Jump to content
Gonzalez

Patching John The Ripper (JTR) for raw md5

By Gonzalez, in Tutoriale in engleza

Recommended Posts

Gonzalez Newbie

Gonzalez

Posted
Posted
Patching John The Ripper (JTR) for raw md5 (raw md5 hashes like those you got from some sql-injections

John is the best known (and in my humble opinion the best cracker ever). How to obtain both the source code for john and the patch, see below.

First, JTR is *NOT* a GUI, JTR runs in a shell, therefore no time delays for slow GUI-components. JTR can be run from windows, with cygwin.

If you want to crack raw md5 (like the one's you could rip from sql-injections) with JTR you must patch the source code first, since raw md5 isn't supported as default. This is at a first glance maybe hard and/or impossible. That's why I decided to write a short tutorial on this subject.

This tutorial was tested on Linux with john version 1.7.2 but should work on any other system john can be built for (including windows with cygwin), with just some aspect to OS-dependent commands and characteristics.

1.)First download both source and patch.

2.)Unzip the tarball: tar -zxvf john-1.7.2.tar.gz

3.)Copy the john-1.6.39-rawmd5-pomd5-1.diff.gz /your/path/to/john-1.7.2/src/myJohnMd5Patch.diff

4.)Change dir to the src: cd /your/path/to/john/src

5.)Open the .diff with an editor of your choice, find and replace all 1.6.39 with 1.7.2 otherwise the diff would not apply to the source code.

6.)Now it's time to patch: patch < myJohnMd5Patch.diff

7.)Time to compile, type : make in the src-dir and you will get something like this: (I have truncated the output, only a few SYSTEM:s shows here)

In my case I would type: make clean linux-x86-any

--------------------------

To build John the Ripper, type:

make clean SYSTEM

where SYSTEM can be one of the following:

linux-x86-sse2 Linux, x86 with SSE2 (best)

linux-x86-mmx Linux, x86 with MMX

linux-x86-any Linux, x86

.

.

macosx-ppc32 Mac OS X, PowerPC 32-bit

macosx-ppc64 Mac OS X 10.4+, PowerPC 64-bit

macosx-x86-sse2 Mac OS X, x86 with SSE2

.

.

win32-cygwin-x86-sse2 Win32, Cygwin, x86 with SSE2 (best)

win32-cygwin-x86-mmx Win32, Cygwin, x86 with MMX

win32-cygwin-x86-any Win32, Cygwin, x86

.

.

generic Any other Unix-like system with gcc

-----------------------------------------------------------

8.) After the build, look in /your/path/to/john-1.7.2/run , and there you will find JTR, ready to rock!!!

9.) To test john on some real password hashes, make a file that contains the following hashes:

root:82663f314ed363be75d6efd9c9d7d6cd

peter:78a9a9a1ced32ee5e32b26b05a5565e8

admin:78ffa6ce96c5b837258212a580056fe2

john:7ed9453ae9a92c37ee7309f84a5dbd6b

lucky:eb6d7343c5634cbcd4020bd77e67a4ea

smith:7007ea8947c841a67fee07267fd3713d

carol:21232f297a57a5a743894a0e4a801fc3

tristan:9224abe81c87767664f0712060449d16

scott:6b34d70bee747e7d6341ff9f03b318ae

Save the file as HelloJohn.passwd

in your run-dir, type:

./john -i /your/path/to/HelloJohn.passwd

and you should see something like this:

Loaded 9 password hashes with no different salts (Raw MD5 [raw-md5])

So go and grab a cup of coffee and wait, some passwords may show up in a short time, others may never show up. You can tweak JTR with wordlists, charsets, and a lot more, but this tutorial don't cover that. You can read more in the documentation for JTR.

By hitting spacebar john print out current run-info

Some note about the hash format. It must be something like user:md5hash

If you got a huge file with a lot of other crap inside you might try gawk (availbe for windows and *nix)

gawk "{if (length($0)==32) print "1:"$0}" temp.txt > myJohnFile.passwd

The file should then look something like this:

1:82663f314ed363be75d6efd9c9d7d6cd

1:78a9a9a1ced32ee5e32b26b05a5565e8

1:78ffa6ce96c5b837258212a580056fe2

1:7ed9453ae9a92c37ee7309f84a5dbd6b

.

.

.

etc, etc, etc

Good luck and happy cracking!!

Ps. there is a Jumbo patch that includes a lot of patches, that may suite your needs better.

John can be found here: The'>http://www.openwall.com/john/

The raw md5 patch can be found here: The'>http://www.openwall.com/john/contrib/john-1.6.39-rawmd5-pomd5-1.diff.gz

The jumbo patch for 1.7 including many useful patches(requires OpenSSL 0.9.7+) can be found here:

Credit:'>http://www.openwall.com/john/contrib/john-1.7.2-all-2.diff.gz

Credit: ANARCH

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...