John the Ripper - A Password Cracker

John the Ripper

John the Ripper is an open source password cracking program that is designed to recover lost passwords. There are three versions of this software; a free version, a community-enhanced version, and an expensive pro version. The free and community-enhanced versions are distributed primarily in the source code form, but the pro version is distributed in the form of "native" packages for the target operating systems.

Pro version is the only version that has a proper GUI, the free and community-enhanced versions are  just command-line utilities. And, the pro version supports more hashes than the free versions.

John the Ripper(pro) supports the following password hash types:
  • Traditional DES-based Unix crypt(3) - most commercial Unix systems (Solaris, AIX, ...), Mac OS X 10.2, ancient Linux and *BSD
  • "bigcrypt" - HP-UX, Tru64 / Digital Unix / OSF/1
  • BSDI-style extended DES-based crypt(3) - BSD/OS, *BSD (non-default)
  • FreeBSD-style MD5-based crypt(3) - older Linux, FreeBSD, NetBSD, Cisco IOS, OpenBSD (non-default)
  • OpenBSD-style Blowfish-based crypt(3) - OpenBSD, some Linux, other *BSD and Solaris 10+ (non-default)
  • SHA-crypt (sha512crypt and sha256crypt) - newer Linux
  • These are supported when running on a Linux system with glibc 2.7+ (any recent system)
  • Kerberos AFS DES-based hashes
  • LM (LanMan) DES-based hashes - Windows NT/2000/XP/2003, Mac OS X 10.3
  • NTLM MD4-based hashes - Windows (all versions)
  • Mac OS X 10.4 - 10.6 salted SHA-1 hashes
  • Mac OS X 10.7 salted SHA-512 hashes (new in 1.8.0 Pro, currently available for Linux only)

This piece of software has the ability to auto-detect password hash types and crack various encrypted password formats including several crypt password hash types. John the Ripper supports two types of attacks, dictionary attack and the brute force attack. You probably know about theses attacks, if not, please refer the following pages.

If you want wordlists for the dictionary attacks. you can get that from the following locations for free.

No comments

Powered by Blogger.