John The Ripper (JTR) is a tool useful to check the strenght of password policy, I've tried on SQL Server databases, Linux passwords, Oracle databases, Windows passwords, etc.
John it's included on some Linux distributions focused on security like Backtrack, Kali or you can get the source code and build it on your system from the official site http://www.openwall.com/john/
John it's included on some Linux distributions focused on security like Backtrack, Kali or you can get the source code and build it on your system from the official site http://www.openwall.com/john/
My favorite is the dictionary attack. It needs a wordlist file (dictionary) that combined with --rules option gives a plus trying many additional and known combinations, symbols, numbers, concatenations, etc. for every word in the wordlist.
Below there is an example on how work John on Backtrack Linux with a file with 3 hashes md5 (FreeBSD MD5 [32/32]). In my laptop it can test 6141 passwords per second (Depends on the hash type)
Below there is an example on how work John on Backtrack Linux with a file with 3 hashes md5 (FreeBSD MD5 [32/32]). In my laptop it can test 6141 passwords per second (Depends on the hash type)
Loaded 3 password hashes with 3 different salts (FreeBSD MD5 [32/32])
guesses: 0 time: 0:00:00:01 0.01% (ETA: Fri Oct 21 23:17:28 2011) c/s: 6141
guesses: 0 time: 0:00:00:10 0.10% (ETA: Fri Oct 21 23:17:28 2011) c/s: 6262 trying: almatriche
guesses: 0 time: 0:00:03:21 3.70% (ETA: Fri Oct 21 22:01:20 2011) c/s: 6100 trying: Asesoro
Below there is a simple explanation of the inputs for John used in the example:
- shadowmd5: Is a example file taken from the system itself (/etc/shadow), to make able John to read it, first it needs to use the program unshadow that mixes the /etc/passwd and /etc/shadowfiles like this:
unshadow /etc/passwd /etc/shadow > shadowmd5
- --wordlist: Is the file containing the candidate passwords, a sample of a 5 characters upper dictionary looks like:
MARIA
MONEY
MONES
MARLA
MARLY
MONIA
MONIE
- --rules: Is the option that tells John to take every word from the dictionary and mutate it to another words according to the rules existing in the John config file (/etc/john/john.conf) you can also edit the file and put your own rules, but I believe that the default rules are enough to check the password policy.
When you use the option --rules (same as --rules=Wordlist) John will try approximately 52 new passwords based on variations of the word, for the word "crack" John will mutate words like:
Cracks
cracked
cracking
Cracked
Cracking
crack5
crack!
2crack
John will put numbers 0-9, three symbols ?!. at the beginning and the end of the word, apply english grammar and uppercase and lowercase combinations to guess the password.
When you use the option --rules=NT John will try approximately 32 new passwords based on lowercase and uppercase variations in every character that's been used on the word, for the word "crack" John will mutate words like:
crack
CraCkCrACkCRaCkCRACkcracKcraCKcrAcK
CRACK
When you use the option --rules=Single John will try approximately 836 new passwords based on the same default variations from the --rules option without SECTION specified, but extended with more special characters and bigger numeric combinations, for the word "crack" John will mutate words like:
crack
ack
crackm
crack#
Crack's
@crack
Dr.crack
Crack99
crack1900
crack2019
When you use the option --rules=Extra John will try approximately 4288 new passwords based on lowercase and uppercase variations, combinations with two characters at the beginning and the end of the word and finally numbers from 000 to 999, for the word "crack" John will mutate words like:
crack
crackzk
crack000
Crack999
crackdd
crackzz
zcrackz
When you use the option --rules=Jumbo John will try approximately 5206 new passwords based on the --rules=Wordlist, --rules=NT, --rules=Single, --rules=Extra, this rule it's declared in the /etc/john/john.conf file: - #For Wordlist mode and very fast hashes
- [List.Rules:Jumbo]
- .include [List.Rules:Wordlist]
- .include [List.Rules:Single]
- .include [List.Rules:Extra]
- .include [List.Rules:NT]
There are some other rules that can replace 1, 2 o 3 characters at the same time, increasing exponentially the number of variations per word, below are the quantity of variations for the word "crack"
o1:3420 passwords
o2:220900 passwords
o3:103823000 passwords
i1:3420 passwords
i2:2030625 passwords
i3:857375000 passwords
i:2034045 passwords
o:224320 passwords
oi:2258365 passwords
For more examples and documentation visit the official site: http://www.openwall.com/john/doc/
