Basic JTR tutorial
Posted 23 June 2003 - 02:17 PM
Simple jtr tutorial by..... ComSec
program: john the ripper
download : http://www.openwall.com/john/
ok first using an old frontpage exploit just for this tutorial i searched google and was able to gather info and
found plenty of targets for this guide , i took some screenshots to show you some examples
inside the file i targeted i found the hashed password like this
so saved to list ready to crack , i called mine MD5pass for this lesson
this is what jtr will be cracking,
after you have several passwords to various sites you can begin jtr or just use a single hashed password ..its up to you
now there are many ways to crack the file using jtr am just going to use the basic
one i find the easiest but slowest to use...there are plenty of jtr guides around for more detail cracking modes
common modes are
john -si [passfile]
john -w:[wordlist] [passfile]
john -i [passfile]
there are other modes using digits,alpha,all...they all do the same thing... anyway on to basics
assuming you have john in C:\ directory just type
c:\john -i MD5pass.txt
after several minutes\hours you should have something like this with cracked passwords if you take a look at the image
after 21 minutes it had cracked 13 of the 36...not bad after 3hrs 24min 18 cracked...half done btw each password cracked is a website....so up to now 18 possible targets
to check progress hit any key
to stop the cracking hit Ctrl+c session aborted
to view your results type:
c:\john -show MD5pass.txt>result2.txt....this will save the file called result2.txt in the jtr root like this
you now have the password to gain access to the ftp,or whatever
to resume your cracking
will load the remaning uncracked passwords and resume attempts from were it left off
JTR Commands and Modes
**if you look in the doc folder that came with JTR it gives you details on how to use them**
hope you enjoyed the tutorial...remember if you do gain access to a site\server please inform the admin
i hold no resposibility for your actions
23 june 2003
dont come any easier than this...i think !
Posted 24 June 2003 - 07:21 AM
Hmm, it would seem that frontpage has more holes than Swiss Cheese. I searched for a relevant exploit on google and found one almost within minutes.
I then got the encrypted pwds and have just started cracking (the slow way)...
Whether i get results or not on this webpage, doesnt matter. But it does however show the blatently unsecure frontpage in action.
Hmm, are there any alternatives for it?
Heh, perhaps there should be a small list of popular safe progs.
EDIT: Cracking the frontpage pwds is pretty easy.. didnt take very long at all.
Posted 24 June 2003 - 12:32 PM
Posted 25 June 2003 - 03:54 AM
"guesses: 1 time: 0:00:00:50 100%"
Using the word "guesses". Does that mean the password is just a possibble hit, or does that just mean its one of the guesses from the word list?
Also, another thing, with a frontpage pwd, do i have to have to have the same version as the target site in order for it to work? Or are there any other prerequisites?
Thx for any answers.
Posted 25 June 2003 - 06:43 AM
more details on jtr
there are plenty of links detailing how to connect to fp servers below
take a look...use them as a reference guide to exploiting fp
Posted 25 June 2003 - 07:07 AM
I'll get down to some reading now...
Posted 25 June 2003 - 10:18 AM
jay how come you downloaded to floppy,why not to HD...curious
Posted 25 June 2003 - 11:11 AM
Posted 25 June 2003 - 11:25 AM
am not a linux guru...after several problems with my old box using slackware 8 before that had crappy turbolinux...i hated them both...i have got about 4 linux OS but still not go around to installing as a second OS after giving my son my old box for his games....i should do...but i find it still hard to get away from leeky windoze
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users