user test has 123456 and didi has abc123 password.
Related:
- Linux check passwords against a dictionary attack
- John the ripper examples text file for more information.
Further readings:
- John the ripper project home page
- Refer john and unshadow command man page
- John the ripper examples text file
- John configuration file /etc/john/john.conf
Rainbow table - Rainbow Cracking uses differs from brute force crackers in that it uses large pre-computed tables called rainbow tables to reduce the length of time needed to crack a password drastically. See Ophcrack Live CD.
Subscribe to our free e-mail newsletter or RSS feed to get all updates.
You can Email this page to a friend.
Related Linux / UNIX FAQ:
- Linux set or change user password how to
- Freebsd changing password
- What is my root password for MySQL?
- Change MySQL root password
- Configure rsh so that is does not prompt for a password
Discussion on This FAQ
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Please do not use the comment form to ask for help / question. Ask your question on the excellent Linux tech support forum. Thank you very much for stopping by our site!
Tags: active password cracking tool, centos password cracking, crack, cracker software, debian password cracking, fedora password cracking, how to hack password, john the ripper, john the ripper password, linux password cracking, linux password hack, linux password recovery, linux password security, linux password tool, password cracker for linux, password cracking tool, password details, passwords, rhel password cracking, security software, unix password cracking ~ Last updated on: January 11, 2008
January 12th, 2008 at 3:38 pm
It clearly shows that the more complex and non-dictionary words we use, the longer it takes for John to crack them.
Rules of thumb,
- never use the same password forever, change it on a periodic time.
- don’t use personal information as password or any partial of that
- mix numbers, punctuations. symbols if possible
- never share password to others
- never use root account for normal usage
- keep system up to date always
January 12th, 2008 at 3:44 pm
One more addition, give shell access only if required.
January 12th, 2008 at 5:40 pm
And one more- Disable unwanted features for users.
Like- SSH.
February 5th, 2008 at 4:37 am
its better to make /tmp/crack.password.db to /root/crack.password.db. isn’t it?