John the Ripper
John package description
John the Ripper both rich functionality and run fast. It combines several cracking modes in one program, and can be fully configured (you can even use the built-in compiler supports a subset of C to design a custom hack mode) according to your specific needs. In addition, John can use several different platforms, allowing you to use the same anywhere crack method (you can even continue to crack session has started on another platform).
Reform is, John support (and automatically detects) the following Unix crypt (3) hash type: DES-based conventional type, "bigcrypt", based on DES extended BSDI, FreeBSD MD5-based (also for Linux and Cisco IOS) and the Blowfish based on OpenBSD (now also in use on some Linux distributions and is subject to the latest version of Solaris support), in addition, innovation support Kerberos / AFS and Windows LM (based DES) hash, and based on DES hopping code.
When running on a Linux distribution has glibc 2.7+ time, with optional OpenMP parallelization (requires GCC 4.2+, need to be explicitly enabled by removing the comment Makefile near the right OMPFLAGS line at compile time), John 1.7. 6+ supports (and automatic detection) SHA-crypt hash value (actually used by the latest version of Fedora and Ubuntu).
Also, when running on the latest version of Solaris, John 1.7.6+ supports and automatically detects and SunMD5 hash SHA-crypt, and can also use the optional OpenMP parallelization (requires GCC 4.2+ or the nearest Sun Studio, We need to remove the comment near the beginning of Makefile by corresponding OMPFLAGS line at compile time and run-time environment variable to the OMP_NUM_THREADS way the number of threads needed to be explicitly enabled).
John Ripper Pro increases (based on MD4) and Mac OS X 10.4+ salted SHA-1 hash of support for Windows NTLM.
"Community enhancement" -jumbo version adds many more types of password hashing support, including Windows NTLM (based on MD4), Mac OS X 10.4-10.6 salted SHA-1 hash, Mac OS X 10.7 salted SHA-512 hash, original MD5 and SHA-1, MD5 based on any of the "Web application" password hash type and value of the SQL database server (MySQL, MS SQL, Oracle) and certain LDAP server, use the OpenVMS several types of hashes, password hash Eggdrop IRC bot, and many other types of hash, such as OpenSSH and private, S / Key skeykeys file, Kerberos TGT, PDF files, ZIP (classic PKZIP and WinZip / AES) and many non-RAR archives like hash.
The old cracking tools different, John does not usually use the crypt (3) routine style. Instead, it has its own highly optimized modules for different types of hash and processor architecture. Some algorithms used, such as bitmaps DES, can not be achieved in the crypt (3) API in; they need a more powerful interface, such as John used interface. In addition, there are several processor architecture of the assembly language program, the most important thing is x86-64 and x86 with SSE2.
Source: http: //www.openwall.com/john/doc/
John the Ripper Home | Kali John the Ripper warehouse
- Author: Solar Designer
- License: GPLv2
John tool included in the package
mailer - to the password being compromised users to send e-mail
root@kali:~# mailer
Usage: /usr/sbin/mailer PASSWORD-FILEjohn - John the Ripper password cracker
root@kali:~# john
John the Ripper password cracker, ver: 1.7.9-jumbo-7_omp [linux-x86-sse2]
Copyright (c) 1996-2012 by Solar Designer and others
Homepage: http://www.openwall.com/john/
Usage: john [OPTIONS] [PASSWORD-FILES]
--config=FILE use FILE instead of john.conf or john.ini
--single[=SECTION] "single crack" mode
--wordlist[=FILE] --stdin wordlist mode, read words from FILE or stdin
--pipe like --stdin, but bulk reads, and allows rules
--loopback[=FILE] like --wordlist, but fetch words from a .pot file
--dupe-suppression suppress all dupes in wordlist (and force preload)
--encoding=NAME input data is non-ascii (eg. UTF-8, ISO-8859-1).
For a full list of NAME use --list=encodings
--rules[=SECTION] enable word mangling rules for wordlist modes
--incremental[=MODE] "incremental" mode [using section MODE]
--markov[=OPTIONS] "Markov" mode (see doc/MARKOV)
--external=MODE external mode or word filter
--stdout[=LENGTH] just output candidate passwords [cut at LENGTH]
--restore[=NAME] restore an interrupted session [called NAME]
--session=NAME give a new session the NAME
--status[=NAME] print status of a session [called NAME]
--make-charset=FILE make a charset file. It will be overwritten
--show[=LEFT] show cracked passwords [if =LEFT, then uncracked]
--test[=TIME] run tests and benchmarks for TIME seconds each
--users=[-]LOGIN|UID[,..] [do not] load this (these) user(s) only
--groups=[-]GID[,..] load users [not] of this (these) group(s) only
--shells=[-]SHELL[,..] load users with[out] this (these) shell(s) only
--salts=[-]COUNT[:MAX] load salts with[out] COUNT [to MAX] hashes
--pot=NAME pot file to use
--format=NAME force hash type NAME: afs bf bfegg bsdi crc32 crypt
des django dmd5 dominosec dragonfly3-32 dragonfly3-64
dragonfly4-32 dragonfly4-64 drupal7 dummy dynamic_n
epi episerver gost hdaa hmac-md5 hmac-sha1
hmac-sha224 hmac-sha256 hmac-sha384 hmac-sha512
hmailserver ipb2 keepass keychain krb4 krb5 lm lotus5
md4-gen md5 md5ns mediawiki mscash mscash2 mschapv2
mskrb5 mssql mssql05 mysql mysql-sha1 nethalflm netlm
netlmv2 netntlm netntlmv2 nsldap nt nt2 odf office
oracle oracle11 osc pdf phpass phps pix-md5 pkzip po
pwsafe racf rar raw-md4 raw-md5 raw-md5u raw-sha
raw-sha1 raw-sha1-linkedin raw-sha1-ng raw-sha224
raw-sha256 raw-sha384 raw-sha512 salted-sha1 sapb
sapg sha1-gen sha256crypt sha512crypt sip ssh
sybasease trip vnc wbb3 wpapsk xsha xsha512 zip
--list=WHAT list capabilities, see --list=help or doc/OPTIONS
--save-memory=LEVEL enable memory saving, at LEVEL 1..3
--mem-file-size=SIZE size threshold for wordlist preload (default 5 MB)
--nolog disables creation and writing to john.log file
--crack-status emit a status line whenever a password is cracked
--max-run-time=N gracefully exit after this many seconds
--regen-lost-salts=N regenerate lost salts (see doc/OPTIONS)
--plugin=NAME[,..] load this (these) dynamic plugin(s)unafs - script user warning of weak passwords
root@kali:~# unafs
Usage: unafs DATABASE-FILE CELL-NAMEunshadow - combined passwd and shadow files
root@kali:~# unshadow
Usage: unshadow PASSWORD-FILE SHADOW-FILEunique - remove duplicates from a list of words
root@kali:~# unique
Usage: unique [-v] [-inp=fname] [-cut=len] [-mem=num] OUTPUT-FILE [-ex_file=FNAME2] [-ex_file_only=FNAME2]
reads from stdin 'normally', but can be overridden by optional -inp=
If -ex_file=XX is used, then data from file XX is also used to
unique the data, but nothing is ever written to XX. Thus, any data in
XX, will NOT output into OUTPUT-FILE (for making iterative dictionaries)
-ex_file_only=XX assumes the file is 'unique', and only checks against XX
-cut=len Will trim each input lines to 'len' bytes long, prior to running
the unique algorithm. The 'trimming' is done on any -ex_file[_only] file
-mem=num. A number that overrides the UNIQUE_HASH_LOG value from within
params.h. The default is 21. This can be raised, up to 25 (memory usage
doubles each number). If you go TOO large, unique will swap and thrash and
work VERY slow
-v is for 'verbose' mode, outputs line counts during the run
```
##unshadow 使用示例
结合提供的passwd*(passwd)*和shadow*(shadow)*(shadow)并将它们重定向到一个文件*(> unshadowed.txt)*:root@kali:~# unshadow passwd shadow > unshadowed.txt
##john 使用示例
使用一张单词列表*(-wordlist = /usr/share/john/password.lst)*,应用修改的规则*(-rules)*并尝试破解给定文件*(unshadowed.txt)*中的密码散列:root@kali:~# john --wordlist=/usr/share/john/password.lst --rules unshadowed.txt
Warning: detected hash type "sha512crypt", but the string is also recognized as "crypt"
Use the "--format=crypt" option to force loading these as that type instead
Loaded 1 password hash (sha512crypt [64/64])
toor (root)
guesses: 1 time: 0:00:00:07 DONE (Mon May 19 08:13:05 2014) c/s: 482 trying: 1701d - andrew
Use the "--show" option to display all of the cracked passwords reliably
##unique使用示例
使用详细模*(-v)*,读取密码列表*(-inp = allwords.txt)*,并只将唯一的单词保存到文件*(uniques.txt)*中:root@kali:~# unique -v -inp=allwords.txt uniques.txt
Total lines read 6089 Unique lines written 5083
```
@ (Label) Passwords
***