Apr 24, 2013

Crack /etc/shadow With jhon the ripper

16:52  , , ,  No comments
By zee eichel

in linux file / etc / shadow and files in / etc / passwd stores user names and passwords, this file must be in earnest protectionism because it is very dangerous. Attacker techniques using bruteforce the password can not be underestimated. But unfortunately jhon the ripper is consuming process ..

This tutorial is my test using backtrack, for fellow debian, ubuntu can install this tool by entering the command
Code:
#sudo : apt-get install john

or to the user's fedora, redhat, centos and his family could use the RPM command

Code:
# rpm -ivh john*


Code:root@eichel{/pentest/passwords/john}:cat /etc/shadowroot:$6$BhESRX11$iTqXZztmfTo.LNclTX4hswJ3p8biNcE2eitrqdVhgQzE/rCFZrGDTfWmwRVDDIYuudFSapjIQh4iXyJStAtJ.1:15265:0:99999:7:::daemon:x:15165:0:99999:7:::bin:x:15165:0:99999:7:::sys:x:15165:0:99999:7:::sync:x:15165:0:99999:7:::games:x:15165:0:99999:7:::man:x:15165:0:99999:7:::lp:x:15165:0:99999:7:::mail:x:15165:0:99999:7:::news:x:15165:0:99999:7:::uucp:x:15165:0:99999:7:::proxy:x:15165:0:99999:7:::www-data:x:15165:0:99999:7:::backup:x:15165:0:99999:7:::list:x:15165:0:99999:7:::irc:x:15165:0:99999:7:::gnats:x:15165:0:99999:7:::libuuid:x:15165:0:99999:7:::syslog:x:15165:0:99999:7:::sshd:x:15165:0:99999:7:::landscape:x:15165:0:99999:7:::messagebus:x:15165:0:99999:7:::nobody:x:15165:0:99999:7:::mysql:!:15165:0:99999:7:::avahi:*:15165:0:99999:7:::snort:*:15165:0:99999:7:::statd:*:15165:0:99999:7:::usbmux:*:15165:0:99999:7:::pulse:*:15165:0:99999:7:::rtkit:*:15165:0:99999:7:::festival:*:15165:0:99999:7:::postgres:!:15165:0:99999:7:::aip:$6$lYY48Mjj$WsSCHWyOOTG6ki6w0KJ2tjdinz./JlXX7.sH1PdcR0ueR6.77mJXWLLlCopQcWzx9AjvuBMGcgS3LpXvLJKSg/:15166:0:99999:7:::asuka:$6$O2ehdo9O$VtJQf4XZbELjiJjnIHBkbTmTW0rS0atdC/I7pmiqvwWrH8E/n5oDGlUTpdqjYuXzREornNmbvhd068xzaihYF/:15167:0:99999:7:::zee:$6$pmUM9Axr$HT/lELH50WogN.EM7ZiOnbeE7Y/FRdyq4l3vog1/wlAh3VKHr1G/EBXXbdxgE8Oncs5BPKtMe5x/9QR/733a4/:15167:0:99999:7:::haldaemon:*:15168:0:99999:7:::jetty:*:15173:0:99999:7:::snmp:*:15174:0:99999:7:::james0baster:$6$n4PXS.jA$OKNnEPcXVwbfMASKwemo.0syRPkXBcPD91z721q5RB1MEwlN5aaGqNA​Cb/H4o1mzg4Vri3uigntiMANmlU0CE.:15211:0:99999:7:::ares:$6$idRUgnLn$5jAR4cwBg3LzkAHOjbBpBk/TiHVzWhE0b5A.GBxCTWZRp43HMa05nLoXrDlXlDZC8oMWpKDywZkN3qAmT78zw.:15277:0:99999:7:​::clamav:!:15280:0:99999:7:::

hmm keluar angka-angka gk jelas yah ,.. hahah.. coba kita crack dengan tools yang telah terinclude di backtrack yaitu jhon the ripper
jhon the ripper memiliki 3 metode untuk melakukan serangan

[a] Wordlist : John will simply use a file with a list of words that will be checked against the passwords. See RULES for the format of wordlist files.
[b] Single crack : In this mode, john will try to crack the password using the login/GECOS information as passwords.
[c] Incremental : This is the most powerful mode. John will try any character combination to resolve the password. Details about these modes can be found in the MODES file in john’s documentation, including how to define your own cracking methods.


untuk mengakses nya
Code:
root@eichel{~}: cd /pentest/passwords/john/

ok many still use jhon the ripper .. but this example I will discuss about how to crack the file / etc / shadow and / etc / passwd where user and password are stored on a linux system

Code:
root@eichel{/pentest/passwords/john}:./unshadow /etc/passwd /etc/shadow > /tmp/crack.password.db

if the above option (3 methods) is not given then jhon the ripper will do the whole method ..

Code:
john /tmp/crack.password.db

Code:
root@eichel{/pentest/passwords/john}:john /tmp/crack.password.db
Loaded 3 password hashes with 3 different salts (generic crypt(3) [?/32])

Copyrighted From http://zeestuff.wordpress.com/

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)