Welcome to my site. Please CLICK HERE to give your opinions regarding this new look of "PCTipsbyAnu". Thanks for visiting.

Friday, December 17, 2010

Browse » Home » , , , , , , » How to crack Linux password (short n easy way)?

How to crack Linux password (short n easy way)?

Friday, December 17, 2010 Anu


Q. Can you tell me more about unshadow and john command line tools? How does it protect my server from crackers?

 <This question is asked from [inspiredhacker@gmail.com], so here is the way to that>

A. Both unshadow and johndistributed with - John the Ripper security software or fast passwordcracker software. It is free and Open Source software. It runs onWindows, UNIX and Linux operating system. Use this tool to find out weak users passwords on your own server.
Linux Password Cracking with John The Ripper Tool

John cracking modes

John can work in the following modes:
 
[a] Wordlist: John will simply use a file with a list of words that will be checkedagainst the passwords. See RULES for the format of wordlist files.

[b] Single crack : In this mode, john will try to crack the password using the login/GECOS information as passwords.

[c] Incremental : This is the most powerful mode.John will try any character combination to resolve the password.Details about these modes can be found in the MODES file in john’sdocumentation, including how to define your own cracking methods.

Install John the Ripper Password Cracking Tool

John the ripper is not installed by default. If you are using Debian / Ubuntu Linux, enter:
$ sudo apt-get install john
Note: RHEL, CentOS, Fedora, Redhat Linux user can grab john the ripper here. Once downloaded use rpm command:
# rpm -ivh john*

How do I use John the ripper to check weak passwords / crack passwords?

First use the unshadow command to combines the /etc/passwd and /etc/shadowfiles so John can use them. You might need this since if you only usedyour shadow file, the GECOS information wouldn’t be used by the "singlecrack" mode, and also you wouldn’t be able to use the -shells option.On a normal system you’ll need to run unshadow as root to be able toread the shadow file. So login as root or use old good sudo / sucommand under Debian / Ubuntu Linux:
$ sudo /usr/sbin/unshadow /etc/passwd /etc/shadow > /tmp/crack.password.db
RHEL / CentOS / Fedora Linux user type the following command:
# /usr/bin/unshadow /etc/passwd /etc/shadow > /tmp/crack.password.db
To check weak password (crack password), enter the following command:
 
WARNING! These examples uses brute-force ~ CPU-time consuming password cracking techniques.

To use John, you just need to supply it a password file createdusing unshadow command along with desired options. If no mode isspecified, john will try "single" first, then "wordlist" and finally"incremental" password cracking methods.
$ john /tmp/crack.password.db
Output:
john  /tmp/crack.password.db
Loaded 1 password (FreeBSD MD5 [32/32])
This procedure will take its own time. To see the cracked passwords, enter:

$ john -show /tmp/crack.password.db 
test:123456:1002:1002:test,,,:/home/test:/bin/bash
didi:abc123:1003:1003::/home/didi:/usr/bin/rssh

2 passwords cracked, 1 left
Above output clearly indicates - user test has 123456 and didi has abc123 password.
Posted in , , , , , ,
You can leave a response, or trackback from your own site.

About 'Anu': My name is 'Anu' also Known as 'ANU 007 TIGER' .I'm administrator of 'PC Tips by Anu' blog .This blog was opened for sharing contents about hacking n cracking.
Thanks YAHOO OR GMAIL

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
Back to Top