Lesson 12

Date: 6/25/2017
Linux Password Security
Linux System Administration


Cracking passwords with John the Ripper.
Exercise
  • On cryptvm, install John the Ripper:
    apt-get install john
    mkdir john
    cd john
    

    Copy the hash entries from /etc/shadow:
    tail -4 /etc/shadow > passwd.txt
    

  • Crack DES passwords (default):
    john passwd.txt        #this cracks password
    john --show passwd.txt #this shows  the cracked passwords
    
  • Crack MD5 passwords: v class="informalexample">
    john --format=md5crypt passwd.txt      #this cracks password
    john --show passwd.txt                 #this shows  the cracked passwords
    
    They should look as follows:
    mike1:mike1:17343:0:99999:7:::
    mike2:mike2:17343:0:99999:7:::
    
    2 password hashes cracked, 2 left
    

  • Note, John the Ripper can't handle advanced encryption algorithms, SHA-256 and SHA-512.


  • Take me to the Course Website