-------------------------------------- ------------------------------------ ---------------------------------- ------------------------------- How To Use John The Ripper An Introduction by, ÅçìÐMêì§TéR... ------------------------------- ---------------------------------- ------------------------------------ -------------------------------------- The Main reason for writing this text file, is simply because I'm tired of being told that john the ripper doesn't work by various newbies. John the ripper does work, it's just I guess no newbie has ever heard of a dos prompt well in this guide I hope to give you an understanding of how to use john the ripper only the very simple functions. I will also supply you with a batch file. What this does is it executes and launches john the ripper so you won't have to type anything, however I still recommend you practice using the commands in a dos windows, for the simple reason that you need to become familiar with flags, if you're expecting to ever hack, you will have to use a Unix compatible O/S, which therefore requires you to use flags. Well let's just get this thing started. OK first thing you need to do is get john the ripper, to do this go to http://www.yahoo.com and run a search for john the ripper, once found download the zip file and unzip it, if you don't know what a zipped file is, and/or how to unzip it you shouldn't be reading this. Place the files in a directory on your harddrive. Now that we've done that let's go to the start menu in windows 95, and click Run type in command.com, this will run a dos prompt. Now in the dos prompt go to the directory which you put all the john the ripper files in, if you forgot what dir. you put the files in then you need to stop doing drugs... And yet again if you don't know how to use dos then you shouldn't be reading this. Once in the john the ripper dir. in the dos prompt type in john this will give you all the flags for john the ripper (all the options). OK now let's say you downloaded my little dictionary file from my webpage http://www.vol.com/~ameister, which is named bigdic.txt once unzipped, and lets say you have an encrypted passwd file called crackme.txt. Ok to crack the password file you will need to type john -wordfile:bigdic.txt -list -beep c:\johnripdir\crackme.txt Now! Let's go over these commands so you actually know what they mean. john is the john the ripper program (duh). -wordfile: this is the option that you want to use a dictionary file to crack the passwd file the name after the -wordfile: is the name of the dictionary file you wish to use. The option -list simple tells the program to list all the words across your screen while cracking, I use this as an indicator to see how far I am in cracking the passwd file. The command -beep tells the program to beep everytime it cracks a users account. The c:\johnripdir\crackme.txt this is the patch to the passwd file you are cracking so replace the johnripdir with whatever dir. your passwd file is in and replace the crackme with whatever the name of the passwd file is. Let's say you have tried to crack your passwd file but you didn't get a result, well no problem may be the users choose some bitchass passwords such as like "hgy46". Well here's the reason many hacker I know and myself like john the ripper it has an option where it keeps trying combinations of numbers or letters at the passwd file continuously trying to crack it. You use it follow the instructions about going to the john dir. etc... This time however type in. john -incremental:all -list -beep c:\johnripdir\crackme.txt As you can see there is no dictionary file as explained above john the ripper doesn't need a dictionary file for this type of cracking, so here's what the commands do. some of the are not explained because I explained them above. -incremental:all this is the different combinations thing is was telling you about it tells john the ripper to start and don't stop, so when you use this cracking method you will have to manually close the program it will NOT stop on it's own. Well I hope this helped you get started on cracking with john the ripper, there are a bunch neater and way better things you can do with it for but these methods will give you an introduction to cracking with john the ripper. Please don't e-mail me requesting passwd files, you will not get them get off your lazy asses and read some other text files such as the ones found on my webpage and hack some sites yourselves. Oh yeah I have also noticed many newbies have problems identifying shadowed password files which CANNOT be cracked, and encrypted password file which can be cracked, so here's some you could try out your cracking techniques on these passwords listed below. A Shadowed passwd file: root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin: daemon:x:2:2:daemon:/sbin: adm:x:3:4:adm:/var/adm: lp:x:4:7:lp:/var/spool/lpd: sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail: news:x:9:13:news:/usr/lib/news: uucp:x:10:14:uucp:/var/spool/uucppublic: operator:x:11:0:operator:/root:/bin/bash games:x:12:100:games:/usr/games: man:x:13:15:man:/usr/man: postmaster:x:14:12:postmaster:/var/spool/mail:/bin/bash nobody:x:65535:100:nobody:/dev/null: ftp:x:404:1::/home/ftp:/bin/bash An encrypted password file (crackable) root:sUvnsmPurHKmM:0:0:Super-User:/:/bin/csh lp:dw885UenSTiOY:9:9:Print Spooler Owner:/var/spool/lp:/bin/sh EZsetup:sUvnsmPurHKmM:992:998:System demos:D9pAxEbj55O2s:993:997:Demonstration User:/usr/demos:/bin/csh OutOfBox:wgpBQ1fFlm2vo:995:997:Out of Box guest:kHaK0.xdVZ1II:998:998:Guest Account:/usr/people/guest:/bin/csh 4Dgifts:z8NtAvCSSKl8Y:999:998:4DgiftsAccount:/ Note I edited the above-encrypted file a bit because it had problems fitting it on the page. Well if you do have any problems running john the ripper please e-mail me ameister@vol.com just try to use your brain a bit before you e-mail me. Please visit my webpage at http://www.vol.com/~ameister I focus mostly on the correct teaching of newbies so you will for the most part find text files on my webpage, first thing to learn as a newbie is to READ! READ! READ!, second is real hacking...