John uses character frequency tables to try plaintexts containing more frequently used characters first. In this type of attack, the program goes through all the possible plain texts, hashing each one and then comparing it to the input hash. Many of these alterations are also used in John’s single attack mode, which modifies an associated plaintext (such as a username with an encrypted password) and checks the variations against the hashes.
It can also perform a variety of alterations to the dictionary words and try these. It takes text string samples (usually from a file, called a wordlist, containing words found in a dictionary or real passwords cracked before), encrypting it in the same format as the password being examined (including both the encryption algorithm and key), and comparing the output to the encrypted string. One of the modes John can use is the dictionary attack. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL, and others. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix versions (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. It is one of the most popular password testing and breaking programs as it combines a number of password crackers into one package, auto detects password hash types, and includes a customizable cracker. Supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version. Besides several crypt(3) password hash types most commonly found on various Unix systems. Its primary purpose is to detect weak Unix passwords.
Initially developed for the Unix operating system, it now runs on fifteen different platforms (eleven of which are architecture-specific versions of Unix, DOS, Win32, BeOS, and OpenVMS). John the Ripper is a free and fast password cracking software tool. It has free as well as paid password lists available. Can crack many different types of hashes including MD5, SHA etc. John the Ripper is the good old password cracker that uses wordlists/dictionary to crack a given hash. John the Ripper – Cracking passwords and hashes 282,037 views John the Ripper password cracker
0 kommentar(er)
