HanSatan.com

>>	News
>>	Archive
>>	Admin

Few Words

>>	C-Force Basic Set-Up
>>	Triton Basic Set-Up
>>	Charon Set-Up
>>	Raptor Set-Up
>>	UNIX Commands
>>	How To Fight With Ads
>>	How To Fight With Spyware
>>	How To Host Images
>>	How To Shot Movie Caps
>>	JTR Guide
>>	Proxy Guide
>>	Wordlist Guide
>>	Popular Hosters

>>	Video Tutorials
>>	Tools
>>	Other
>>	Security Tools

>>	X360 Games
>>	X360 Games Burning Guide

>>	Links
>>	Tips
>>	Proxies Sources
>>	Your IP

e-mail
msn
icq		318197797
gg		4001739

#	52x4u.com
#	immortalxx.com
#	tonyvegas.stylwolny.pl
#	stalker.funday.pl
#	blog.jakub.kasprzycki.name
#	jpghosting.com
#	cozywebhost.com

If you would like to see your advertisement here contact me

JTR Guide

This guide is dedicated to everyone who wants to use a JTR efficiently.

JTR (John The Ripper) is console based tool for decrypting encrypted hashes. Most of exploiters, crackers uses it. For example lets say that we have exploited some server and we found a passfile with usernames and passwords, but passwords are encrypted so we need to decrypt them to use the passfile. This is most common way to use JTR but there is a much, much more of them, everything depends on a situation...

First of all we need to know what kind of hashes we can decrypt. In most of cases you will find a DES hashes, which are very popular and they are mostly used by Apache servers. But they are easy to decrypt at all and because of it admins decided to use new kind of encryption like MD5 or FreeBSD MD5 which are harder, especially FreeBSD (MD5 UNIX). JTR can also decrypt MySQL hashes and much, much more.

Now I will show you examples of hashes:

Traditional DES:

74fdHOjtNBF.E
97sQm9n6UGkD2
92qbloR/V3GXA
25DtqSYdCZRjo
25gFcXvbvktEY

MD5 (MD5-RAW)

b9eca2401158ce806e90a2eaf5cad8fe
e77e9f8f526e76637bec970dfa103bf5
3d4525dc5dba97a9f60c35a4ee999db7
082db0345d8f74efdbfc2458e11b4d5a
0f72e93b633e23b6722b0ff4d00d38c0

FreeBSD MD5 (MD5 UNIX)

$1$lzzm0gnM$4KDhrD1NSPEzE2OpJbg1R1
$1$$lvJDevNqUTbGUUJVpOEzQ1
$1$$UmN6FPcsJ5o6qbfOCXhuk0
$1$$SOey9L1GWRNQnbviSvC//1
$1$$XzEhKOAyFzQRqEy7f5Tgq0

As you can see FreeBSD ones looks the worst and they are hardly true to decrypt. But first of all we need to know how to run JTR and how to handle it's basic functions.

You can download JTR from official site http://www.openwall.com/john/

JTR is console based software as I said so you need to unpack it to some folder (I highly recommend to unpack it to C:\JTR. Now when it's unpacked we will be able to see a few files for example john-386.exe etc. We can easily rename john-386.exe to john.exe so it will be easier to handle it. Now we need to run a JTR, to do that go to Windows' command console (push Win+R) or go to Start > Run... then type cmd - console will appear then go to JTR's directory. When you are in JTR's directory type john or john-386.exe (it depends on file name) and basic instructions will appear:

Now we see readme for commands we can use. There is a few options for decrypting. On the beginning we will try to decrypt some DES hashes. You can download example DES passfile from here: http://rapidshare.com/files/34997657/DES_Hashes.txt

Ok first mode is Incremental but it is a waste of time at all because it takes forever to decrypt a passfile, anyway sometimes it is usefull if we have some harder hashes and we have a lot of time we can use it to do that simply use command:

john -incremental name_of_passfile.txt

For example:

john -incremental DES_Hashes.txt

Decrypting process will start:

At this step I can mention about couple things which will be usefull in next steps of this tutorial... First of all you can see how many passwords has been loaded this passfile contained 807 of them and 718 salts (salt = encrypted hash) after this another info is displayed a type of our passfile this one is standard DES one. Lower you can see guesses it's a number of decrypted hashes which are not in POT file yet (I will explain POT file later).

You can stop decrypting anytime you want you just need to push CTRL+C combination. To restore a last session you need to type command:

john -restore

Now I will show you much more efficient way to decrypt passfiles, we will try a dictionary (wordlist) mode. First of all we need a good dictionary file to create it I highly recommend to read Raptor Set-Up Tutorial http://hansatan.com/?d=raptorsetup (go to Making Single List step).

When dictionary (single list) is created put it in JTR's dictionary and call it for example single.txt.

To use a wordlist mode you need to use this command:

john -wordlist=your_single_list.txt name_of_passfile.txt

For example:

john -wordlist=single.txt DES_Hashes.txt

When decrypting process will start you can push arrow key on the keyboard and status will display. In wordlist mode you can see progress of decrypting:

Duration of this mode depends on your single list's size and on passfile's size. After some time some decrypted hashes should appear like this:

The word on the left is password and word in <> tags is username. As you can see 2 guesses appear which means 2 hashes have been succesfully decrypted. Now you can wait till the end of decrypting or just stop a process by pushing CTRL+C.

Now go to a JTR's directory and check a new file john.pot. POT file is place where all decrypted hashes are gathered so for example when you will try to decrypt same passfile next time and hashes will be already in POT they will not be shown as guesses and they will be shown after process end. Remember bigger POT file = faster decrypting = more free time for fun. For example my POT is about 130 MB's so 60-70% of passfiles are already in my POT so I do not even need to run JTR and wait till end of process.

Now I will show you how to save decrypted passfile. For example let say that you have already decrypted passfile and progress is 100%. Now you want to see how many hashes you have decrypted succesfully to do that type command:

john -show name_of_passfile.txt

For example:

john -show DES_Hashes.txt

It will let you to display all decrypted hashes in username:password format. But we want to export them directly to *.txt file so you need to type command:

john -show name_of_passfile.txt > name_of_decrypted_passfile.txt

For example:

john -show DES_Hashes.txt > DES_Hashes_Decrypted.txt

Now go to JTR's directory and check DES_Hashes_Decrypted.txt file it is formatted in DOS mode so you need to change it to standard mode for example use UltraEdit text editor. On the bottom of the file there will appear message like this:

356 password hashes cracked, 6253 left

Which means that 356 hashes have been succesfully decrypted but 6253 left. You need to remember that bigger single list file = greater chance to decrypt more hashes. Of course it is almost impossible to decrypt 100% of passfile but you can get result like 90-95% if you are using good single list and your POT is big enough.

Now if you want to crack other kinds of passfiles for example MD5 or FreeBSD ones you need to type commands like this:

john -format=md5-raw -incremental name_of_passfile.txt

or

john -format=md5-raw -wordlist=your_single_list.txt name_of_passfile.txt

For standard MD5 like this:

0f72e93b633e23b6722b0ff4d00d38c0

But if you have FreeBSD format simply type md5 instead of md5-raw.

To save decrypted MD5 hashes type:

john -format=md5-raw -show name_of_passfile.txt > name_of_decrypted_passfile.txt

For example:

john -format=md5-raw -show MD5_Hashes.txt > MD5_Hashes_Decrypted.txt

That is all but remember that decrypting is a long process and everything depends on quality of your POT, singe lists and also on your's CPU speed!

Back to top

< ! -- Place for Ads -- ! >