john the ripper [Archive] - SpeedGuide.net Broadband Community
PDA

View Full Version : john the ripper

Randell_D
02-12-08, 10:55 AM
Anyone familiar with john the ripper?

I'm working on a project to migrate a large number of users - some of
the users are fake (automated scanning machines or terminals, or
applications). At the risk of sounding like Dumb Rumsfield, there are
lots of unknowns - and alot of unknown passwords.

john has managed to give me some passwords to some users but its
taking weeks. I managed to get a list of users that have accessed the
system during the past four months and used this list to create a new
slimer password file. I added four already cracked users into this
'new' password file that had simple passwords (these users had
passwords that were the same as the login names). I did this so as I
could ensure john was working.

A week later I found none of the users in this new shorter password
file has been cracked - not even the users who have passwords equal to
their login names. I'm using a dual core amd processor with 2gbyte of
memory so I would expect better results.

The lack of progress is leading me to believe if I'm wondering if I
have somehow got john mis-configured.

Does the sequence of the user entries in /etc/passwd have anything to
do with the salt used in creating a password file?

Thus - the order of my password file has changed (because it now only
includes users that I consider inscope of my project and excludes
users who have shown no activity during the past four months).

I'm wondering if the loss of the other records has some how upset the
overall picture leading john to sit there looking pretty for weeks and
weeks to come.

Any comments? The source password file comes from Compaq TRU64 Unix
which is not the same format as my target system...
Randell_D
02-12-08, 11:01 AM
I should add, I am using a huge wordlist that is not standard with the
installation.
Ansgar -59cobalt- Wiechers
02-12-08, 12:05 PM
Randell_D <fiprojects.com@gmail.com> wrote:
> Anyone familiar with john the ripper?

A little.

> I'm working on a project to migrate a large number of users - some of
> the users are fake (automated scanning machines or terminals, or
> applications). At the risk of sounding like Dumb Rumsfield, there are
> lots of unknowns - and alot of unknown passwords.

Well, being unknown to anyone but the owner is kind of the purpose of
passwords, don't you think?

> john has managed to give me some passwords to some users but its
> taking weeks. I managed to get a list of users that have accessed the
> system during the past four months and used this list to create a new
> slimer password file. I added four already cracked users into this
> 'new' password file that had simple passwords (these users had
> passwords that were the same as the login names). I did this so as I
> could ensure john was working.

John cracked some passwords, so apparently the program is working.
Apparently some of your users just chose strong passwords instead of
weak ones.

What's your problem anyway? If you're root you can reset any password
you like (and/or disable the respective account). There's exactly no
need to crack them.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
Randell_D
02-28-08, 05:48 AM
> What's your problem anyway? If you're root you can reset any password
> you like (and/or disable the respective account). There's exactly no
> need to crack them.

- the project relates to moving users from TRU64 Unix to RHE Linux
- the password hashing on TRU64 is not-compatable with Linux
- Changing passwords is the non-prefered option due to several
automatic dependancies (like barcode scan guns which log into the
application using unix level security would have to be changed). And
the scan guns are so old that nobody knows the passwords that would
allow us to manually set them to their source values.

I discovered a large number of users have not used the system in a
long time hence I made the password file shorter - since making it
shorter I'm wondering if this has somehow broken the password file I
need to crack.

Somehow I think I'll end up running around with a manual and
reconfiguring scanner guns in March 8( as John still has not made any
progress since I made the password file shorter some weeks ago.
Default User
02-28-08, 11:43 AM
On Thu, 28 Feb 2008 02:48:53 -0800 (PST), Randell_D
<fiprojects.com@gmail.com> wrote:

>John still has not made any
>progress since I made the password file shorter some weeks ago.

You could always use SAMInside with prebuilt RainbowCrack tables.
Todd H.
02-28-08, 01:21 PM
Default User <default@user1.invalid> writes:

> On Thu, 28 Feb 2008 02:48:53 -0800 (PST), Randell_D
> <fiprojects.com@gmail.com> wrote:
>
>>John still has not made any
>>progress since I made the password file shorter some weeks ago.
>
> You could always use SAMInside with prebuilt RainbowCrack tables.

Not on salted UNIX password hashes, you can't. At least not without
building them and to compute for all possible salts the tables are
going to ginormous, drawfing anything for the LM rainbow tables.

Best Regards,
--
Todd H.
http://www.toddh.net/