github/metasploit-framework
1
Fork 0
mirror of https://github.com/rapid7/metasploit-framework synced 2024-08-28 23:26:18 +02:00
Code Releases Activity

Changes to support framework as a gem

Browse Source
This commit is contained in:
Chris Doughty 2015-12-30 11:00:45 -06:00
parent 47f9880690
commit 8090bbc750
239 changed files with 11 additions and 140855 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.travis.yml
View File

@ -1,7 +1,7 @@
bundler_args: --without coverage development pcap
cache: bundler
env:
- RAKE_TASKS="cucumber cucumber:boot"
- RAKE_TASKS="cucumber cucumber:boot" CREATE_BINSTUBS=true
- RAKE_TASKS=spec SPEC_OPTS="--tag content"
- RAKE_TASKS=spec SPEC_OPTS="--tag ~content"

137
data/john/README
View File

@ -1,137 +0,0 @@
John the Ripper password cracker.
John the Ripper is a fast password cracker, currently available for
many flavors of Unix (11 are officially supported, not counting
different architectures), DOS, Win32, BeOS, and OpenVMS (the latter
requires a contributed patch). Its primary purpose is to detect weak
Unix passwords. Besides several crypt(3) password hash types most
commonly found on various Unix flavors, supported out of the box are
Kerberos/AFS and Windows LM hashes, plus many more with contributed
patches.
How to install.
See INSTALL for information on installing John on your system.
How to use.
To run John, you need to supply it with some password files and
optionally specify a cracking mode, like this, using the default order
of modes and assuming that "passwd" is a copy of your password file:
john passwd
or, to restrict it to the wordlist mode only, but permitting the use
of word mangling rules:
john --wordlist=password.lst --rules passwd
Cracked passwords will be printed to the terminal and saved in the
file called $JOHN/john.pot (in the documentation and in the
configuration file for John, "$JOHN" refers to John's "home
directory"; which directory it really is depends on how you installed
John). The $JOHN/john.pot file is also used to not load password
hashes that you already cracked when you run John the next time.
To retrieve the cracked passwords, run:
john --show passwd
While cracking, you can press any key for status, or Ctrl-C to abort
the session saving its state to a file ($JOHN/john.rec by default).
If you press Ctrl-C for a second time before John had a chance to
handle your first Ctrl-C, John will abort immediately without saving.
By default, the state is also saved every 10 minutes to permit for
recovery in case of a crash.
To continue an interrupted session, run:
john --restore
These are just the most essential things you can do with John. For
a complete list of command line options and for more complicated usage
examples you should refer to OPTIONS and EXAMPLES, respectively.
Please note that "binary" (pre-compiled) distributions of John may
include alternate executables instead of just "john". You may need to
choose the executable which fits your system best, e.g. "john-mmx" to
take advantage of MMX acceleration.
Features and performance.
John the Ripper is designed to be both feature-rich and fast. It
combines several cracking modes in one program and is fully
configurable for your particular needs (you can even define a custom
cracking mode using the built-in compiler supporting a subset of C).
Also, John is available for several different platforms which enables
you to use the same cracker everywhere (you can even continue a
cracking session which you started on another platform).
Out of the box, John supports (and autodetects) the following Unix
crypt(3) hash types: traditional DES-based, "bigcrypt", BSDI extended
DES-based, FreeBSD MD5-based (also used on Linux and in Cisco IOS), and
OpenBSD Blowfish-based (now also used on some Linux distributions and
supported by recent versions of Solaris). Also supported out of the box
are Kerberos/AFS and Windows LM (DES-based) hashes.
When running on Linux distributions with glibc 2.7+, John 1.7.6+
additionally supports (and autodetects) SHA-crypt hashes (which are
actually used by recent versions of Fedora and Ubuntu), with optional
OpenMP parallelization (requires GCC 4.2+, needs to be explicitly
enabled at compile-time by uncommenting the proper OMPFLAGS line near
the beginning of the Makefile).
Similarly, when running on recent versions of Solaris, John 1.7.6+
supports and autodetects SHA-crypt and SunMD5 hashes, also with
optional OpenMP parallelization (requires GCC 4.2+ or recent Sun Studio,
needs to be explicitly enabled at compile-time by uncommenting the
proper OMPFLAGS line near the beginning of the Makefile and at runtime
by setting the OMP_NUM_THREADS environment variable to the desired
number of threads).
John the Ripper Pro adds support for Windows NTLM (MD4-based) and Mac
OS X 10.4+ salted SHA-1 hashes.
Contributed patches, combined into the "jumbo patch", add support for
many more password hash types, including Windows NTLM (MD4-based)
and Mac OS X 10.4+ salted SHA-1 hashes, raw MD5 and SHA-1, arbitrary
MD5-based "web application" password hash types, hashes used by SQL
database servers (MySQL, MS SQL, Oracle) and by some LDAP servers,
several hash types used on OpenVMS, password hashes of the Eggdrop IRC
bot, and many others, as well as S/Key skeykeys files and Kerberos TGTs.
Unlike other crackers, John normally does not use a crypt(3)-style
routine. Instead, it has its own highly optimized modules for different
hash types and processor architectures. Some of the algorithms used,
such as bitslice DES, couldn't have been implemented within the crypt(3)
API; they require a more powerful interface such as the one used in
John. Additionally, there are assembly language routines for several
processor architectures, most importantly for x86-64 and x86 with SSE2.
Documentation.
The rest of documentation is located in separate files, listed here in
the recommended order of reading:
* INSTALL - installation instructions
* OPTIONS - command line options and additional utilities
* MODES - cracking modes: what they are
* CONFIG (*) - how to customize
* RULES (*) - wordlist rules syntax
* EXTERNAL (*) - defining an external mode
* EXAMPLES - usage examples - strongly recommended
* FAQ - guess
* CHANGES (*) - history of changes
* CONTACT (*) - how to contact the author or otherwise obtain support
* CREDITS (*) - credits
* LICENSE - copyrights and licensing terms
(*) most users can safely skip these.
Happy reading!
$Owl: Owl/packages/john/john/doc/README,v 1.20 2011/04/27 18:02:49 solar Exp $

17
data/john/README-jumbo
View File

@ -1,17 +0,0 @@
The jumbo patch, which has been applied to this source tree of John the
Ripper, adds a lot of code, documentation, and data contributed by the
user community. This is not "official" John the Ripper code. It is
very easy for new code to be added to the jumbo patch: the quality
requirements are low. This means that you get a lot of functionality
that is not "mature" enough or is otherwise inappropriate for the
official JtR, which in turn also means that bugs in this code are to be
expected, etc.
If you have any comments on this release or on JtR in general, please
join the john-users mailing list and post in there.
Licensing info:
http://openwall.info/wiki/john/licensing
How to contribute more code:
http://openwall.info/wiki/how-to-make-patches

3
data/john/README.Rapid7.txt
View File

@ -1,3 +0,0 @@
This directory contains binaries and source code for John the Ripper v1.7.8 + Jumbo Patch 2
John the Ripper is provided under the GPLv2 license. The binaries in this directory were
built from the stock source code with no changes.

2022
data/john/confs/john.conf
View File

File diff suppressed because it is too large Load Diff

248
data/john/doc/CHANGES
View File

@ -1,248 +0,0 @@
The following changes have been made between John 1.7.7 and 1.7.8:
* The bitslice DES S-box expressions have been replaced with those generated
by Roman Rusakov specifically for John the Ripper. The corresponding assembly
code for x86 with MMX, SSE2, and for x86-64 with SSE2 has been re-generated.
For other CPUs and for AVX/XOP, C compilers do a reasonably good job of
generating the code from the supplied C source files (with intrinsics where
relevant). The S-box expressions that we were using before had a 21% larger
gate count, so theoretically this could provide a 21% speedup. In practice,
though, a 12% to 14% speedup at DES-based crypt(3) hashes is typical.
This effort has been sponsored by Rapid7: http://www.rapid7.com
* Corrected support for bcrypt (OpenBSD Blowfish) hashes of passwords
containing non-ASCII characters (that is, characters with the 8th bit set).
Added support for such hashes produced by crypt_blowfish up to 1.0.4, which
contained a sign extension bug (inherited from older versions of John).
The old buggy behavior may be enabled per-hash, using the "$2x$" prefix.
* The external mode virtual machine's performance has been improved through
additional multi-op instructions matching common instruction sequences
(assign-pop and some triple- and quad-push VM instructions were added).
* A few minor bug fixes and enhancements were made.
The following changes have been made between John 1.7.6.1 and 1.7.7:
* Added Intel AVX and AMD XOP instruction sets support for bitslice DES
(with C compiler intrinsics). New make targets: linux-x86-64-avx,
linux-x86-64-xop, linux-x86-avx, and linux-x86-xop (these require recent
versions of GCC and GNU binutils).
* A "dummy" "format" is now supported (plaintext passwords encoded in
hexadecimal and prefixed with "$dummy$") - for faster testing and tuning of
custom wordlists, rule sets, .chr files, and external modes on already known or
artificial passwords, as well as for testing of future and modified versions of
John itself.
* Apache "$apr1$" MD5-based password hashes are now supported along with the
FreeBSD-style MD5-based crypt(3) hashes that were supported previously. Hashes
of both of these types may be loaded for cracking simultaneously.
* The "--salts" option threshold is now applied before removal of previously
cracked hashes for consistent behavior with interrupted and continued sessions.
* The "Idle = Y" setting (which is the default) is now ignored for
OpenMP-enabled hash types when the actual number of threads is greater than 1.
(Unfortunately, it did not work right at least with GNU libgomp on Linux.)
* When a cracking session terminates or is interrupted, John will now warn the
user if the cracked passwords printed to the terminal while cracking are
potentially incomplete. It will advise the user to use the "--show" option to
see the complete set of cracked passwords with proper post-processing.
* When loading hashes specified on a line on their own (feature introduced in
1.7.6), the loader will now ignore leading and trailing whitespace.
* Unless a hash type is forced from the command line, the loader will now print
warnings about additional hash types seen in the input files (beyond the hash
type autodetected initially).
* For use primarily by the jumbo patch (and later by future enhancements to the
official versions as well), the loader now includes logic to warn the user of
ambiguous hash encodings (e.g. LM vs. NTLM vs. raw-MD5, all of which may be
represented as 32 hexadecimal characters) and of excessive partial hash
collisions, which it works around (these are typically caused by an incomplete
implementation of a new hash type).
* The "unique" and "unshadow" programs have been made significantly faster.
* "DateTime", "Repeats", "Subsets", "AtLeast1-Simple", "AtLeast1-Generic", and
"Policy" external mode samples have been added to the default john.conf.
* The self-tests have been enhanced to detect more kinds of program bugs.
* A few minor bug fixes and enhancements were made.
The following changes have been made between John 1.7.6 and 1.7.6.1:
* Corrected a logic error introduced in JtR 1.7.4.2: in "single crack" mode,
we need a salt's key buffer even when we have no words corresponding to that
salt's hashes to base candidate passwords on. We need this buffer to hold
other salts' successful guesses for testing against this salt's hashes.
The following changes have been made between John 1.7.5.1 and 1.7.6:
* Generic crypt(3) support (enabled with "--format=crypt") has been added for
auditing password hash types supported by the system but not yet supported by
John's own optimized cryptographic routines (such as SHA-crypt and SunMD5).
* Optional parallelization of the above has been implemented by means of OpenMP
along with glibc's crypt_r(3) or Solaris' MT-safe crypt(3C).
* Optional parallelization of John's own optimized code for the OpenBSD-style
Blowfish-based crypt(3) (bcrypt) hashes with OpenMP has been added.
* A more suitable version of 32-bit x86 assembly code for Blowfish is now
chosen on Core i7 and similar CPUs (when they happen to run a 32-bit build).
* More optimal DES S-box expressions for PowerPC with AltiVec (making use of
the conditional select operation) contributed by Dumplinger Boy (Dango-Chu)
have been integrated.
* The bitslice DES C source code has been reworked to allow for the use of
arbitrary SIMD intrinsics, which was previously only implemented for AltiVec
as a special case.
* Support for SSE2 and MMX intrinsics with bitslice DES (as an alternative to
the supplied assembly code) has been added (currently only enabled for SSE2 on
x86-64 when compiling with GCC 4.4+).
* Support for mixed-type longer virtual vectors (such as SSE2+MMX, SSE2+ALU,
AltiVec+ALU, and other combinations) with bitslice DES has been added (not
enabled by default yet, primarily intended for easy benchmarks on future CPUs,
with future compiler versions, with even more SIMD instruction sets, and with
different DES S-box expressions that might be available in the future).
* The obsolete 32-bit SPARC assembly implementation of DES has been dropped.
* The loader will now detect password hashes specified on a line on their own,
not only as part of an /etc/passwd or PWDUMP format file.
* When run in "--stdin" mode and reading candidate passwords from a terminal
(to be typed by the user), John will no longer mess with the terminal settings.
* John will now restore terminal settings not only on normal termination or
interrupt, but also when forcibly interrupted with two Ctrl-C keypresses.
The following changes have been made between John 1.7.5 and 1.7.5.1:
* A new numeric variable has been added to the word mangling rules engine:
"p" for position of the character last found with the "/" or "%" commands.
The following changes have been made between John 1.7.4.2 and 1.7.5:
* Support for the use of "--format" along with "--show" or "--make-charset" has
been added.
* The choice of .rec and .log filenames for custom session names has been made
more intuitive.
* Support for "\r" (character lists with repeats) and "\p0" (reference to the
immediately preceding character list/range) has been added to the word mangling
rules preprocessor.
* The undefined and undocumented behavior of some subtle word mangling rules
preprocessor constructs has been changed to arguably be more sensible.
* Some bugs were fixed, most notably JtR crashing on no password hashes loaded
(bug introduced in 1.7.4.2).
The following changes have been made between John 1.7.4 and 1.7.4.2:
* Major performance improvements for processing of very large password files
or sets of files, especially with salt-less or same-salt hashes, achieved
primarily through introduction of two additional hash table sizes (64K and 1M
entries), changes to the loader, and smarter processing of successful guesses
(to accommodate getting thousands of hashes successfully cracked per second).
* Many default buffer and hash table sizes have been increased and thresholds
for the use of hash tables lowered, meaning that John will now tend to use
more memory to achieve better speed (unless it is told not to with the
"--save-memory" option).
* Some previously missed common website passwords found on public lists of
"top N passwords" have been added to the bundled common passwords list.
* Some bugs introduced in 1.7.4 and affecting wordlist mode's elimination of
consecutive duplicate candidate passwords have been fixed.
The following changes have been made between John 1.7.3.4 and 1.7.4:
* Support for back-references and "parallel" ranges has been added to the
word mangling rules preprocessor.
* The notion of numeric variables (to be used for character positions
and substring lengths along with numeric constants supported previously)
has been introduced into the rules engine. Two pre-defined variables
("l" for initial or updated word's length and "m" for initial or
memorized word's last character position) and 11 user-defined variables
("a" through "k") have been added. Additionally, there's a new numeric
constant: "z" for "infinite" position or length.
* New rule commands have been added: "A" (append, insert, or prefix with a
string), "X" (extract a substring from memory and insert), "v" (subtract
and assign to a numeric variable).
* New rule reject flags have been added: ":" (no-op, for use along with the
"parallel" ranges feature of the preprocessor) and "p" (reject unless word
pair commands are allowed, for sharing of the same ruleset between "single
crack" and wordlist modes).
* Processing of word mangling rules has been made significantly faster in
multiple ways (caching of the current length, less copying of data, code
and data placement changes for better branch prediction and L1 cache usage,
compiler-friendly use of local variables, code micro-optimizations,
removal of no-op rule commands in an initial pass).
* The default rulesets for "single crack" and wordlist modes have been
revised to make use of the new features, for speed, to produce fewer
duplicates, and to attempt additional kinds of candidate passwords (such
as for years 2010 through 2019 with "year-based" rules).
* The idle priority emulation code has been optimized for lower overhead when
there appears to be no other demand for CPU time.
* The default for the Idle setting has been changed from N to Y.
The following changes have been made between John 1.7.3.1 and 1.7.3.4:
* "make check" has been implemented (for Unix-like systems only).
* The "--test" option will now take an optional argument - the duration of each
benchmark in seconds.
* Section .note.GNU-stack has been added to all assembly files to avoid the
stack area unnecessarily being made executable on Linux systems that use this
mechanism.
* Some very minor bugs that did not affect normal operation have been fixed.
* Some unimportant compiler warnings have been fixed, a source code comment has
been made more verbose and more complete.
The following changes have been made between John 1.7.3 and 1.7.3.1:
* Corrected the x86 assembly files for building on Mac OS X.
* Merged in some generic changes from JtR Pro.
The following changes have been made between John 1.7.2 and 1.7.3:
* Two Blowfish-based crypt(3) hashes may now be computed in parallel for much
better performance on modern multi-issue CPUs with a sufficient number of
registers (e.g., x86-64).
* Bitslice DES assembly code for x86-64 has been converted to use
instruction pointer relative addressing (needed for Mac OS X support).
* New make targets: macosx-universal, macosx-x86-64, solaris-x86-64-cc,
solaris-x86-64-gcc, solaris-x86-sse2-cc, solaris-x86-sse2-gcc,
solaris-x86-mmx-cc, solaris-x86-mmx-gcc, solaris-x86-any-cc, linux-ia64;
other changes to the Makefile.
* Minor bug fixes.
* "DumbForce" and "KnownForce" external mode samples have been added to the
default john.conf.
The following changes have been made between John 1.7.1 and 1.7.2:
* Bitslice DES assembly code for x86-64 making use of the 64-bit mode
extended SSE2 with 16 XMM registers has been added for better performance
at DES-based crypt(3) hashes with x86-64 builds on AMD processors.
* New make target for FreeBSD/x86-64.
The following changes have been made between John 1.7.0.2 and 1.7.1:
* Bitslice DES code for x86 with SSE2 has been added for better performance
at DES-based crypt(3) hashes on Pentium 4 and SSE2-capable AMD processors.
* Assorted high-level changes have been applied to improve performance
on current x86-64 processors.
* New make target for NetBSD/SPARC64.
* Minor source code cleanups.
The following changes have been made between John 1.7 and 1.7.0.2:
* Minor bug and portability fixes.
* Better handling of certain uncommon scenarios and improper uses of John.
* Bonus: "Keyboard" cracker included in the default john.conf (john.ini)
that will try sequences of adjacent keys on a keyboard as passwords.
The following changes have been made between John 1.6 and 1.7:
* Bitslice DES code for x86 with MMX: more than twice faster than older
non-bitslice MMX code.
* Bitsliced the LM hash code as well: now several times faster.
* Significant improvements to the generic bitslice DES code: +20% on RISC.
* PowerPC G4+ AltiVec support (Mac OS X and Linux): effective 128-bitness
for bitslice DES, resulting in huge speedups.
* First attempt at generic vectorization support for bitslice DES.
* Two MD5 hashes at a time for extra ILP on RISC: up to +80% on Alpha EV5+.
* Generic Blowfish x86 assembly code in addition to the original Pentium
version: +15% on the Pentium Pro family (up to and including Pentium III),
+20% on AMD K6 (Pentium 4 and newer AMD CPUs are more happy running the
original Pentium code for Blowfish).
* Verbose logging of events to the global or a session-specific log file.
* Better idle priority emulation with POSIX.1b (POSIX.4) scheduling calls.
* System-wide installation support for *BSD ports and Linux distributions.
* AIX, DU/Tru64 C2, HP-UX tcb files support in unshadow.
* New make targets for Linux/x86-64, Linux/PowerPC, FreeBSD/Alpha,
OpenBSD/x86-64, OpenBSD/Alpha, OpenBSD/SPARC, OpenBSD/SPARC64,
OpenBSD/PowerPC, OpenBSD/PA-RISC, OpenBSD/VAX, NetBSD/VAX, Solaris/SPARC64,
Mac OS X (PowerPC and x86), SCO, BeOS.
* Bug and portability fixes, and new bugs.
* Bonus: "Strip" cracker included in the default john.conf (john.ini).
$Owl: Owl/packages/john/john/doc/CHANGES,v 1.58 2011/06/22 13:39:46 solar Exp $

125
data/john/doc/CONFIG
View File

@ -1,125 +0,0 @@
Customizing John the Ripper.
John the Ripper's behavior can be customized by editing its
configuration file. The configuration file can be named either
john.conf (on Unix-like systems) or john.ini (on systems which have a
notion of filename "extensions" and limit them to 3 characters).
This file is searched for in private John's "home directory" and, if
not found in the private directory and John is installed system-wide,
also in John's system-wide shared data files directory.
You can set global options, define wordlist and "single crack" mode
rules, define parameters for "incremental" modes, or even define a new
external cracking mode.
The configuration file consists of several sections. Each section
starts with a line containing its name, in brackets ("[...]"). Sections
consist either of "variable = value" assignments (each on its own line)
or of some other content specific to the particular section's type
(names of such sections start with "List."). Section and variable names
are not case sensitive. Comment lines start with a hash character ("#")
or a semicolon (";") and are ignored. Also ignored are any empty lines.
General options.
Some global options can be defined in the [Options] section. Currently,
you can set the following options:
Wordlist = FILENAME
Set this to your wordlist file name, to be used in batch mode (which is
activated when you start John with password files, but not specifying a
cracking mode). The default is "$JOHN/password.lst", that is, the file
named "password.lst" in John's "home directory".
Idle = Y|N
If set to "Y" (yes), John will try to use idle processor cycles only,
thereby greatly reducing its impact on other system processes. The
impact on performance of John itself is negligible except on otherwise
overloaded systems. This setting does not affect John's startup time
and non-cracking invocations of John; it only affects the actual
cracking. The default is "Y" (yes).
Starting with version 1.7.7, this setting is ignored for OpenMP-enabled
hash types when the actual number of threads is greater than 1.
Unfortunately, it did not work right at least with GNU libgomp on Linux.
Save = SECONDS
This is the time interval (in seconds) between crash recovery file
updates. The default is 600 seconds (10 minutes).
Beep = Y|N
If set to "Y" (yes), John will beep when a password is found. On
Unix-like systems, it does this by sending the bell character (ASCII
code 7) to the "standard error" file descriptor (which is normally
directed to the terminal). The default is "N" (no).
Defining wordlist and "single crack" modes rules.
The word mangling rules for wordlist and "single crack" modes are
defined in separate sections, [List.Rules:Wordlist] and
[List.Rules:Single], respectively. John the Ripper uses an extension of
Crack's syntax for the rules. John supports all of the commands of
Crack 5.0a plus a few more and, most importantly, it adds a
preprocessor, which can generate multiple rules from a single source
line.
When defining rules, simply place one rule (which may include
preprocessor commands) per line. See RULES for information on the rules
syntax and on the preprocessor.
"Incremental" mode parameters.
To define the incremental mode parameters you need to create a section
called [Incremental:MODE], where MODE is any name that you assign to the
mode. There are some pre-defined incremental modes in the default
configuration file supplied with John, you can use them as templates.
The following parameters are supported:
File = FILENAME
Set this to your charset file name. See EXAMPLES for an example on how
to generate a custom charset file. There's no default.
MinLen = LENGTH
Minimum password length (the number of characters) to try. The default
is 0.
MaxLen = LENGTH
Maximum password length to try. The default is 8 (or CHARSET_LENGTH as
defined in src/params.h at compile time).
CharCount = COUNT
This allows you to limit the number of different characters (or rather,
character indices) used. The effect is that John would favor simple
longer candidate passwords over more complicated shorter ones, and would
never attempt rare characters and character combinations, not even for
really short passwords. Most of the time, this is undesired. Another
use for this option is to make John print a warning if the charset only
defines less than CharCount characters; this is how the pre-defined
"incremental" modes use it. The default is to use as many different
characters as are defined.
Extra = CHARACTERS
This can be used to make John try some extra characters that don't
appear in the charset file. Just list all those characters here and
they will be added, but considered the least probable.
Defining an external mode.
See EXTERNAL.
$Owl: Owl/packages/john/john/doc/CONFIG,v 1.5 2011/02/27 07:16:16 solar Exp $

28
data/john/doc/CONTACT
View File

@ -1,28 +0,0 @@
John the Ripper homepage is located at:
http://www.openwall.com/john/
There you will find instructions on joining the john-users mailing list.
You will also be able to browse archives of past discussions. Please
share your experience with using John the Ripper and ask questions
(preferably advanced ones) on the list. Be sure to specify an
informative message subject whenever you post to the list (that is,
something better than "question" or "problem") and mention the version
of John the Ripper, operating system, compiler, make target, etc. that
you're using (if applicable). If you need to provide a binary file,
place it on a private URL and post that, do not attach the file to your
message.
If you need to contact me privately, please e-mail me at the address
below, but most messages should really be directed to the list instead.
Please don't ask questions until you read the FAQ.
Commercial support for John the Ripper is available from Openwall:
http://www.openwall.com/services/
--
Solar Designer <solar at openwall.com>
$Owl: Owl/packages/john/john/doc/CONTACT,v 1.3 2006/01/02 05:00:42 solar Exp $

75
data/john/doc/CREDITS
View File

@ -1,75 +0,0 @@
John the Ripper credits.
John the Ripper has been developed and is maintained by Solar Designer.
I would like to thank the following people for their direct or indirect
help in making John what it is now:
* Matthew Kwan - for producing and letting everyone use his optimized
DES S-box expressions (previously found in nonstd.c and sboxes.c, now
replaced with Roman Rusakov's):
http://www.darkside.com.au/bitslice/
* Bruce Ford and Rémi Guyomarch - for producing and permitting the use
of their MMX implementation of Matthew Kwan's S-box expressions
(previously found in x86-mmx.S and x86-sse.S, with modifications, now
replaced with code based on Roman Rusakov's S-box expressions).
* Dumplinger Boy (Dango-Chu) - for producing and letting everyone use
his optimized DES S-box expressions making use of a vector conditional
select operation such as on PowerPC with AltiVec (previously found in
sboxes-s.c, now replaced with Roman Rusakov's):
http://dango.chu.jp/hiki/?Enhanced+Bitslice+DES
* Roman Rusakov - for the DES S-box expressions that current versions of
John the Ripper use, as well as for optimization hints during early
development of John the Ripper.
* Eli Biham - for the great "bitslice" paper:
http://www.cs.technion.ac.il/~biham/Reports/cs0891.ps.gz
* Lionel Cons - for making me add Kerberos AFS passwords support, for
reporting some bugs, and for many good suggestions.
* stran9er - for tracking down the section alignment problem with MMX in
the DOS and Win32 ports.
* Authors of the contributed patches ever listed on John the Ripper
homepage and/or placed into contrib/ directory on the FTP server - for
those patches which, while not included into the official John the
Ripper for various reasons, are nevertheless very helpful to many users.
* All the people who have developed freeware crypt(3) implementations -
for various tricks that I combined in my routines.
* Niels Provos and Poul-Henning Kamp - for original Blowfish-based and
MD5-based crypt(3), respectively, that my implementations are compatible
with.
* Alec Muffett - for the original wordlist rules syntax.
* The SOrCErEr - for proving the large charset tables are worth
implementing, and for introducing "-groups" in his cracker.
* Jackal - for the format of john.pot and parts of the user interface.
* Anton Ertl - for "Labels as Values" optimization that I use in
compiler.c:
http://www.complang.tuwien.ac.at/papers/ertl96diss.ps.gz
* The developers of Cygwin - for Cygwin (at the time called Cygnus
Developer's Kit) that I used for the Win32 port:
http://www.cygwin.com
* DJ Delorie - for DJGPP that I used for the DOS port:
http://www.delorie.com/djgpp/
* Charles W Sandmann - for CWSDPMI, the DPMI server used with DJGPP.
$Owl: Owl/packages/john/john/doc/CREDITS,v 1.15 2011/06/22 13:03:43 solar Exp $

33
data/john/doc/EPi.patch.README
View File

@ -1,33 +0,0 @@
= Intro
=======
EPiServer is a popular webbased content management system from Elektropost (http://www.episerver.com).
You can dump the password hashes using the SQL syntax "select name, salt, hash from tblSID". The tblSID
tabel stores interesting things such as usernames, salt and password hashes, but also passwords in cleartext.
If a password can be found in cleartext it is found in the password column of tblSID.
= Install
=========
Copy the epibf_X.Y-john_1.7.2.patch (where X and Y needs to be replaced with the version you downloaded)
to your john source directory, e.g. john-1.7.2/src and then run "patch -p2 < epibf_X.Y-john_1.7.2.patch" (remember the X and Y).
The patch will create a file called EPI_fmt.c, some files for SHA1 support as well as update some of johns
files in order to incorporate the patch with john.
= Usage
=======
This patch needs the format of the password file to be: <user>:<salt> <hash>. (Currently you need to include
an inital 0x of both salt and hash.)
--- Contents of an example epipasswd file ---
webadmin:0x6631F625DEC28716FC24FA3CC1B3E2055E4281F4465226905C10D3456035 0x4F25D9BD24B81D85B1F2D106037C71CD2C828168
epiuser:0x48F9BA13F54CE7AF669C76EEBC6BEA4564EBB77F1866CA5F2B297F7159C1 0xDA4260812C195025B4442C5C84E0F890122B285A
-------------- End --------------------------
You can then run "john epipasswd", the format will be autodetected.
In case you'd like to check the performance of the patch try "john --test --format:epi".
-johannes

409
data/john/doc/EXAMPLES
View File

@ -1,409 +0,0 @@
John the Ripper usage examples.
These examples are to give you some tips on what John's features can be
used for.
Command line.
1. First, you need to get a copy of your password file. If your system
uses shadow passwords, you may use John's "unshadow" utility to obtain
the traditional Unix password file, as root:
umask 077
unshadow /etc/passwd /etc/shadow > mypasswd
(You may need to replace the filenames as needed.)
Then make "mypasswd" available to your non-root user account that you
will run John under. No further commands will need to be run as root.
If your system is ancient enough that it keeps passwords right in the
world-readable /etc/passwd, simply make a copy of that file.
If you're going to be cracking Kerberos AFS passwords, use John's
"unafs" utility to obtain a passwd-like file.
Similarly, if you're going to be cracking Windows passwords, use any of
the many utilities that dump Windows password hashes (LM and/or NTLM) in
Jeremy Allison's PWDUMP output format. Some of these utilities may be
obtained here:
http://www.openwall.com/passwords/pwdump
2. Now, let's assume you've got a password file, "mypasswd", and want to
crack it. The simplest way is to let John use its default order of
cracking modes:
john mypasswd
This will try "single crack" mode first, then use a wordlist with rules,
and finally go for "incremental" mode. Please refer to MODES for more
information on these modes.
It is highly recommended that you obtain a larger wordlist than John's
default password.lst and edit the "Wordlist = ..." line in the
configuration file (see CONFIG) before running John. Some wordlists may
be obtained here:
http://www.openwall.com/wordlists/
Of those available in the collection at the URL above, all.lst
(downloadable as all.gz) and huge.lst (only available on the CD) are
good candidates for the "Wordlist = ..." setting.
3. If you've got some passwords cracked, they are stored in
$JOHN/john.pot. The john.pot file is not meant to be human-friendly.
You should be using John itself to display the contents of its "pot
file" in a convenient format:
john --show mypasswd
If the account list gets large and doesn't fit on the screen, you
should, of course, use your shell's output redirection.
You might notice that many accounts have a disabled shell. You can make
John skip those in the report. Assuming that the disabled shell is
called "/etc/expired", the command would be:
john --show --shells=-/etc/expired mypasswd
or shorter, but will also match "/any/path/expired":
john --show --shells=-expired mypasswd
or if you also want to ignore some other shell, say "/etc/newuser":
john --show --shells=-expired,newuser mypasswd
To check if any root (UID 0) accounts got cracked:
john --show --users=0 mypasswd
or to check for cracked root (UID 0) accounts in multiple files:
john --show --users=0 *passwd* *.pwd
To display the root (username "root") account only:
john --show --users=root mypasswd
And finally, to check for privileged groups:
john --show --groups=0,1 mypasswd
4. You might prefer to manage the cracking modes manually. It is wise
to start with "single crack" mode:
john --single mypasswd
or since the GNU-style double dashes are optional and since option
names can be abbreviated for as long as they remain unambiguous:
john -si mypasswd
You should not abbreviate options in scripts which you would want to
work with future versions of John since what is unambiguous now might
become ambiguous with the addition of more options.
If you have more files to crack, it is preferable to load them at the
same time:
john --single passwd1 passwd2
or even:
john --single *passwd* *.pwd
This way, John will run faster and might even crack more passwords than
it would if you ran it on each password file separately.
5. To catch weak passwords not derived from readily available users'
personal information, you should proceed with cracking modes demanding
more processor time. First, let's try a tiny wordlist with word
mangling rules enabled:
john --wordlist=password.lst --rules mypasswd
or abbreviating the options:
john -w=password.lst -ru mypasswd
Then proceed with a larger wordlist, also applying the mangling rules:
john --wordlist=all.lst --rules mypasswd
If you've got a lot of spare disk space to trade for performance and the
hash type of your password files is relatively slow, you may use John's
"unique" utility to eliminate any duplicate candidate passwords:
john --wordlist=all.lst --rules --stdout | unique mangled.lst
john --wordlist=mangled.lst mypasswd
If you know that your target hash type truncates passwords at a given
length, you may optimize this even further:
john --wordlist=all.lst --rules --stdout=8 | unique mangled8.lst
john --wordlist=mangled8.lst mypasswd
Alternatively, you may simply use huge.lst available on Openwall
wordlist collection CDs. It has word mangling rules pre-applied for the
most common languages and it has any duplicates purged.
Depending on target hash type, the number of different salts (if
applicable), the size of your wordlist, rules, and processor
performance, wordlist-based cracking may take anywhere from under a
second to many days.
You do not have to leave John running on a (pseudo-)terminal. If
running John on a Unix-like system, you can simply disconnect from the
server, close your xterm, etc. John will catch the SIGHUP ("hangup"
signal) and continue running. Alternatively, you may prefer to start it
in the background right away:
john --wordlist=all.lst --rules mypasswd &
Obviously, the "&" is specific to Unix shells and will not work on most
other platforms.
You may further enhance this by specifying a session name:
john --session=allrules --wordlist=all.lst --rules mypasswd &
This ensures that you won't accidentally interfere with the instance of
John running in the background if you proceed to start other sessions.
To view the status of a running session, use:
john --status
for the default session or:
john --status=allrules
for any other session. This works for both interrupted and running
sessions. To obtain the most up-to-date information from a running
session on a Unix-like system, send a SIGHUP to the appropriate "john"
process.
Any interrupted sessions may be continued with:
john --restore
or:
john --restore=allrules
Finally, to make John have less impact on other processes, you should
set the option "Idle = Y" in the configuration file (see CONFIG). The
default may vary depending on the version and build of JtR.
To only crack accounts with a "good" shell (in general, the shell, user,
and group filters described above work for all cracking modes as well):
john --wordlist=all.lst --rules --shells=sh,csh,tcsh,bash mypasswd
Like with all other cracking modes, it is faster to crack all the files
you need cracked simultaneously:
john --wordlist=all.lst --rules passwd1 passwd2
You can crack some passwords only. This will try cracking all root
(UID 0) accounts in all the password files:
john --wordlist=all.lst --rules --users=0 *passwd*
Alternatively, you may wish to not waste time cracking your very own
passwords, if you're sure they're uncrackable:
john --wordlist=all.lst --rules --users=-root,solar *passwd*
Sometimes it is useful to split your password hashes into two sets which
you crack separately, like:
john --wordlist=all.lst --rules --salts=2 *passwd*
john --wordlist=all.lst --rules --salts=-2 *passwd*
This will make John try salts used on two or more password hashes first
and then try the rest. Total cracking time will be almost the same, but
you will get some passwords cracked earlier, which is useful, for
example, for penetration testing and demonstrations to management.
Similarly, you may check all password hashes with a small wordlist, but
only those that you can check faster (with "--salts=2") with a larger
one. With large numbers of password hashes and/or with a highly
non-uniform distribution of salts, it may be appropriate to use a
threshold larger than 2 with "--salts" (sometimes even values as high as
1000 will do).
Note that the default wordlist rules include ":" (a no-op - try words as
they are in the list) on the first line. If you already ran through a
wordlist without using rules, and then decided to also try the same
wordlist with rules, you'd better comment this line out.
6. The most powerful cracking mode in John is called "incremental" (not a
proper name, but kept for historical reasons). You can simply run:
john --incremental mypasswd
or:
john -i mypasswd
This will use the default "incremental" mode parameters, which are
defined in the configuration file's section named either
[Incremental:All] (for most hash types) or [Incremental:LanMan] (for
Windows LM hashes). By default, the [Incremental:All] parameters are
set to use the full printable US-ASCII character set (95 characters) and
to try all possible password lengths from 0 to 8. [Incremental:LanMan]
is similar, except that it takes advantage of LM hashes being
case-insensitive and of their halves limited to 7 characters each.
Don't expect "incremental" mode sessions to terminate in a reasonable
time (unless all the passwords are weak and get cracked), read MODES for
an explanation of this.
In some cases it is faster to use some other pre-defined incremental mode
parameters and only crack simpler passwords, from a limited character
set. The following command will try 26 different characters only,
passwords from "a" to "zzzzzzzz" (in an optimal order):
john -i=alpha mypasswd
Of course, you can use most of the additional features demonstrated
above for wordlist mode with "incremental" mode as well. For example,
on a large-scale penetration test, you may have John crack only root
(UID 0) accounts in a set of password files:
john -i -u=0 *.pwd
7. If you've got a password file for which you already have a lot of
passwords cracked or obtained by other means, and the passwords are
unusual, then you may want to generate a new charset file, based on
character frequencies from that password file only:
john --make-charset=custom.chr mypasswd
Then use that new file with "incremental" mode.
If you've got many password files from a particular country,
organization, etc., it might be useful to use all of them for the
charset file that you then use to crack even more passwords from these
files or from some other password files from the same place:
john --make-charset=custom.chr passwd1 passwd2
[ Configure your custom "incremental" mode now. See below. ]
john -i=custom passwd3
You can use some pre-defined or custom word filters when generating the
charset file to have John consider some simpler passwords only:
john --make-charset=my_alpha.chr --external=filter_alpha mypasswd
If your "pot file" got large enough (or if you don't have any charset
files at all), you might want to use it to generate a new set of main
charset files:
john --make-charset=all.chr
john --make-charset=alnum.chr --external=filter_alnum
john --make-charset=alpha.chr --external=filter_alpha
john --make-charset=digits.chr --external=filter_digits
john --make-charset=lanman.chr --external=filter_lanman
In the example above, John will overwrite the charset files with new
ones that are based on your entire $JOHN/john.pot (John uses the entire
"pot file" if you don't specify any password files). Note that the word
filters used here are pre-defined in the configuration file supplied
with John, for your convenience.
8. Finally, you might want to e-mail all users with weak passwords to
tell them to change their passwords. (This is not always a good idea,
though, since lots of people do not check their e-mail or ignore such
messages, and the messages can be a hint for crackers.) Edit the
"mailer" script supplied with John: the message it sends and possibly
the mail command (especially if the password file is from a different
machine). Then run:
mailer mypasswd
Configuration file.
Please refer to CONFIG for general information on the configuration file
and its possible locations.
1. Let's assume that you notice that in some password file a lot of
users have their passwords set to login names with "?!" appended. Then
you just make a new "single crack" mode rule (see RULES for information
on the syntax) and place it somewhere near the beginning:
[List.Rules:Single]
$?$!
Hint: if you want to temporarily disable all of the default rules, you
can simply rename the section to something John doesn't use and define
a new one with the section's old name, but be sure to leave the "List."
prefix of the name intact to maintain correct configuration file syntax.
All the same applies to wordlist mode rules as well.
2. If you generate a custom charset file (described above) you will also
need to define a configuration file section with the "incremental" mode
parameters. In the simplest case it will be like this (where "Custom"
can be replaced with any name you like):
[Incremental:Custom]
File = custom.chr
This way, John will only use characters from passwords used to generate
the charset file only. To make John try some more characters, add:
Extra = !@#$%
These extra characters will then be added, but still considered the
least probable. If you want to make sure that, with your extra
characters, John will try all the 95 printable US-ASCII characters, you
can add:
CharCount = 95
This will make John print a warning if it only has fewer than 95
characters in its charset.
You can also use CharCount to limit the number of different characters
that John tries, even if the charset file has more:
CharCount = 20
If you didn't use any filters when generating the charset file, setting
CharCount this low will make John never attempt rare characters and
character combinations, not even for really short passwords, spending
the time on simple longer candidate passwords instead. However, the
default length switching is usually smart enough so that you shouldn't
need this trick.
To make John try passwords of certain lengths only, use the following
lines:
MinLen = 6
MaxLen = 8
Setting "MinLen" high, as in the example above, is reasonable if shorter
passwords weren't allowed to set on the machine you got the password file
from (however, note that root can usually set any password for any user
and there are often loopholes in operating systems' password policy
enforcement capabilities).
On the contrary, you may want to set "MaxLen" low if you think there are
a lot of short passwords.
3. Another example: a lot of users at some site use short duplicated
words as their passwords, such as "fredfred". As the number of such
potential passwords is fairly low, it makes sense to code a new external
cracking mode that tries them all, up to some length.
You can find the actual implementation of such a cracking mode with lots
of comments in the default configuration file supplied with John.
Please refer to EXTERNAL for information on the programming language
used.
$Owl: Owl/packages/john/john/doc/EXAMPLES,v 1.8 2009/12/25 16:59:31 solar Exp $

78
data/john/doc/EXTERNAL
View File

@ -1,78 +0,0 @@
Defining an external mode.
To define an external cracking mode you need to create a configuration
file section called [List.External:MODE], where MODE is any name that
you assign to the mode. The section should contain some functions
programmed in a subset of the C language. John will compile and use the
functions if you enable this cracking mode via the command line.
External functions.
The following functions are currently used by John:
init() called at startup, should initialize global variables
filter() called for each word to be tried, can filter some words out
generate() called to generate words, when no other cracking modes used
restore() called when restoring an interrupted session
All of them are of type "void", with no arguments, and should use the
global variable "word" (pre-defined as "int word[]"), except for init()
which is called before "word" is initialized. The variable "word"
contains the current candidate password to be tried, one character in
each array element, terminated with a zero.
The functions, if defined, should do the following with "word":
* filter() can modify the word, or zero out "word[0]" to skip it;
* generate() should set "word" to the next word to be tried, or zero out
"word[0]" when cracking is complete (this will cause John to terminate);
* restore() should set global variables to continue from the "word".
You can use an external mode on its own or with some other cracking
mode, in which case only init() and filter() will be used (and only
filter() will be required). Using an external filter is compatible with
all the other cracking modes and with the "--make-charset" command line
option.
It is recommended that you don't use filter() or at least don't filter
too many words out when using an external mode with your own generate().
It is better to modify generate() not to generate words that would get
filtered out.
The language.
As it has been mentioned above, the compiler supports a subset of C.
The supported keywords are: void, int, if, else, while, continue, break,
and return.
You can define functions to be called by John (the ones described
above), define global and local variables (including single dimensional
arrays), use all the integer operations supported in C, and use C and
C++ comments.
The following C features are missing from John's compiler:
* function calls (any functions defined as a part of an external mode
can only be called by John core, but not from within other external mode
functions);
* only "while" loops are supported;
* only "int" and "void" data types are supported;
* only single dimensional arrays are supported;
* structs/unions are not supported;
* pointers are not supported (array name refers to the first element);
* probably something else...
You can find some external mode examples in the default configuration
file supplied with John.
$Owl: Owl/packages/john/john/doc/EXTERNAL,v 1.2 2005/11/16 13:11:15 solar Exp $

234
data/john/doc/FAQ
View File

@ -1,234 +0,0 @@
John the Ripper FAQ.
The latest version of this FAQ may be viewed online at:
http://www.openwall.com/john/doc/FAQ.shtml
Help! I can't run John.
If you're not familiar with your OS, you should probably not be using
John in the first place since John is a tool for system administrators.
However, here are the answers to a few (not very) common questions to
avoid having them asked over and over and for amusement.
Q: When I type "john" (or "john passwd", etc.), it says "command not
found" (or equivalent)?!
A: The examples given in John the Ripper documentation assume that you
know how to invoke newly-built programs from your shell. On Unix-like
systems, it is typical to not have "." (the current directory) in your
$PATH (the list of directories to search for programs). In that case,
you need to type "./john" (dot, slash, and "john", without the quotes)
to invoke the John binary executable located in the current directory.
Q: ...but I am on a Unix-like system and I don't seem to readily have a
John binary executable.
A: Please follow the instructions in INSTALL.
Q: When I double-click on "john.exe", a window flashes and disappears?!
A: You're not supposed to click. You're supposed to run John from a
command-line shell. On Windows, some of those shells would be cmd.exe,
command.com, or bash (the latter is available with Cygwin).
Other trivial matters.
Q: How do I start John on my password file, use a specific cracking
mode, see the passwords it cracked, etc?
A: See README and EXAMPLES. :-)
Q: How do I "unshadow"?
A: See EXAMPLES on how to combine your passwd and shadow files, provided
that you have root access to the target system.
Q: Why doesn't John load my password file? It says "No password hashes
loaded", "No password hashes loaded (see FAQ)", or "No password hashes
left to crack (see FAQ)".
A: Your password file might be shadowed. You need to get both
/etc/passwd and the shadow file (typically /etc/shadow), and combine
them into one file for use with John. Please refer to EXAMPLES.
A: All of the password hashes found in the file (that are of the same
type as the very first recognized hash in the file unless you're using
the "--format=..." option) might be already cracked by previous
invocations of John. (The message printed in that case has been changed
to "No password hashes left to crack (see FAQ)" starting with version
1.7.7.) To display cracked passwords, use "john --show" on your
password hash file(s). To force John to crack those same hashes again,
remove the john.pot file.
A: With PWDUMP-format files, John focuses on LM rather than NTLM hashes
by default, and it might not load any hashes at all if there are no LM
hashes to crack. To have JtR Pro or a build of JtR with the jumbo patch
focus on NTLM hashes instead, you need to pass the "--format=nt" option.
A: The file you're trying to run John on might in fact not be a password
file at all.
A: Your command line syntax might be wrong, resulting in John trying to
load a wrong file.
A: Your password file format or hash type(s) might not be supported by
John, or at least by the version and build of John that you're using.
If you're positive that this is the case, you may want to check the
contributed resources list on John the Ripper homepage for a suitable
patch and, if unsuccessful with that, post a note to the mailing list
(see CONTACT) including a sample password file line that John does not
load (please make sure that the password is already changed by the time
you post).
Q: I am getting the error "fopen: ./all.chr: No such file or directory"
(or "fopen: ./lanman.chr: No such file or directory").
Q: Where are the charset files?
A: Development versions of John the Ripper might not include the charset
files. You're supposed to take them out of the latest official release.
Q: Where do I get wordlists for use with John?
A: http://www.openwall.com/wordlists/
Q: Where do I get new versions of John the Ripper?
Q: Where do I get the source code for John?
Q: I only have the source code for John the Ripper, where do I get it
pre-compiled for my OS (if supported)?
Q: What is the primary website for John the Ripper?
A: http://www.openwall.com/john/
Q: How can I contact you (the author)?
A: See CONTACT.
(Semi-)advanced topics.
Q: I've recently switched my system to MD5-based (or Blowfish-based)
password hashes, but there are still some DES-based hashes in the
password file. How do I handle multiple hash types in one file?
A: Use the "--format=..." option to tell John which hashes you would
like it to load. Unfortunately, you will have to run John for each hash
type separately. This requirement may sometimes be avoided with the use
of "--format=crypt", but this is not recommended. Please see the
description of the "--format" option in OPTIONS for more detail.
Q: I have 10 users, but John said it loaded 15 password hashes. What's
going on?
A: Some extremely poorly designed hash types (Windows LM hashes and
DES-based crypt(3) hashes known as "bigcrypt") have a property that
allows John to split their encodings into two separate hashes
(corresponding to "halves" of plaintext passwords) on load. John then
proceeds to crack those hashes separately, so at a given time it might
have only one of two halves of some passwords cracked. If interrupted
and restarted, it would need to only load the hashes that correspond to
uncracked password halves, so the number of such hashes is what John
reports (in all cases, for consistency).
Q: Are the strings tried with "-i" ("incremental" mode) random? They
certainly look like they are almost random.
A: No, they are not. No single candidate password will be tried for a
second time and the order in which they are tried is in fact very smart:
it is based on frequencies of different trigraphs, stored and processed
separately for each character position and for each password length.
Q: Why doesn't John display a progress indicator for the "incremental"
mode?
A: Do you really want to see a 0% all the time? As explained in MODES,
"incremental" mode is not supposed to terminate in a reasonable time.
(There are a few exceptions to this, so a progress indicator might be
added at some point.)
Q: I am running John for 10 days and it is still not finished?!
Q: How long should I expect John to run?
A: It primarily depends on the cracking mode(s) and on your password
files (in particular, the type of hashes and the number of different
salts, if applicable). Most importantly, you should note that the
"incremental" mode, which a default John run (with no command line
options) proceeds with after being done with the quicker checks, is not
supposed to terminate in a reasonable time. It is up to you to decide
how long you're going to let it run, then consider any uncracked
passwords strong enough. "Single crack" mode runs typically take from
under a second to one day (depending on the type and number of password
hashes). Wordlist mode runs may also be quick (under a second) for
tiny wordlists and fast hashes or they may take multiple days with large
wordlists, with word mangling rules, and with slow hash types and
substantial numbers of different salts. The status line John reports
whenever you hit a key includes a progress indicator (percent complete)
for "single crack" and wordlist modes. With no cracking mode requested
explicitly, John will start with "single crack" mode (pass 1), then
proceed with wordlist mode (pass 2), and finally with "incremental" mode
(pass 3). The pass numbers are reported on the status line, too. It is
reasonable to let John reach "incremental" mode (pass 3) and run that
for a while (some days). You will notice that John's success rate (the
number of passwords cracked per hour or per day) will be dropping
rapidly. When you determine that the success rate is low enough, you
interrupt John.
Q: Why does John display meaningless c/s values while cracking, instead
of real "crypts per second" rate?
A: The values displayed by John mean combinations (of username and
password) per second, not crypts per second. This is the effective
cracking speed that you get on a particular set of password hashes, and
it may be useful, for example, to tune the "--salts=..." threshold and
other settings. If you want a benchmark of the low-level password
hashing routines only, use "--test". (Future versions of John the
Ripper might report effective and raw c/s rates for different time
intervals. These won't fit on the current status line, though.)
Q: I just noticed that the c/s rate reported while using "incremental"
mode is a lot lower than it is with other cracking modes. Why?
A: You're probably running John for a few seconds only. The current
"incremental" mode implementation uses large character sets which need
to be expanded into even larger data structures in memory each time John
switches to a different password length. Fortunately, this is only
noticeable when John has just started since the length switches become
rare after a few minutes. For long-living sessions, which is where we
care about performance the most, this overhead is negligible. This is a
very low price for the better order of candidate passwords tried.
Q: What are the "real" and "virtual" c/s rates as reported by "--test"
(on Unix-like operating systems)?
A: These correspond to real and virtual (processor) time, respectively.
The two results would differ when the system is under other load, with
the "virtual" c/s rate indicating roughly what you could expect to get
from the same machine if it were not loaded.
Q: How can I test John's password hashing routines for proper operation?
A: John always performs a self-test when you run it on a password file
and refuses to work if an error occurs. If you need to test all of the
low-level routines at once, use "--test".
Q: Does John support multi-processing or distributed processing?
A: There's currently built-in parallel processing support (to make use
of multiple CPUs and/or CPU cores on a single system) for OpenBSD-style
Blowfish-based crypt(3) (bcrypt) hashes (with John's own optimized code)
and for the underlying system's thread-safe password hashing function
(crypt_r(3) on Linux or crypt(3C) on Solaris). The latter is only
reasonable to use for crypt(3) hash types not yet supported by John
natively (that is, for glibc 2.7+ SHA-crypt hashes as used by recent
versions of Fedora and Ubuntu and for SunMD5 hashes). To use this
limited OpenMP support, you need to make an OpenMP-enabled build of John
by uncommenting one of the OMPFLAGS lines near the beginning of the
Makefile. This requires GCC 4.2+ or another OpenMP-capable C compiler.
For other hash types and/or to distribute the workload between multiple
machines, other approaches need to be used. For a small number of nodes
(CPUs, CPU cores, and/or machines), it is reasonable to use a manual
approach. One of those approaches is to have your nodes try different
password lengths. This is easily accomplished with "incremental" mode's
"MinLen" and "MaxLen" settings (see CONFIG). Typically, you would not
really need to split the workload for "single crack" and wordlist modes
since these are relatively quick, although you may dedicate one node to
those initially. You may safely run multiple instances of John in the
same working directory, all writing to the same "pot file" (this is a
feature). You do, however, need to assign each of them a unique session
name, with "--session". Other approaches, such as splitting password
files naively (without regard to salts), are typically less efficient
(in some cases to the extent where there's no speedup from using
multiple nodes at all). Some advanced and automated approaches are
listed on the wiki at:
http://openwall.info/wiki/john/parallelization
Q: What is the format of the crash recovery files ("john.rec", other
.rec's)? What do the numbers mean?
A: The format of these files is deliberately undocumented and is subject
to change without notice. (However, each release of John the Ripper is
likely to be able to read .rec files produced by at least the
immediately preceding release. Whenever compatibility is broken, John
will refuse to recover the session, leaving the .rec file intact.)
Although the meaning of some of the numbers that get into .rec files is
trivial to explain, it is not possible to reasonably describe some
others without going into great detail on John internals. If you really
need to know, read the source code.
$Owl: Owl/packages/john/john/doc/FAQ,v 1.25 2011/04/27 18:02:49 solar Exp $

38
data/john/doc/HDAA_README
View File

@ -1,38 +0,0 @@
HTTP Digest access authentication
---------------------------------
- How to create the password string :
-------------------------------------
user:$MAGIC$response$user$realm$method$uri$nonce$nonceCount$ClientNonce$qop
'$' is use as separator, you can change it in HDAA_fmt.c
Example of password string :
user:$response$679066476e67b5c7c4e88f04be567f8b$user$myrealm$GET$/$8c12bd8f728afe56d45a0ce846b70e5a$00000001$4b61913cec32e2c9$auth
Here the magic is '$response$'
- Demonstration :
-----------------
Tested on a : AMD Athlon(tm) 64 Processor 3000+
$ cat ./htdigest
moi:$response$faa6cb7d676e5b7c17fcbf966436aa0c$moi$myrealm$GET$/$af32592775d27b1cd06356b3a0db9ddf$00000001$8e1d49754a25aea7$auth
user:$response$679066476e67b5c7c4e88f04be567f8b$user$myrealm$GET$/$8c12bd8f728afe56d45a0ce846b70e5a$00000001$4b61913cec32e2c9$auth
$ ./john ./htdigest
Loaded 2 password hashes with 2 different salts (HTTP Digest access authentication [HDAA-MD5])
kikou (moi)
nocode (user)
guesses: 2 time: 0:00:01:27 (3) c/s: 670223 trying: nocode

70
data/john/doc/INSTALL
View File

@ -1,70 +0,0 @@
Installing John the Ripper.
First of all, most likely you do not need to install John the Ripper
system-wide. Instead, after you extract the distribution archive and
possibly compile the source code (see below), you may simply enter the
"run" directory and invoke John from there.
System-wide installation is also supported, but it is intended for use
by packagers of John for *BSD "ports", Linux distributions, etc., rather
than by end-users. (If you're in fact preparing a package of John,
please refer to the JOHN_SYSTEMWIDE setting in src/params.h.)
You may have obtained the source code or a "binary" (pre-compiled)
distribution of John the Ripper. On Unix-like systems, it is typical
to get the source code and compile it into "binary" executables right
on the system you intend to run John on. On DOS and Windows, however,
it is typical to get a binary distribution which is ready for use.
The following instructions apply to the source code distribution of
John only. If you have a binary distribution, then there's nothing
for you to compile and you can start using John right away.
Compiling the sources on a Unix-like system.
Enter the directory into which you extracted the source code
distribution of John. Enter the "src" subdirectory and invoke "make"
to obtain a list of operating systems for which specific support
exists:
cd src
make
Note the make target for your system and type:
make clean SYSTEM
where SYSTEM is the appropriate make target. Alternatively, if your
system is not listed, use:
make clean generic
If everything goes well, this will create the executables for John and
its related utilities under "../run/". You can change directory to
there and start John, like this:
cd ../run
./john --test
Alternatively, you may copy the entire "run" directory to anywhere you
like and use John from there.
A note on moving binaries between systems.
With the "generic" make target, certain machine hardware performance
parameters are detected at compile time. Additionally, some OS-specific
make targets tell the C compiler to generate and optimize code for the
machine's specific CPU type (this currently applies to C compilers other
than gcc only). If you then move the binary executable to a different
machine, you might not get the best performance or the program might
not run at all if the CPU lacks features that the C compiler assumed it
would have. Thus, it is recommended to recompile John on each system if
you use one of these make targets.
Since Linux and *BSD distributions' packages of John typically use make
targets other than "generic" and since they typically use gcc, they are
usually not affected by this potential problem.
$Owl: Owl/packages/john/john/doc/INSTALL,v 1.5 2010/05/27 13:37:48 solar Exp $

42
data/john/doc/LICENSE
View File

@ -1,42 +0,0 @@
John the Ripper copyright and license.
John the Ripper password cracker,
Copyright (c) 1996-2011 by Solar Designer.
This version of John the Ripper is hereby being made available to you
under the terms of the GNU General Public License version 2 as published
by the Free Software Foundation.
John the Ripper is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
Relaxed terms for certain components.
In addition or alternatively to the license above, the following
components are available to you under more relaxed terms:
As the copyright holder for the bcrypt (Blowfish-based password hashing)
implementation found in John the Ripper, I have placed a derived version
of this implementation in the public domain. This derived version may
be obtained at:
http://www.openwall.com/crypt/
The intent is to provide modern password hashing for your servers and
your software (where the GPL restrictions could be a problem).
Additionally, I have placed the CRC-32 implementation (crc32.c, crc32.h)
in the public domain.
Commercial licensing.
Commercial licenses (non-GPL) are available upon request.
--
Alexander Peslyak aka Solar Designer <solar at openwall.com>
$Owl: Owl/packages/john/john/doc/LICENSE,v 1.12 2011/06/22 13:03:43 solar Exp $

4
data/john/doc/LICENSE.mpi
View File

@ -1,4 +0,0 @@
This patch for John the Ripper MPI implementation is a continuation of
Ryan Lim's original patch against 1.6.x, later maintained by John
Anderson at bindshell.net, and modified by AoZ and magnum. It is
licensed under the same terms as John the Ripper itself.

122
data/john/doc/MARKOV
View File

@ -1,122 +0,0 @@
BASIC USAGE
The Markov mode is based from [1], tested and applied to "classical" password
cracking in [2]. This mode similar to the "wordlist" mode because it will only
crack a fixed quantity of passwords. Its parameters are:
--markov:LEVEL:START:END:LENGTH
Where:
* LEVEL is the "Markov level". This value is the maximum strength of passwords
that are going to be cracked. When LEVEL increases, the quantity of passwords
that are going to be tested increases exponentially.
* START is the index of the first password that is going to be tested, starting
with 0.
* END is the index of the last password that is going to be tested. When it is
set to 0, it will represent the last possible password.
* LENGTH is the maximum length of the tested passwords.
using --markov:100:0:0:12 will let john check every password whose length is 12
or less and whose "Markov strength" is 100 or less.
SELECTING THE PARAMETERS
The "LEVEL" parameter should be selected based on the desired maximum running
time. In order to select the appropriate LEVEL, the following steps should be
followed:
1/ Run the -single and -wordlist modes of john, as they will find many passwords
for a low price
2/ Run john with a low markov level on the file, using the time utility. For
example:
*******************************************************************************
time john -markov:180 test
Loaded 156 password hashes with no different salts (NT LM DES [128/128 BS SSE2])
Warning: MaxLen = 12 is too large for the current hash type, reduced to 7
MKV start (lvl=180 len=7 pwd=30449568)
guesses: 0 time: 0:00:00:10 99% c/s: 475013K trying:
real 0m10.707s
user 0m10.621s
sys 0m0.012s
*******************************************************************************
This means that john can test 2.8M (30449568/10.707) passwords / seconds. It
should be noted that with salted passwords the cracking speed will increase with
every cracked password. This number should be corrected based on the experience
of the user.
3/ Evaluate the quantity of passwords that could be cracked during the selected
time. Using the previous example, a cracking time of 3 hours will lead to a
quantity of passwords of 30714M passwords (30449568/10.707*3600*3).
4/ Use the genmkpwd command to find the corresponding level. Using the previous
example, with a maximum password length of 12 (stupid because LM has a maximum
length of 7 ...):
*******************************************************************************
genmkvpwd stats 0 12
[...]
lvl=245 (5904 Kb for nbparts) 26 G possible passwords (26528306250)
lvl=246 (5928 Kb for nbparts) 29 G possible passwords (29373638087)
lvl=247 (5952 Kb for nbparts) 32 G possible passwords (32524537496)
[...]
*******************************************************************************
Here, the selected level will be 246 (the higher level where the number of
possible passwords is less than 30714M).
5/ Run john:
*******************************************************************************
john -markov:246:0:0:12 test
*******************************************************************************
DISTRIBUTING WORK
The START and END parameter could be used to distribute work among many CPUs.
The preferred method is to evaluate the combined cracking speed of all CPUs
(adding the step 2 result for every CPUs available) and follow the previous
method.
At step 5, share the cracking space among all CPUs, where is share is
proportionnal with the CPU's cracking speed.
CONFIGURATION OPTIONS
New options are available in the john.conf file:
Statsfile - This is the path of the "stat" file.
MkvLvl - the default level
MkvMaxLen - the default length
WHAT IS THE STAT FILE?
The markov mode is based on statistical data from real passwords. This data is
stored in the "stat" file. In order to generate a custom stat file, it is
recommanded to use the new calc_stat command:
./calc_stat "dictionnary file" stats
MKVCALCPROBA USAGE
This program is used to generate statistics about cracked passwords. It accepts
as input the "stat" file and a file with a single cracked password per line.
Here is a sample output:
*******************************************************************************
./mkvcalcproba stats /tmp/passwordlist
test 33+16+28+20 97 4 40030907 45
password 29+16+30+22+51+25+24+30 227 8 2698006565378672 177
32'[[! 55+24+98+1000+23+29 1229 6 39949021871 1169
charsetsize = 92
*******************************************************************************
Its output is tab separated and should open nicely in spreadsheets. Here is the
meaning of the column:
1/ Cracked password, reprinted from the file
2/ Sum of all "markov probabilities" of every letter of the word. This is
supposed to help identify which parts of the password makes them strong. The
number "1000" is written when no 1st/2nd letter combinations were found in the
stat file (for exemple ' then [ here).
3/ Markov strength
4/ Password length
5/ Rank when bruteforced "stupidly" (a, b, c, ..., aa, ab, ac ...) considering
that letters are ordered given their appearance probability and the given
charsetsize (92)
6/ Markov strength of the password where the two first letters are removed
REFERENCES
[1] http://www.cs.utexas.edu/~shmat/shmat_ccs05pwd.ps
[2] http://actes.sstic.org/SSTIC07/Password_Cracking/

2540
data/john/doc/MD5_GENERIC
View File

File diff suppressed because it is too large Load Diff

480
data/john/doc/MD5_GENERIC_SCRIPTING
View File

@ -1,480 +0,0 @@
For most hashes where MD5 is used, building a proper md5 format is likely
not the best bet overall. A format is not trivial. It requires maintainance
and will likely requires specific enhancements to get it to perform
optimally on all hardware. Likely there will need to be 'generic' C
code done, then it will need code to tie it into CPU specific optimizations,
such as SSE, MMX, intrisic SSE, GPU, ... ... ... This will also mean that
to stay up to date, the format will require ongoing work and mainainance.
However, there is one format which may reduce a lot of this maintainance
work to very little. Now, that format itself will need to be kept up to
date, but any formats that are built upon its internal workings. That
format is md5-gen. In this 'format', there is a scripting language, where
a format developer only need to describe the actual operations properly,
and the format is 'done', and working.
This document will go over how to 'build' a format that uses this md5-gen
format, how to optimize it to work faster, and how to build a 'thin'
quasi format which insulates the end user from the md5-gen format line
building.
**** Introduction ****
To start off with, a little background on 'how' and 'where' to build the
scripts that run md5-gen, what interanal data structures are available to
be used.
The 'where' which a format developer can easily build into john, is to add a
new md5-gen format 'script', into john.ini file (john.conf). This
file usually is located in the current directory where john is run out
of (but the --config=file can override the default behavior). Within the
john.conf, a new 'section' can be added for a md5 genercic format. The
new 'section' will be set by using this section naming:
[List.Generic:md5_gen(NUM)]
You replace the NUM with the sub-format number (from 1001 to 9999).
Pick a number that is not used.
Within this 'section', there will be multiple lines added. These lines
are primarily of the form: Type=Value
The actual contents of these scripts will be addressed later. That will
be the 'How', and preforming this is actually outside of the intro section.
The 'Data' and runtime information is this:
Inside of the md5-gen format, there are 2 input buffers (actually ALL data
is arrays of 128 of each buffer type). There is input1 and input2 buffers.
The main operations on these buffers is to clear them, and to append data,
to build string which will later be md5 hashed.
There are also 2 output buffers. These buffers will receive the md5 hashing
from the 2 input buffers. NOTE, when the format processing is complete, the
results MUST be placed into output1 buffer. This is where all of the comparison
functions will check against.
In the format, there is a salt (if the format is salted). There may also be
a second salt value.
There are also 'keys' value(s). These are the passwords being tested at this
given time.
There are also 8 'constant' strings which can be used within a format. A
format such as md5-po has a couple of constants within it.
There are also numerous optimization 'flags' which do special things when
loading keys or salts, and there are numourous special 'optimization' primative
functions within the format, for speedup of certain operations.
**** Simple format building ****
We will start out with a few simple formats, and simply 'show' how to build
a straight forward script. The scripts may or may not be optimal. Later
we will optimize these somewhat. When building the formats here, there will
be comments interspersed, listing just what is being done, and why.
we will build these formats:
md5_gen(1030) md5($p.$p)
md5_gen(1031) md5($s.md5($p).$p)
md5_gen(1032) md5(md5($s).md5($p).$p)
[List.Generic:md5_gen(1030)]
Expression=md5_gen(1030): md5($p.$p)
Func=MD5GenBaseFunc__clean_input
Func=MD5GenBaseFunc__append_keys
Func=MD5GenBaseFunc__append_keys
Func=MD5GenBaseFunc__crypt
Test=md5_gen(1030)42b72f913c3201fc62660d512f5ac746:test1
Here is the exact same format, with some comments added, describing the
sub-sections, and exactly what is being done.
#first line is the section name. It MUST be of the format shown.
[List.Generic:md5_gen(1030)]
#
#the next line, is a required line. It serves 2 purposes. It is output
#in john, when the format 'starts'. Also, the md5_gen(#) part is used
#to destinguish this exact format (so the command line of --sub=md5_gen(1030)
#would specify this and only this format)
#
Expression=md5_gen(1030): md5($p.$p)
#
#This is the set of functions. This is the ONLY section of the format
#where order IS important. The functions ARE handled one after the
#other, from top to bottom, to perform the string operations, and md5
#operations which are needed to perform the hash of this format
#The functions ARE a required part of the format.
#
#first step, clean the input. All work for this format is done using
#only input 1 and output 1 buffers.
Func=MD5GenBaseFunc__clean_input
#
#Step 2, append the keys. Note, the buffer is clean, so this is simply
#the same as Input=keys (but required 2 steps, the clean and append keys).
Func=MD5GenBaseFunc__append_keys
#
#Step 3, append keys again (the format is ($p.$p) or keys appended to keys.
Func=MD5GenBaseFunc__append_keys
#
#Step 4, final step performs md5 of $p.$p This will properly leave the
#results in output1
Func=MD5GenBaseFunc__crypt
#
#This is test string. These ARE required. You can provide more than
#one. 5 or 6 are best, to make sure the format is valid.
#
Test=md5_gen(1030)42b72f913c3201fc62660d512f5ac746:test1
Ok, here is the second format. The format being done is md5($s.md5($p).$p)
Here are a few comments about this format:
1. There is a Flag= value. This is because this is a Salted format. This
REQUIRES the MGF_SALTED flag.
2. We only use input 1 and output 1.
3. There are a couple of calls to crypt (md5). The first simply gets
md5($p) and puts it into output1, which will later be appeneded in
base-16 format as we build our string.
4. After the first crypt (md5), we clear our input buffer, then put
the salt in, append the base-16 of md5($p), and then append $p
5. Finally, and call to crypt is done, which leaves the results in
output1, so the rest of the md5-gen format can properly compare it.
[List.Generic:md5_gen(1031)]
Expression=md5_gen(1031): md5($s.md5($p).$p)
Flag=MGF_SALTED
Func=MD5GenBaseFunc__clean_input
Func=MD5GenBaseFunc__append_keys
Func=MD5GenBaseFunc__crypt
Func=MD5GenBaseFunc__clean_input
Func=MD5GenBaseFunc__append_salt
Func=MD5GenBaseFunc__append_from_last_output_as_base16
Func=MD5GenBaseFunc__append_keys
Func=MD5GenBaseFunc__crypt
Test=md5_gen(1031)a459f60614498dbdd9a79dcc9c538749$aabbccdd:test1
Now, here is the final format: md5(md5($s).md5($p).$p)
[List.Generic:md5_gen(1032)]
Expression=md5_gen(1032): md5(md5($s).md5($p).$p)
Flag=MGF_SALTED
Func=MD5GenBaseFunc__clean_input
Func=MD5GenBaseFunc__append_salt
Func=MD5GenBaseFunc__crypt
Func=MD5GenBaseFunc__clean_input2
Func=MD5GenBaseFunc__append_keys2
Func=MD5GenBaseFunc__crypt2
Func=MD5GenBaseFunc__clean_input
Func=MD5GenBaseFunc__append_from_last_output_as_base16
Func=MD5GenBaseFunc__append_from_last_output2_to_input1_as_base16
Func=MD5GenBaseFunc__append_keys
Func=MD5GenBaseFunc__crypt
Test=md5_gen(1032)042d1f15ed57929a2ac8ee4f0a924679$aabbccdd:test1
Ok, now that these have been built, here are a few 'benchmarks' listing
that they are WORKING, and what speed they are working:
Here is MinGW build 'x86'
john_x86 -test -for=md5-gen -sub=md5_gen(1030)
Benchmarking: md5_gen(1030) md5_gen(1030): md5($p.$p) [128x1 (MD5_Go)]... DONE
Raw: 3530K c/s
john_x86 -test -for=md5-gen -sub=md5_gen(1031)
Benchmarking: md5_gen(1031) md5_gen(1031): md5($s.md5($p).$p) [128x1 (MD5_Go)]... DONE
Many salts: 1945K c/s
Only one salt: 1890K c/s
john_x86 -test -for=md5-gen -sub=md5_gen(1032)
Benchmarking: md5_gen(1032) md5_gen(1032): md5(md5($s).md5($p).$p) [128x1 (MD5_Go)]... DONE
Many salts: 1016K c/s
Only one salt: 1031K c/s
Here is MinGW build of SSE2
john_sse2 -test -for=md5-gen -sub=md5_gen(1030)
Benchmarking: md5_gen(1030) md5_gen(1030): md5($p.$p) SSE2 [SSE2 32x4 (.S)]... DONE
Raw: 7250K c/s
john_sse2 -test -for=md5-gen -sub=md5_gen(1031)
Benchmarking: md5_gen(1031) md5_gen(1031): md5($s.md5($p).$p) SSE2 [SSE2 32x4 (.S)]... DONE
Many salts: 5065K c/s
Only one salt: 4436K c/s
john_sse2 -test -for=md5-gen -sub=md5_gen(1032)
Benchmarking: md5_gen(1032) md5_gen(1032): md5(md5($s).md5($p).$p) SSE2 [SSE2 32x4 (.S)]... FAILED (get_hash[0](0))
Here is some timings to check against:
john_x86 -test -for=md5-gen -sub=md5_gen(0)
Benchmarking: md5_gen(0): md5($p) (raw-md5) [128x1 (MD5_Go)]... DONE
Raw: 4005K c/s
john_sse2 -test -for=md5-gen -sub=md5_gen(0)
Benchmarking: md5_gen(0): md5($p) (raw-md5) SSE2 [SSE2 32x4 (.S)]... DONE
Raw: 10740K c/s
**** Optimizations of prior formats ****
For format 1030, the speed should be very close to that of md5_gen(0).
In both formats, there is only 1 call to md5(). However, we are seeing that the
(1030) is slower than (0). The explanation of this, is that the (0) format has
an optimization used, which we can not use in the (1030). The (1030) is likely
about as optimal as it can be made in the current md5-gen format. The optimization
for format (0) is: Flag=MGF_KEYS_INPUT What that does, is to place the keys
directly into the input field, and then later, when john gets the keys back (it
does this if a hash is cracked), john gets them from the input. In the (1030)
format, we load the keys, into the 'keys' arrays. We then have to call a function
to clean input buffer 1, and to append the keys (twice). Thus, what we have is
additional memory movement, and that slows things down. However, to use the
MGF_KEYS_INPUT optimization, we would have had to keep the input1 buffer prestine
and ONLY put in the keys (passwords). Since we had to append the keys twice,
we simply 'blew' that requirement, and thus, could NOT use it. At a later
time, we will show a format WHERE we can use this optimization.
For format 1031, there also appears to be no optimizations available.
For 1032, there are optimizations. In this format, we notice that we have
this sub expression: md5($s). Well, there is an optimization, which when it
loads the input file, it converts all salts into md5($s) and uses that value
instead. So, at startup time, we perform md5 hashes of all salts, but at
runtime, we simply place the salt into the building string, instead of performing
a MD5 on the salt. So, in the 1032, we had 3 calls to crypt. By using this
optimization, we can reduce that to 2 crypts. The starting format is:
md5(md5($s).md5($p).$p) This optimization makes the format 'behave' at
runtime, like it is md5($s.md5($p).$p), which was format 1031. Note, after
we make this optimzation, the timings will be almost identical to the 1031
timings. Also note, the Test string for 1032 and 1042 are exactly the
same. These are the same formats. It is just that 1042 performs fewer
crypt calls per test. Also note, in the 'original' run of SSE2, the 1032
format failed. This failure, is due to the SSE2 / MMX code only working
for strings up to 54 bytes (optimization reason). The length of this string:
md5($s).md5($p) is 64 bytes by itself, and we also append $p to that. Thus,
our string is OVER 54 bytes in length, and thus, can not be used in SSE2
mode. We do have a couple work arounds for this, to get it working properly
on SSE2 builds. We can use a flag which simply stops SSE2 dead in its tracks
(and preforms all work using x86 code). This is flag MGF_NOTSSE2Safe
[List.Generic:md5_gen(1042)]
Expression=md5_gen(1042): md5(md5($s).md5($p).$p)
Flag=MGF_SALTED
Flag=MGF_SALT_AS_HEX
Flag=MGF_NOTSSE2Safe
Func=MD5GenBaseFunc__clean_input
Func=MD5GenBaseFunc__append_keys
Func=MD5GenBaseFunc__crypt
Func=MD5GenBaseFunc__clean_input
Func=MD5GenBaseFunc__append_salt
Func=MD5GenBaseFunc__append_from_last_output_as_base16
Func=MD5GenBaseFunc__append_keys
Func=MD5GenBaseFunc__crypt
Test=md5_gen(1042)042d1f15ed57929a2ac8ee4f0a924679$aabbccdd:test1
Once the above changes have been done, here are the speeds:
john_x86 -test=5 -for=md5-gen -sub=md5_gen(1031)
Benchmarking: md5_gen(1031) md5_gen(1031): md5($s.md5($p).$p) [128x1 (MD5_Go)]... DONE
Many salts: 2007K c/s
Only one salt: 1913K c/s
john_x86 -test=5 -for=md5-gen -sub=md5_gen(1032)
Benchmarking: md5_gen(1032) md5_gen(1032): md5(md5($s).md5($p).$p) [128x1 (MD5_Go)]... DONE
Many salts: 1052K c/s
Only one salt: 1030K c/s
john_x86 -test=5 -for=md5-gen -sub=md5_gen(1042)
Benchmarking: md5_gen(1042) md5_gen(1042): md5(md5($s).md5($p).$p) [128x1 (MD5_Go)]... DONE
Many salts: 1420K c/s
Only one salt: 1372K c/s
john_sse2 -test=5 -for=md5-gen -sub=md5_gen(1042)
Benchmarking: md5_gen(1042) md5_gen(1042): md5(md5($s).md5($p).$p) SSE2 [128x1 (MD5_Go)]... DONE
Many salts: 1416K c/s
Only one salt: 1372K c/s
We can also perform even more optimizations in the format. What we do in this format, is we
md5 the salt (when we first load the file). Thus the salts which john works with, are really
md5($s) (same as we did in format 1042). Then we use a different flag, which puts the
md5($p) into offset 32 of input1 (where we want it). Then we simply overwrite the data in
input 1 with the salt (which is md5($s) in base-16 format), then force set length to 64, then
append the keys, then crypt.
[List.Generic:md5_gen(1052)]
Expression=md5_gen(1052): md5(md5($s).md5($p).$p)
Flag=MGF_SALTED
Flag=MGF_SALT_AS_HEX
Flag=MGF_KEYS_BASE16_IN1_Offset32
Flag=MGF_NOTSSE2Safe
Func=MD5GenBaseFunc__overwrite_salt_to_input1_no_size_fix
Func=MD5GenBaseFunc__set_input_len_64
Func=MD5GenBaseFunc__append_keys
Func=MD5GenBaseFunc__crypt
Test=md5_gen(1052)042d1f15ed57929a2ac8ee4f0a924679$aabbccdd:test1
Here are the benchmarks for the above format:
john_x86 -test=5 -for=md5-gen -sub=md5_gen(1052)
Benchmarking: md5_gen(1052) md5_gen(1052): md5(md5($s).md5($p).$p) [128x1 (MD5_Go)]... DONE
Many salts: 2251K c/s
Only one salt: 1369K c/s
john_sse2 -test=5 -for=md5-gen -sub=md5_gen(1052)
Benchmarking: md5_gen(1052) md5_gen(1052): md5(md5($s).md5($p).$p) SSE2 [128x1 (MD5_Go)]... DONE
Many salts: 2251K c/s
Only one salt: 1369K c/s
Now, note the speed for 'many salts'. It is very close to the speed of (1031), actually faster.
This speed is the speed john will have for a normal password cracking, where you have dozens (or
hundreds, or 1000's) of password hashes to crack.
To understand WHY this format is this much faster (the 'Many salts', is the normal way to
benchmark the speed of a salted hash), is to understand what is happening under the hood within
john's 'crypt all' loop.
while (!feof(password_file)) {
for (i = 0 to max_num_passwords)
SetKey(i, getnextpassword(password_file));
if (salted)
{
while (z<salt_count)
{
SetSalt(salt[z]);
crypt_all
for (all_binaries_for_salt[z])
CheckForMatched(binary)
}
}
}
The above code is certainly not 'exact', but should show close enough, the algorithm used
within john. Now, the algorithm as used within md5-gen will be shown (specifically for the
flag MGF_KEYS_BASE16_IN1_Offset32).
- SetKey() is called numerous times. This will set a 'dirty flag' for the keys inside of md5-gen.
- SetSalt() will be called. The salt handed to us is actually md5($s), since MGF_SALT_AS_HEX is set
The SetSalt() calls are happening within the 'while(z<salt_count)' loop in john.
- crypt_all is called.
Within crypt_all, md5-gen knows that we want the base-16 md5($p) to be placed at offset 32
within input1. So the first call to crypt_all (for the first salt), will cause the md5($p)
to be computed, and to be placed at offset 32.
Then the script will overwrite the starting bytes of input1 with the 32 bytes of the salt,
then the length is set to 64, then the key is appened, then a crypt, and then comparisons.
- NOW, we are at the next loop within the 'while(z<salt_count)'.
- Then john loads the next salt [ SetSalt() ].
- Then john calls crypt_all.
At this time, there have been NO additional SetKey() calls. Thus, md5-gen knows that the
base-16 text of md5($p) is STILL located at offset 32 of Input1. So, the format DOES NOT
perform this crypt again (until new SetKey() function calls happen).
- This SetSalt .. crypt_all .. compare continues until all salts are tested. However, there
will be no crypt calls to md5($p) again, UNTIL the working code within john calls SetKey()
again (when starting with new passwords, after all salts have been checked).
Now, in the final format, we start from 1042, and do NOT turn off the sse2 code. What we do, is
to turn off SSE2 when it is not valid. This will generate x86 code (generic) that runs exactly
the same as in 1042 (the 2 function calls of MD5GenBaseFunc__SSEtoX86_switch_output1 and
MD5GenBaseFunc__X86toSSE_switch_output1 are no-ops in x86 builds). However, in SSE mode,
the first crypt will be done using SSE. Thus, as we see, the speed went from 1420k, up
to almost 1800k. But note, this is NOT as fast as format 1052, for 'many' salts.
[List.Generic:md5_gen(1062)]
Expression=md5_gen(1062): md5(md5($s).md5($p).$p)
Flag=MGF_SALTED
Flag=MGF_SALT_AS_HEX
Func=MD5GenBaseFunc__clean_input
Func=MD5GenBaseFunc__append_keys
Func=MD5GenBaseFunc__crypt
Func=MD5GenBaseFunc__SSEtoX86_switch_output1
Func=MD5GenBaseFunc__clean_input
Func=MD5GenBaseFunc__append_salt
Func=MD5GenBaseFunc__append_from_last_output_as_base16
Func=MD5GenBaseFunc__append_keys
Func=MD5GenBaseFunc__crypt
Func=MD5GenBaseFunc__X86toSSE_switch_output1
Test=md5_gen(1062)042d1f15ed57929a2ac8ee4f0a924679$aabbccdd:test1
john_sse2 -test=5 -for=md5-gen -sub=md5_gen(1062)
Benchmarking: md5_gen(1062) md5_gen(1062): md5(md5($s).md5($p).$p) SSE2 [SSE2 32x4 (.S)]... DONE
Many salts: 1792K c/s
Only one salt: 1715K c/s
So all in all, 1032, 1042, 1052, 1062 were all equivalent (1032 was not, since it fails in
SSE2 builds, but that was 'fixed' in 1042). They all run using differing sets of flags, differing
sets of Function primatives, and have different runtime speeds. However, in the end, they all
Now, the above format 1062 is slower than 1052. This is due to the final crypt still having to be
done in x86 mode. However, in 1062, we crypt EVERY password for each salt. Thus you can see there
is no speed gain between many salts, and 1 salt. Yes, the md5($p) IS done using SSE2 which is much
faster, but in version 1052, when there are multiple salts, the slower md5($p) is done only 1 time
per password.
Now, the flag MGF_KEYS_BASE16_IN1_Offset32 (or other flags like it), CAN be used in SSE2 to
get much faster behavior, however, it has to be in a format that IS SSE2 friendly. Here
is an example:
md5(md5($p).$s) In this format, we CAN build an SSE2 friendly format, that is VERY fast.
For this test, we will set the salt length to a fixed size of 12.
Here is a very easy to read, but also very far from optimal format for the above type:
[List.Generic:md5_gen(1033)]
Expression=md5_gen(1033): md5(md5($p).$s)
Flag=MGF_SALTED
Func=MD5GenBaseFunc__clean_input
Func=MD5GenBaseFunc__append_keys
Func=MD5GenBaseFunc__crypt
Func=MD5GenBaseFunc__clean_input
Func=MD5GenBaseFunc__append_from_last_output_as_base16
Func=MD5GenBaseFunc__append_salt
Func=MD5GenBaseFunc__crypt
Test=md5_gen(1033)e9fb44106edf60419d26a10b5439d0c7$aabbccddeeff:test1
SaltLen=12
john_x86 -test -format=md5-gen -subf=md5_gen(1033)
Benchmarking: md5_gen(1033) md5_gen(1033): md5(md5($p).$s) [128x1 (MD5_Go)]... DONE
Many salts: 1918K c/s
Only one salt: 1889K c/s
john_sse2 -test -format=md5-gen -subf=md5_gen(1033)
Benchmarking: md5_gen(1033) md5_gen(1033): md5(md5($p).$s) SSE2 [SSE2 32x4 (.S)]... DONE
Many salts: 5479K c/s
Only one salt: 4922K c/s
Here is a MUCH more optimal version (1043). This version will use the flag
MGF_KEYS_BASE16_IN1 to load the md5($p) into input 1, at the start of that string. That
will ONLY be done, if there is a SetKeys() change. Then we simply set the input length
to 32, append the salt, and call crypt.
[List.Generic:md5_gen(1043)]
Expression=md5_gen(1043): md5(md5($p).$s)
Flag=MGF_SALTED
Flag=MGF_KEYS_BASE16_IN1
Func=MD5GenBaseFunc__set_input_len_32
Func=MD5GenBaseFunc__append_salt
Func=MD5GenBaseFunc__crypt
Test=md5_gen(1033)e9fb44106edf60419d26a10b5439d0c7$aabbccddeeff:test1
SaltLen=12
john_x86 -test -format=md5-gen -subf=md5_gen(1043)
Benchmarking: md5_gen(1043) md5_gen(1043): md5(md5($p).$s) [128x1 (MD5_Go)]... DONE
Many salts: 4128K c/s
Only one salt: 1890K c/s
john_sse2 -test -format=md5-gen -subf=md5_gen(1043)
Benchmarking: md5_gen(1043) md5_gen(1043): md5(md5($p).$s) SSE2 [SSE2 32x4 (.S)]... DONE
Many salts: 13096K c/s
Only one salt: 4834K c/s
So in this case, we see that the 'only 1 salt' speed is pretty much a wash. However, the
'many salts' speed, has gone from 1900k to 4100k for non-sse, and from 5500k to 13100k.
NOTE, the above format is actually md5_gen(6) (also md5_gen(7)) format.

112
data/john/doc/MODES
View File

@ -1,112 +0,0 @@
John the Ripper's cracking modes.
Mode descriptions here are short and only cover the basic things.
Check other documentation files for information on customizing the
modes.
Wordlist mode.
This is the simplest cracking mode supported by John. All you need to
do is specify a wordlist (a text file containing one word per line)
and some password files. You can enable word mangling rules (which
are used to modify or "mangle" words producing other likely
passwords). If enabled, all of the rules will be applied to every
line in the wordlist file producing multiple candidate passwords from
each source word.
The wordlist should not contain duplicate lines. John does not sort
entries in the wordlist since that would consume a lot of resources
and would prevent you from making John try the candidate passwords in
the order that you define (with more likely candidate passwords listed
first). However, if you don't list your candidate passwords in a
reasonable order, it'd be better if you sort the wordlist
alphabetically: with some hash types, John runs a bit faster if each
candidate password it tries only differs from the previous one by a
few characters. Most wordlists that you may find on the Net are
already sorted anyway.
On the other hand, if your wordlist is sorted alphabetically, you do
not need to bother about some wordlist entries being longer than the
maximum supported password length for the hash type you're cracking.
To give an example, for traditional DES-based crypt(3) hashes only
the first 8 characters of passwords are significant. This means that
if there are two or more candidate passwords in the wordlist whose
first 8 characters are exactly the same, they're effectively the same
8 character long candidate password which only needs to be tried once.
As long as the wordlist is sorted alphabetically, John is smart enough
to handle this special case right.
In fact, it is recommended that you do not truncate candidate
passwords in your wordlist file since the rest of the characters
(beyond the length limit of your target hash type) are likely still
needed and make a difference if you enable word mangling rules.
The recommended way to sort a wordlist for use with default wordlist
rule set is:
tr A-Z a-z < SOURCE | sort -u > TARGET
See RULES for information on writing your own wordlist rules.
"Single crack" mode.
This is the mode you should start cracking with. It will use the
login names, "GECOS" / "Full Name" fields, and users' home directory
names as candidate passwords, also with a large set of mangling rules
applied. Since the information is only used against passwords for the
accounts it was taken from (and against password hashes which happened
to be assigned the same salt), "single crack" mode is much faster than
wordlist mode. This permits for the use of a much larger set of word
mangling rules with "single crack", and their use is always enabled
with this mode. Successfully guessed passwords are also tried against
all loaded password hashes just in case more users have the same
password.
Note that running this mode on many password files simultaneously may
sometimes get more passwords cracked than it would if you ran it on
the individual password files separately.
"Incremental" mode.
This is the most powerful cracking mode, it can try all possible
character combinations as passwords. However, it is assumed that
cracking with this mode will never terminate because of the number of
combinations being too large (actually, it will terminate if you set a
low password length limit or make it use a small charset), and you'll
have to interrupt it earlier.
That's one reason why this mode deals with trigraph frequencies,
separately for each character position and for each password length,
to crack as many passwords as possible within a limited time.
To use the mode you need a specific definition for the mode's
parameters, including password length limits and the charset to use.
These parameters are defined in the configuration file sections called
[Incremental:MODE], where MODE is any name that you assign to the mode
(it's the name that you will need to specify on John's command line).
You can either use a pre-defined incremental mode definition (one of
"All", "Alnum", "Alpha", "Digits", or "LanMan" for LM hashes) or define
a custom one.
See CONFIG and EXAMPLES for information on defining custom modes.
External mode.
You can define an external cracking mode for use with John. This is
done with the configuration file sections called [List.External:MODE],
where MODE is any name that you assign to the mode. The section
should contain program code of some functions that John will use to
generate the candidate passwords it tries. The functions are coded in
a subset of C and are compiled by John at startup when you request the
particular external mode on John's command line. See EXTERNAL.
What modes should I use?
See EXAMPLES for a reasonable order of cracking modes to use.
$Owl: Owl/packages/john/john/doc/MODES,v 1.5 2006/01/02 06:48:40 solar Exp $

143
data/john/doc/NETNTLM_README
View File

@ -1,143 +0,0 @@
LM/NTLM Challenge / Response Authentication
JoMo-Kun (jmk at foofus dot net) ~ 2010
Microsoft Windows-based systems employ a challenge-response authentication
protocol as one of the mechanisms used to validate requests for remote file
access. The configured/negotiated authentication type, or level, determines how
the system will perform authentication attempts on behalf of users for either
incoming or outbound requests. These requests may be due to a user initiating a
logon session with a remote host or, in some cases, transparently by an
application they are running. In many cases, these exchanges can be replayed,
manipulated or captured for offline password cracking. The following text
discusses the available tools within the John the Ripper "Jumbo" patch for
performing offline password auditing of these specific captured challenge-
response pairs.
Why might these exchanges be of interest? A primary point of most penetration
tests is to find avenues through which the assessor can gain unauthorized access
to some resource. This often relies on the compromise of a system's local
accounts or the exploitation of some service-level vulnerability. The ability to
capture on-the-wire authentication exchanges and to crack the associated
password adds another option to the mix. The fact that these exchanges can be
cracked aids in demonstrating to clients why one authentication algorithm may be
preferred to another.
A given server is likely to use one of the following protocols for
authentication challenge-response: LMv1, NTLMv1, LMv2 or NTLMv2. It should be
noted that these protocols may use the LM and NTLM password hashes stored on a
system, but they are not the same thing. For an excellent in-depth discussion of
the protocols see the Davenport paper entitled "The NTLM Authentication Protocol
and Security Support Provider" [1]. For the purposes of this discussion, the key
item of note is that the LMv1 and NTLMv1 protocols consist of a only a single
server challenge. This allows an attacker to force a client into authenticating
using a specific challenge and then attack that response using precomputed
Rainbow Tables.
There are a variety of methods for capturing challenge-response pairs, including
the use of tools such as MetaSploit and Ettercap. The author's preferred method
is to use a modified version of Samba[2]. The provided patch sets the server's
challenge to a fixed value (i.e. 0x1122334455667788) and logs all authentication
attempts in a format suitable for use with John. The patch also includes a
modification to the nmbd application. Nmbd is used to respond to broadcast
requests for NetBIOS name/IP information. The modified service simply responds
to all requests with its own IP address, often resulting in hosts unknowingly
authenticating to the wrong system. Another common method of forcing systems to
authenticate to the Samba server is through the use of HTML image source tags.
For example, simply inserting the tag "<img src=file://192.168.1.10/logo.gif>"
into a HTML message will cause some email client applications to automatically
perform an authentication attempt. Other examples include the use of specialized
desktop.ini files and many other mischievous tricks.
It is also worth noting that these challenge/response protocols are not limited
to the Microsoft File and Print Services. For example, Cisco's LEAP wireless
security mechanism, EAP-PEAP and PPTP all utilize a MS-CHAP handshake, or
modified variant. The NTLMv1 challenge/response set can be extracted from this
exchange and subjected to a brute-force guessing attack. Further discussion on
this subject is outside of the scope of this write-up, but would certainly
reveal numerous additional uses.
The LMv1 challenge-response mechanism suffers a number of technical limitations.
As previously noted, only a server challenge is used. This means that if the
challenge is set to a constant value, a given password will always result in
the same client authentication response. This allows for the precomputation of
password / LMv1 responses and their subsequent retrieval using tools such as
RainbowCrack.
To further exacerbate the issue, the LM hash used during the generation of the
LMv1 response converts a password into (at most) two 7 character upper-case
passwords. The LM hash is then split into three pieces prior to calculating the
LMv1 response. This process greatly reduces the size of the Rainbow Tables which
need to be calculated in order to break a given password. For example, the
so-called "halflmchall" tables widely available on the Internet utilize only the
first third of the LMv1 response to break the first 7 characters of the
respective password. The netnlm.pl script discussed in this document can be used
to attempt to break the remaining characters of the password and its original
case-sensitive version. The following is an example of cracking a captured
LMv1/NTLMv1 challenge/response set.
Example LMv1/NTLMv1 Challenge/Response (.lc Format):
user::WORKGROUP:5237496CFCBD3C0CB0B1D6E0D579FE9977C173BC9AA997EF:A37C5C9316D9175589FDC21F260993DAF3644F1AAE2A3DFE:112233445566778
LMv1 Response: 5237496CFCBD3C0CB0B1D6E0D579FE9977C173BC9AA997EF
NTLMv1 Response: A37C5C9316D9175589FDC21F260993DAF3644F1AAE2A3DFE
Server Challenge: 112233445566778
RainbowCrack look-up of password's first 7 characters (upper-cased) using first
third (8 bytes) of LMv1 response:
% rcrack halflmchall/*.rt -f 5237496CFCBD3C0C
Result: CRICKET
First netntlm.pl Pass (Crack Remaining Characters):
% netntlm.pl --file capture.lc --seed CRICKET
Result: CRICKET88!
Second netntlm.pl Pass (Determine Case Sensitive Password)[a]:
% netntlm.pl --file capture.lc
Result: Cricket88!
[a] Note that the case-sensitive password will be shown about a third through
the script's output following the text: "Performing NTLM case-sensitive crack
for account".
The following is an example of cracking a captured NTLMv1 challenge/response. If
the LMv1 and NTLMv1 response hashes within a given client response are
identical, it typically means one of two things: either the client machine is
configured to send only a NTLMv1 response (e.g. LAN Manager Authentication Level
Group Policy Object set to "Send NTLM response only"), or the user's password is
greater than 14 characters. If the password is indeed over 14 characters in
length, it is unlikely a suitable Rainbow Table set is available and brute-force
guessing will be exhaustively time-consuming.
Example NTLMv1 Challenge/Response (.lc Format):
user::WORKGROUP:A37C5C9316D9175589FDC21F260993DAF3644F1AAE2A3DFE:A37C5C9316D9175589FDC21F260993DAF3644F1AAE2A3DFE:1122334455667788
John Usage:
% john -format:netntlm capture.lc
The LMv2 and NTLMv2 challenge/response protocols both employ unique client
challenges. This additional data effectively defeats the ability to precompute
password/response pairs via Rainbow Tables. It should also be noted that
despite its name, the LMv2 response is computed using a NTLM hash. This results
in a much harder-to-crack response hash, as the password was not truncated to
seven characters or upper-cased during the process.
The use of NTLMv2 is now the default policy within Microsoft Windows Vista and
Windows 7. Its use can be enforced for older versions via the LAN Manager
Authentication Level Group Policy Object ("Send NTLMv2 response only" (level 3
or higher)).
Example LMv2 Challenge/Response (.lc Format):
user::WORKGROUP:1122334455667788:6FAF764ECFDF1D1D9E7BA7B517190F3B:E15C1A679C7609CE
John Usage:
% john -format:netlmv2 capture.lc
Example NTLMv2 Challenge/Response (.lc Format):
user::ATS-W759420A:1122334455667788:02E12C3C2B2F5799D2C1A7661AE80491:0101000000000000B0736308F1C9CA01DABA9E3A11AFD91F0000000002001000310030002E0030002E0032002E0032000000000000000000
John Usage:
% john -format:netntlmv2 capture.lc
[1] http://davenport.sourceforge.net/ntlm.html
[2] http://www.foofus.net/jmk/smbchallenge.html

282
data/john/doc/OPTIONS
View File

@ -1,282 +0,0 @@
John the Ripper's command line syntax.
(Updated in/for the jumbo patch by Jim Fougeron)
When invoked with no command line arguments, "john" prints its usage
summary.
The supported command line arguments are password file names and
options. Many of the supported options accept additional arguments.
You can list any number of password files right on the command line of
"john". You do not have to specify any options. If valid password
files are specified but no options are given, John will go through
the default selection of cracking modes with their default settings.
Options may be specified along with password files or on their own,
although some require that password files be specified and some do not
support operation on password files.
All options are case sensitive, can be abbreviated as long as the
abbreviations are unambiguous, can be prefixed with two dashes
(GNU-style) or with one dash, and can use "=" or ":" to indicate an
argument (if supported for a given option).
The supported options are as follows, square brackets denote optional
arguments:
--single[=SECTION] "single crack" mode
Enables the "single crack" mode, using rules from the configuration
file section [List.Rules:Single]. If --single=Single_2 then the rules
from [List.Rules:Single_2] section would be used.
--wordlist=FILE wordlist mode, read words from FILE,
--stdin or from stdin
These are used to enable the wordlist mode.
--utf8 enable UTF-8 conversion
John defaults to assuming ISO-8859-1 when converting plaintexts or salts
to UTF-16. Using this flag will enable UTF-8 conversion instead. This affects
many Microsoft formats like NT, mscash and mssql. Formats not affected will
silently ignore this option flag.
--rules[=SECTION] enable word mangling rules for wordlist mode
Enables word mangling rules that are read from [List.Rules:Wordlist].
If --rules=Wordlist_elite was used, then [List.Rules:Wordlist_elite]
would be the section used.
--incremental[=MODE] "incremental" mode [using section MODE]
Enables the "incremental" mode, using the specified configuration file
definition (section [Incremental:MODE], or [Incremental:All] by default
except for LM hashes for which the default is [Incremental:LanMan]).
--external=MODE external mode or word filter
Enables an external mode, using external functions defined in section
[List.External:MODE].
--stdout[=LENGTH] just output candidate passwords
When used with a cracking mode, except for "single crack", makes John
output the candidate passwords it generates to stdout instead of
actually trying them against password hashes; no password files may be
specified when this option is used. If a LENGTH is given, John
assumes that to be the significant password length and only produces
passwords up to that length.
--restore[=NAME] restore an interrupted session
Continues an interrupted cracking session, reading state information
from the specified session file or from $JOHN/john.rec by default.
--session=NAME give a new session the NAME
This option can only be used when starting a new cracking session and
its purpose is to give the new session a name (to which John will
append the ".rec" suffix to form the session file name). This is
useful for running multiple instances of John in parallel or to be
able to later recover a session other than the last one you interrupt.
john.log file will also be named NAME.log (whatever 'NAME' is), so
that any logging of the session work will end up in this file.
--status[=NAME] print status of a session [called NAME]
Prints status of an interrupted or running session. Note that on a
Unix-like system, you can get a detached running session to update its
session file by sending a SIGHUP to the appropriate "john" process;
then use this option to read in and display the status.
--make-charset=FILE make a charset, overwriting FILE
Generates a charset file based on character frequencies from
$JOHN/john.pot, for use with the "incremental" mode. The entire
$JOHN/john.pot will be used for the charset generation by default. You
may restrict the set of passwords used by specifying some password files
(in which case only the cracked passwords that correspond to those
password files will be used), "--format", or/and "--external" (with an
external mode that defines a filter() function).
--show[=left] show cracked passwords
Shows the cracked passwords for given password files (which you must
specify). You can use this option while another instance of John is
cracking to see what John did so far; to get the most up to date
information, first send a SIGHUP to the appropriate "john" process.
if --show=left then all uncracked hashes are listed (in a john 'input'
file format way). =left is just that literal string "=left".
--test[=TIME] run tests and benchmarks for TIME seconds each
Tests all of the compiled in hashing algorithms for proper operation and
benchmarks them. The "--format" option can be used to restrict this to
a specific algorithm.
--users=[-]LOGIN|UID[,..] [do not] load this (these) user(s)
Allows you to select just a few accounts for cracking or for other
operations. A dash before the list can be used to invert the check
(that is, load information for all the accounts that are not listed).
--groups=[-]GID[,..] load users [not] of this (these) group(s)
Tells John to load (or to not load) information for accounts in the
specified group(s) only.
--shells=[-]SHELL[,..] load users with[out] this (these) shell(s)
This option is useful to load accounts with a valid shell only or to
not load accounts with a bad shell. You can omit the path before a
shell name, so "--shells=csh" will match both "/bin/csh" and
"/usr/bin/csh", while "--shells=/bin/csh" will only match "/bin/csh".
--salts=[-]COUNT[:MAX] load salts with[out] at least COUNT passwords
This is a feature which allows to achieve better performance in some
special cases. For example, you can crack only some salts using
"--salts=2" faster and then crack the rest using "--salts=-2". Total
cracking time will be about the same, but you will likely get some
passwords cracked earlier. If MAX is listed, then no hashes are
loaded where there are more than MAX salts. This is so that if you
have run --salts=25 and then later can run --salts=10:24 and none of
the hashes that were already done from the --salts=25 will be re-done.
--pot=NAME pot filename to use
By default, john will use john.pot. This override allows using a different
john.pot-like file (to start from, and to store any found password into).
--format=NAME force hash type NAME
Allows you to override the hash type detection. Currently, valid
"format names" are DES, BSDI, MD5, BF, AFS, LM, and crypt (and many more
are added with various patches). You can use this option when you're
starting a cracking session or along with one of: "--test", "--show",
"--make-charset". Note that John can't crack hashes of different types
at the same time. If you happen to get a password file that uses more
than one hash type, then you have to invoke John once for each hash type
and you need to use this option to make John crack hashes of types other
than the one it would autodetect by default.
"--format=crypt" may or may not be supported in a given build of John.
In default builds of John, this support is currently only included on
Linux and Solaris. When specified (and supported), this option makes
John use the system's crypt(3) or crypt_r(3) function. This may be
needed to audit password hashes supported by the system, but not yet
supported by John's own optimized cryptographic routines. Currently,
this is the case for glibc 2.7+ SHA-crypt hashes as used by recent
versions of Fedora and Ubuntu, and for SunMD5 hashes supported (but not
used by default) on recent versions of Solaris. In fact, you do not
have to explicitly specify "--format=crypt" for hashes of these specific
types unless you have other hash types (those supported by John
natively) in the password file(s) as well (in which case another hash
type may get detected unless you specify this option).
"--format=crypt" is also a way to make John crack crypt(3) hashes of
different types at the same time, but doing so results in poor
performance and in unnecessarily poor results (in terms of passwords
cracked) for hashes of the "faster" types (as compared to the "slower"
ones loaded for cracking at the same time). So you are advised to use
separate invocations of John, one per hash type.
--subformat=LIST displays all the built-in md5-gen formats, and exits
--save-memory=LEVEL enable memory saving, at LEVEL 1..3
You might need this option if you don't have enough memory or don't
want John to affect other processes too much. Level 1 tells John to
not waste memory on login names; it is only supported when a cracking
mode other than "single crack" is explicitly requested. The only
impact is that you won't see the login names while cracking. Higher
memory saving levels have a performance impact; you should probably
avoid using them unless John doesn't work or gets into swap otherwise.
--mem-file-size=SIZE max size of wordlist to preload into memory
One of the significant performance improvements for some builds of
john, is preloading the wordlist file into memory, instead of reading
line by line. This is especially true when running with a large list
of --rules. The default max size file is 5 million bytes. Using this
option allows making this larger. NOTE if --save-memory is used,
then memory file processing is turned off.
--field-separator-char=c Use 'c' instead of the char ':'
By design, john works with most files, as 'tokenized' files. The field
separator used by john is the colon ':' character. However, there are
hashes which use the colon in the salt field, and there are users which
may have a colon for a user name (for a couple examples of problems
with it). However, an advanced john user can change the input files,
by using a different character than the ':' (and different than any
other 'used' character), and avoid problems of lines not being properly
processed. The side effects are that the pot file will get this
'character' used in it also (and only lines in the pot file that HAVE
that character will be loaded at startup), and there are other side
effects. Usually, this is ONLY used in very advanced situations, where
the user 'knows what he is doing'. If the character can not be easily
represented by the keyboard, then the format of
--field-separator-char=\xHH can be used. --field-separator-char=\x1F
would represent the character right before the space (space is 0x20)
--fix-state-delay=N only determine the wordlist offset every N times
This is an optimization which helps on some systems. This just
limits the number of times that the ftell() call is performed.
The one side effect, is that if john is aborted, and restarted, it
may redo more tests. Thus, the use of this option is only acceptable
and desirable for fast hash types (e.g., raw MD5).
--nolog turns off john.log file
This will turn off creation, or updating to the john.log file (which may
have a different name if the --session=NAME flag was used.) Often the
logging is not wanted, and this log file can often become very large
(such as working with many 'fast' rules on a fast format). The log file
is often used to check what work has been done, but if this will not be
needed, and the log file is simply going to be deleted when done, then
running in --nolog mode may be used.
Additional utilities.
There are some related utilities in John's run directory:
unshadow PASSWORD-FILE SHADOW-FILE
Combines the "passwd" and "shadow" files (when you already have access
to both) for use with John. You might need this since if you only
used your shadow file, the "Full Name" or "GECOS" information wouldn't
be used by the "single crack" mode (thus reducing its efficiency) and
you wouldn't be able to use the "--groups" and "--shells" options and
to select by UID with "--users". You probably also want to see all of
the passwd file fields with "--show".
You'll usually want to redirect the output of "unshadow" to a file
which you then pass to John.
unafs DATABASE-FILE CELL-NAME
Gets password hashes out of the binary AFS database and produces
output usable by John (you should redirect the output to a file).
unique OUTPUT-FILE
Removes duplicates from a wordlist (read from stdin) without changing
the order of entries. You might want to use this with John's
"--stdout" option if you've got a lot of disk space to trade for the
reduced cracking time (on possibly trying some duplicates as they
might be produced with word mangling rules).
This program has been updated. It is faster, it now can 'cut' the
lines (in a couple of ways), and can unique the files data, AND also
unique it against an existing file.
mailer PASSWORD-FILE
A shell script to send mail to all the users who got weak passwords.
You should edit the message inside the script before using it.
Based on (and modified in the jumbo patch):
$Owl: Owl/packages/john/john/doc/OPTIONS,v 1.9 2011/04/27 18:02:49 solar Exp $

137
data/john/doc/README
View File

@ -1,137 +0,0 @@
John the Ripper password cracker.
John the Ripper is a fast password cracker, currently available for
many flavors of Unix (11 are officially supported, not counting
different architectures), DOS, Win32, BeOS, and OpenVMS (the latter
requires a contributed patch). Its primary purpose is to detect weak
Unix passwords. Besides several crypt(3) password hash types most
commonly found on various Unix flavors, supported out of the box are
Kerberos/AFS and Windows LM hashes, plus many more with contributed
patches.
How to install.
See INSTALL for information on installing John on your system.
How to use.
To run John, you need to supply it with some password files and
optionally specify a cracking mode, like this, using the default order
of modes and assuming that "passwd" is a copy of your password file:
john passwd
or, to restrict it to the wordlist mode only, but permitting the use
of word mangling rules:
john --wordlist=password.lst --rules passwd
Cracked passwords will be printed to the terminal and saved in the
file called $JOHN/john.pot (in the documentation and in the
configuration file for John, "$JOHN" refers to John's "home
directory"; which directory it really is depends on how you installed
John). The $JOHN/john.pot file is also used to not load password
hashes that you already cracked when you run John the next time.
To retrieve the cracked passwords, run:
john --show passwd
While cracking, you can press any key for status, or Ctrl-C to abort
the session saving its state to a file ($JOHN/john.rec by default).
If you press Ctrl-C for a second time before John had a chance to
handle your first Ctrl-C, John will abort immediately without saving.
By default, the state is also saved every 10 minutes to permit for
recovery in case of a crash.
To continue an interrupted session, run:
john --restore
These are just the most essential things you can do with John. For
a complete list of command line options and for more complicated usage
examples you should refer to OPTIONS and EXAMPLES, respectively.
Please note that "binary" (pre-compiled) distributions of John may
include alternate executables instead of just "john". You may need to
choose the executable which fits your system best, e.g. "john-mmx" to
take advantage of MMX acceleration.
Features and performance.
John the Ripper is designed to be both feature-rich and fast. It
combines several cracking modes in one program and is fully
configurable for your particular needs (you can even define a custom
cracking mode using the built-in compiler supporting a subset of C).
Also, John is available for several different platforms which enables
you to use the same cracker everywhere (you can even continue a
cracking session which you started on another platform).
Out of the box, John supports (and autodetects) the following Unix
crypt(3) hash types: traditional DES-based, "bigcrypt", BSDI extended
DES-based, FreeBSD MD5-based (also used on Linux and in Cisco IOS), and
OpenBSD Blowfish-based (now also used on some Linux distributions and
supported by recent versions of Solaris). Also supported out of the box
are Kerberos/AFS and Windows LM (DES-based) hashes.
When running on Linux distributions with glibc 2.7+, John 1.7.6+
additionally supports (and autodetects) SHA-crypt hashes (which are
actually used by recent versions of Fedora and Ubuntu), with optional
OpenMP parallelization (requires GCC 4.2+, needs to be explicitly
enabled at compile-time by uncommenting the proper OMPFLAGS line near
the beginning of the Makefile).
Similarly, when running on recent versions of Solaris, John 1.7.6+
supports and autodetects SHA-crypt and SunMD5 hashes, also with
optional OpenMP parallelization (requires GCC 4.2+ or recent Sun Studio,
needs to be explicitly enabled at compile-time by uncommenting the
proper OMPFLAGS line near the beginning of the Makefile and at runtime
by setting the OMP_NUM_THREADS environment variable to the desired
number of threads).
John the Ripper Pro adds support for Windows NTLM (MD4-based) and Mac
OS X 10.4+ salted SHA-1 hashes.
Contributed patches, combined into the "jumbo patch", add support for
many more password hash types, including Windows NTLM (MD4-based)
and Mac OS X 10.4+ salted SHA-1 hashes, raw MD5 and SHA-1, arbitrary
MD5-based "web application" password hash types, hashes used by SQL
database servers (MySQL, MS SQL, Oracle) and by some LDAP servers,
several hash types used on OpenVMS, password hashes of the Eggdrop IRC
bot, and many others, as well as S/Key skeykeys files and Kerberos TGTs.
Unlike other crackers, John normally does not use a crypt(3)-style
routine. Instead, it has its own highly optimized modules for different
hash types and processor architectures. Some of the algorithms used,
such as bitslice DES, couldn't have been implemented within the crypt(3)
API; they require a more powerful interface such as the one used in
John. Additionally, there are assembly language routines for several
processor architectures, most importantly for x86-64 and x86 with SSE2.
Documentation.
The rest of documentation is located in separate files, listed here in
the recommended order of reading:
* INSTALL - installation instructions
* OPTIONS - command line options and additional utilities
* MODES - cracking modes: what they are
* CONFIG (*) - how to customize
* RULES (*) - wordlist rules syntax
* EXTERNAL (*) - defining an external mode
* EXAMPLES - usage examples - strongly recommended
* FAQ - guess
* CHANGES (*) - history of changes
* CONTACT (*) - how to contact the author or otherwise obtain support
* CREDITS (*) - credits
* LICENSE - copyrights and licensing terms
(*) most users can safely skip these.
Happy reading!
$Owl: Owl/packages/john/john/doc/README,v 1.20 2011/04/27 18:02:49 solar Exp $

154
data/john/doc/README.mpi
View File

@ -1,154 +0,0 @@
====================
PRELUDE:
====================
The original implementation was ca. 2004 by Ryan Lim as an academic
project. It was later picked up and maintained at bindshell.net, adding
fixes for the JtR 1.7 releases and various cipher patches.
In 2008, it was picked up by AoZ and stripped back down to the original
MPI-only changes to improve its compatibility with the 'jumbo' patchsets,
which had better-maintained alternate cipher support. This is often
referred to as "the mpi10 patch"
In 2010, it was extended by magnum to support all cracking modes. This
should be referred to as "the fullmpi patch" to avoid confusion. With the
exception of Markov it is far from perfect but it works just fine and
should support correct resuming in all modes. It is well tested but you
have absolutely NO guarantees.
====================
COMPILING:
====================
Unless using OMP, you should consider applying the nsk-3 patch, also known
as "Faster bitslice DES key setup".
To enable MPI in John, un-comment these two line in Makefile:
----8<--------------8<--------------8<--------------8<--------------8<----------
# Uncomment the TWO lines below for MPI (can be used together with OMP as well)
CC = mpicc -DHAVE_MPI
MPIOBJ = john-mpi.o
----8<--------------8<--------------8<--------------8<--------------8<----------
You must have an operational MPI environment prior to both compiling and
using the MPI version; configuring one is outside the scope of this
document but for a single, multi-core, host you don't need much
configuration. MPICH2 or OpenMPI seems to do the job fine, for example.
Most testing of fullmpi is now done under latest stable OpenMPI.
Debian Linux example for installing OpenMPI:
sudo apt-get install libopenmpi-dev openmpi-bin
Note that this patch works just fine together with OMP enabled as well.
When MPI is in use (with more than one process), OMP is (by default)
automatically disabled. Advanced users may want to change this setting
(change MPIOMPmutex to N in john.conf) and start one MPI node per
multi-core host, letting OMP do the rest. Warnings are printed; these
can be muted in john.conf too.
====================
USAGE:
====================
Typical invocation is as follows:
mpiexec -np 4 ./john --incremental passwd
The above will launch four parallel processes that will split the
Incremental keyspace in a more-or-less even fashion. If you run it to
completion, some nodes will however finish very early due to how this
mode is implemented, decreasing the overall performance. This problem
gets much worse with a lot of nodes.
In MARKOV mode, the range is automatically split evenly across the nodes,
just like you could do manually. This does not introduce any overhead,
assuming job runs to completion - and also assuming your MPI compiler
behaves.
The single and wordlist modes scale fairly well and cleartexts will not be
tried by more than one node (except when different word + rule combinations
result in the same candidate, but that problem is not MPI specific).
In SINGLE mode, and sometimes in Wordlist mode (see below), john will
distribute (actually leapfrog) the rules (after preprocessor expansion).
This works very well but will not likely result in a perfectly even
workload across nodes.
WORDLIST mode with rules will work the same way. Without rules, or when
rules can't be split across the nodes, john will distribute (again, it
really just leapfrogs) the words instead. This is practically the same as
using the External:Parallel example filter in john.conf, but much more user
friendly.
If the --mem-file-size parameter (default 5000000) will allow the file to
be loaded in memory, this will be preferred and each node will only load
its own share of words. In this case, there is no further leapfrogging and
no other overhead. Note that the limit is per node, so using the default
and four nodes, a 16 MB file WILL be loaded to memory, with 4 MB on each
node.
You can override the leapfrogging selection. This is debug code really and
should eventually be replace by proper options:
--mem-file-size=0 (force split loading, no leapfrog)
--mem-file-size=1 (force leapfrogging of words)
--mem-file-size=2 (force leapfrogging of rules)
In EXTERNAL mode, john will distribute candidates in the same way as in
Wordlist mode without rules. That is, all candidates will be produced on
all nodes, and then skipped by all nodes but one. This is the mode where
the fullmpi patch performs worst. When attacking very fast formats, this
scales VERY poorly.
You may send a USR1 signal to the parent MPI process (or HUP to all
individual processes) to cause the subprocesses to print out their status.
Be aware that they may not appear in order, because they blindly share the
same terminal.
skill -USR1 -c mpiexec
Another approach would be to do a normal status print. This must be done
with mpiexec and using the same -np as used for starting the job:
mpiexec -np 4 ./john --status
Which will dump the status of each process as recorded in the .rec files.
This way you also get a line with total statistics.
====================
CAVEATS:
====================
- This implementation does not account for heterogeneous clusters or nodes
that come and go.
- In interest of cooperating with other patches, benchmarking is less
accurate. Specifically, it assumes all participant cores are the same
as the fastest.
- Benchmark virtual c/s will appear inflated if launching more processes
than cores available. It will basically indicate what the speed would be
with that many real cores.
- There is no inter-process communication of cracked hashes yet. This means
that if one node cracks a hash, all other nodes will continue to waste
time on it. The current workaround is aborting and restarting the jobs
regularly. This also means that you may have to manually stop some or all
nodes after all hashes are cracked.
- Aborting a job using ctrl-c will often kill all nodes without updating
state files and logs. I have tried to mitigate this but it is still a
good idea to send a -USR1 to the parent before killing them. You should
lower the SAVE parameter in john.conf to 60 (seconds) if running MPI,
this will be the maximum time of repeated work after restarting.
============================================================
Following is the verbatim original content of this file:
============================================================
This distribution of John the Ripper (1.6.36) requires MPI to compile.
If you don't have MPI, download and install it before proceeeding.
Any bugs, patches, comments or love letters should be sent to
jtr-mpi@hash.ryanlim.com. Hate mail, death threates should be sent to
/dev/null.
Enjoy.
--
Ryan Lim <jtr-mpi@hash.ryanlim.com>

295
data/john/doc/RULES
View File

@ -1,295 +0,0 @@
Wordlist rules syntax.
Each wordlist rule consists of optional rule reject flags followed by
one or more simple commands, listed all on one line and optionally
separated with spaces. There's also a preprocessor, which generates
multiple rules for a single source line. Below you will find
descriptions of the rule reject flags, the rule commands (many of them
are compatible with those of Crack 5.0a), and the preprocessor syntax.
Rule reject flags.
-: no-op: don't reject
-c reject this rule unless current hash type is case-sensitive
-8 reject this rule unless current hash type uses 8-bit characters
-s reject this rule unless some password hashes were split at loading
-p reject this rule unless word pair commands are currently allowed
-u reject this rule unless the --utf8 flag is used
-U reject this rule if the --utf8 flag is used
Numeric constants and variables.
Numeric constants may be specified and variables referred to with the
following characters:
0...9 for 0...9
A...Z for 10...35
* for max_length
- for (max_length - 1)
+ for (max_length + 1)
a...k user-defined numeric variables (with the "v" command)
l initial or updated word's length (updated whenever "v" is used)
m initial or memorized word's last character position
p position of the character last found with the "/" or "%" commands
z "infinite" position or length (beyond end of word)
Here max_length is the maximum plaintext length supported for the
current hash type.
These may be used to specify character positions, substring lengths, and
other numeric parameters to rule commands as appropriate for a given
command. Character positions are numbered starting with 0. Thus, for
example, the initial value of "m" (last character position) is one less
than that of "l" (length).
Character classes.
?? matches "?"
?v matches vowels: "aeiouAEIOU"
?c matches consonants: "bcdfghjklmnpqrstvwxyzBCDFGHJKLMNPQRSTVWXYZ"
?w matches whitespace: space and horizontal tabulation characters
?p matches punctuation: ".,:;'?!`" and the double quote character
?s matches symbols "$%^&*()-_+=|\<>[]{}#@/~"
?l matches lowercase letters [a-z]
?u matches uppercase letters [A-Z]
?d matches digits [0-9]
?a matches letters [a-zA-Z]
?x matches letters and digits [a-zA-Z0-9]
?z matches all characters
?b matches characters with 8th bit set (mnemonic "b for binary")
The complement of a class can be specified by uppercasing its name. For
example, "?D" matches everything but digits.
Simple commands.
: no-op: do nothing to the input word
l convert to lowercase
u convert to uppercase
c capitalize
C lowercase the first character, and uppercase the rest
t toggle case of all characters in the word
TN toggle case of the character in position N
r reverse: "Fred" -> "derF"
d duplicate: "Fred" -> "FredFred"
f reflect: "Fred" -> "FredderF"
{ rotate the word left: "jsmith" -> "smithj"
} rotate the word right: "smithj" -> "jsmith"
$X append character X to the word
^X prefix the word with character X
String commands.
AN"STR" insert string STR into the word at position N
To append a string, specify "z" for the position. To prefix the word
with a string, specify "0" for the position.
Although the use of the double-quote character is good for readability,
you may use any other character not found in STR instead. This is
particularly useful when STR contains the double-quote character.
There's no way to escape your quotation character of choice within a
string (preventing it from ending the string and the command), but you
may achieve the same effect by specifying multiple commands one after
another. For example, if you choose to use the forward slash as your
quotation character, yet it happens to be found in a string and you
don't want to reconsider your choice, you may write "Az/yes/$/Az/no/",
which will append the string "yes/no". Of course, it is simpler and
more efficient to use, say, "Az,yes/no," for the same effect.
Length control commands.
<N reject the word unless it is less than N characters long
>N reject the word unless it is greater than N characters long
'N truncate the word at length N
English grammar commands.
p pluralize: "crack" -> "cracks", etc. (lowercase only)
P "crack" -> "cracked", etc. (lowercase only)
I "crack" -> "cracking", etc. (lowercase only)
Insert/delete commands.
[ delete the first character
] delete the last character
DN delete the character in position N
xNM extract substring from position N for up to M characters
iNX insert character X in position N and shift the rest right
oNX overstrike character in position N with character X
Also see the "X" command (extract and insert substring) under "Memory
access commands" below.
Note that square brackets ("[" and "]") are special characters to the
preprocessor: you should escape them with a backslash ("\") if using
these commands.
Charset conversion commands.
S shift case: "Crack96" -> "cRACK(^"
V lowercase vowels, uppercase consonants: "Crack96" -> "CRaCK96"
R shift each character right, by keyboard: "Crack96" -> "Vtsvl07"
L shift each character left, by keyboard: "Crack96" -> "Xeaxj85"
Memory access commands.
M memorize the word (for use with "Q", "X", or to update "m")
Q query the memory and reject the word unless it has changed
XNMI extract substring NM from memory and insert into current word at I
If "Q" or "X" are used without a preceding "M", they read from the
initial "word". In other words, you may assume an implied "M" at the
start of each rule, and there's no need to ever start a rule with "M"
(that "M" would be a no-op). The only reasonable use for "M" is in the
middle of a rule, after some commands have possibly modified the word.
The intended use for the "Q" command is to help avoid duplicate
candidate passwords that could result from multiple similar rules. For
example, if you have the rule "l" (lowercase) somewhere in your ruleset
and you want to add the rule "lr" (lowercase and reverse), you could
instead write the latter as "lMrQ" in order to avoid producing duplicate
candidate passwords for palindromes.
The "X" command extracts a substring from memory (or from the initial
word if "M" was never used) starting at position N (in the memorized or
initial word) and going for up to M characters. It inserts the
substring into the current word at position I. The target position may
be "z" for appending the substring, "0" for prefixing the word with it,
or it may be any other valid numeric constant or variable. Some example
uses, assuming that we're at the start of a rule or after an "M", would
be "X011" (duplicate the first character), "Xm1z" (duplicate the last
character), "dX0zz" (triplicate the word), "<4X011X113X215" (duplicate
every character in a short word), ">9x5zX05z" (rotate long words left by
5 characters, same as ">9{{{{{" but faster due to fewer commands),
">9vam4Xa50'l" (rotate right by 5 characters, same as ">9}}}}}").
Numeric commands.
vVNM update "l" (length), then subtract M from N and assign to variable V
V must be one of "a" through "k". N and M may be any valid numeric
constants or initialized variables. It is OK to refer to the same
variable in the same command more than once, even three times. For
example, "va00" and "vaaa" will both set the variable "a" to zero (but
the latter will require "a" to have been previously initialized),
whereas "vil2" will set the variable "i" to the current word's length
minus 2. If "i" is then used as a character position before the word is
modified further, it will refer to the second character from the end.
It is OK for intermediate variable values to become negative, but such
values should not be directly used as positions or lengths. For
example, if we follow our "vil2" somewhere later in the same rule with
"vj02vjij", we'll set "j" to "i" plus 2, or to the word's length as of
the time of processing of the "vil2" command earlier in the rule.
Character class commands.
sXY replace all characters X in the word with Y
s?CY replace all characters of class C in the word with Y
@X purge all characters X from the word
@?C purge all characters of class C from the word
!X reject the word if it contains character X
!?C reject the word if it contains a character in class C
/X reject the word unless it contains character X
/?C reject the word unless it contains a character in class C
=NX reject the word unless character in position N is equal to X
=N?C reject the word unless character in position N is in class C
(X reject the word unless its first character is X
(?C reject the word unless its first character is in class C
)X reject the word unless its last character is X
)?C reject the word unless its last character is in class C
%NX reject the word unless it contains at least N instances of X
%N?C reject the word unless it contains at least N characters of class C
Extra "single crack" mode commands.
When defining "single crack" mode rules, extra commands are available
for word pairs support, to control if other commands are applied to the
first, the second, or to both words:
1 first word only
2 second word only
+ the concatenation of both (should only be used after a "1" or "2")
If you use some of the above commands in a rule, it will only process
word pairs (e.g., full names from the GECOS field) and reject single
words. A "+" is assumed at the end of any rule that uses some of these
commands, unless you specify it manually. For example, "1l2u" will
convert the first word to lowercase, the second one to uppercase, and
use the concatenation of both. The use for a "+" might be to apply some
more commands: "1l2u+r" will reverse the concatenation of both words,
after applying some commands to them separately.
The rule preprocessor.
The preprocessor is used to combine similar rules into one source line.
For example, if you need to make John try lowercased words with digits
appended, you could write a rule for each digit, 10 rules total. Now
imagine appending two-digit numbers - the configuration file would get
large and ugly.
With the preprocessor you can do these things easier. Simply write one
source line containing the common part of these rules followed by the
list of characters you would have put into separate rules, in square
brackets (the way you would do in a regexp). The preprocessor will then
generate the rules for you (at John startup for syntax checking, and
once again while cracking, but never keeping all of the expanded rules
in memory). For the examples above, the source lines will be "l$[0-9]"
(lowercase and append a digit) and "l$[0-9]$[0-9]" (lowercase and append
two digits). These source lines will be expanded to 10 and 100 rules,
respectively. By the way, preprocessor commands are processed
right-to-left while character lists are processed left-to-right, which
results in natural ordering of numbers in the above examples and in
other typical cases. Note that arbitrary combinations of character
ranges and character lists are valid. For example, "[aeiou]" will use
vowels, whereas "[aeiou0-9]" will use vowels and digits. If you need to
have John try vowels followed by all other letters, you can use
"[aeioua-z]" - the preprocessor is smart enough not to produce duplicate
rules in such cases (although this behavior may be disabled with the
"\r" magic escape sequence described below).
There are some special characters in rules ("[" starts a preprocessor
character list, "-" marks a range inside the list, etc.) You should
prefix them with a backslash ("\") if you want to put them inside a rule
without using their special meaning. Of course, the same applies to "\"
itself. Also, if you need to start a preprocessor character list at the
very beginning of a line, you'll have to prefix it with a ":" (the no-op
rule command), or it would be treated as a new section start.
Finally, the preprocessor supports some magic escape sequences. These
start with a backslash and use characters that you would not normally
need to escape. In the following paragraph describing the escapes, the
word "range" refers to a single instance of a mix of character lists
and/or ranges placed in square brackets as illustrated above.
Currently supported are "\1" through "\9" for back-references to prior
ranges (these will be substituted by the same character that is
currently substituted for the referenced range, with ranges numbered
from 1, left-to-right), "\0" for back-reference to the immediately
preceding range, "\p" before a range to have that range processed "in
parallel" with preceding ranges, "\p1" through "\p9" to have the range
processed "in parallel" with the specific referenced range, "\p0" to
have the range processed "in parallel" with the immediately preceding
range, and "\r" to allow the range to produce repeated characters. The
"\r" escape is only useful if the range is "parallel" to another one or
if there's at least one other range "parallel" to this one, because you
should not want to actually produce duplicate rules.
Please refer to the default configuration file for John the Ripper for
many example uses of the features described in here.
$Owl: Owl/packages/john/john/doc/RULES,v 1.11 2010/02/26 01:13:37 solar Exp $

58
data/john/doc/UTF8
View File

@ -1,58 +0,0 @@
This version of John is UTF-8 aware, using a new option flag. In short,
this flag says "my wordlists and input files are encoded in UTF-8" and
it can be used without knowing if the particular format is affected or
not.
Without this support, John will assume ISO-8859-1 when converting
plaintexts or salts to UTF-16. This affects many Microsoft formats
like NT, mscash and mssql. Other formats, like DES or MD5 are never
doing such conversion, so you would just use wordlists encoded in the
same format as the hashes once were generated in. The --utf8 flag is
supported for such formats too, but will only affect the new reject
rules, see below.
To enable UTF-8 conversion, just add the --utf8 flag. This will affect
not only wordlist files, but also salts, usernames (when used as salt)
and any info used by --single. You can also test all the UTF-8 aware
formats at once using "john --test --utf8"
To convert a wordlist to UTF-8, use iconv(1):
$ iconv -f koi8r -t utf-8 cslang >cslang.utf8
You can convert from/to a large number of formats, see iconv's man page.
Two new reject rules are implemented:
-u reject rule unless the --utf8 flag is used
-U reject rule if the --utf8 flag is used
Note that this can be used to enable/disable certain rules even for
formats that does not use UTF-16 internally (eg. raw md5 of utf-8
plaintexts).
A new character class is also implemented, ?b (b for binary). It matches
8-bit characters. This can be used with or without the UTF-8 support.
Caveats:
- UTF-8 conversion is often slower than the default ISO-8859-1 one, so
it's advisable to only use this when you have to. That is, when your
wordlist contains characters not included in ISO-8859-1.
- Some wordlist rules may cut UTF-8 multibyte sequences in the middle,
resulting in garbage. You can reject such rules with -U to have them in
use only when --utf8 is not used.
- Beware of UTF-8 BOM's. Do not use them (they will cripple the first word
in your wordlist, that's all).
--
These contributions to John are hereby placed in the public domain. In
case that is not applicable, they are Copyright 2009, 2010, 2011 by me and
hereby released to the general public. Redistribution and use in source
and binary forms, with or without modification, is permitted.
magnum

71
data/john/doc/UTF8-DEVEL.txt
View File

@ -1,71 +0,0 @@
These are "public" functions that can be used for supporting UTF-8 in your
own formats for JtR. All are put in unicode.c.
If you are not aware of UCS-2, just consider it a synonym to UTF-16. For our
purposes, they are the same.
Convert from ISO-8859-1 or UTF-8 to UTF-16LE:
=============================================
Source format depends on --utf8 flag given to john when running.
If length is exceeded or malformed data is found, it will return a negative
number telling you how much of the source that was read. That is, a return
code of -32 means you have an UNKNOWN number of characters of UCS-2 [use
strlen16()] in the destination buffer and you should truncate your
"saved_plain" (if applicable) at 32.
#include "unicode.h"
int plaintowcs(UTF16 *dst, int maxdstlen, const UTF8 *src, int srclen);
Convert UTF-8 to UTF-16LE:
==========================
Always from UTF-8. This is optimised for speed. If length is exceeded or
malformed data is found, it will return a negative number telling you how much
of the source that was read. That is, a return code of -32 means you have an
UNKNOWN number of characters of UCS-2 [use strlen16()] in the destination
buffer and you should truncate your "saved_plain" at 32.
#include "unicode.h"
int utf8towcs(UTF16 *target, int maxtargetlen,
const UTF8 *source, int sourcelen);
Convert UTF-16LE to UTF-8:
==========================
Currently used in NT_fmt.c in order to avoid using a saved_plain buffer.
#include "unicode.h"
extern char * utf16toutf8 (const UTF16* source);
Return length (in characters) of a UTF16 string:
================================================
Number of octets is the result * sizeof(UTF16)
#include "unicode.h"
int strlen16(const UTF16 *str);
Create an NT hash:
==================
This will convert from ISO-8859 or UTF-8 depending on the --utf8 option. The
function will use Alain's fast NT hashing if length is <= 27 characters,
otherwise it will use Solar's MD4. Lengths up to MAX_PLAINTEXT_LENGTH is thus
supported with no hassle for you. If length is exceeded or malformed data is
found, it will return a negative number telling you how much of the source
that was read. That is, a return code of -32 means you should truncate your
"saved_plain" at 32.
#include "unicode.h"
int E_md4hash(const UTF8 *passwd, int len, unsigned char *p16);
NOTE that there are more functions available in ConvertUTF.c.original
(ConvertUTF.h.original) and if we need any of them, we should copy them to
unicode.c/h and simplify/optimize them.

48
data/john/doc/pdfcrack_README
View File

@ -1,48 +0,0 @@
Code and documentation are copyright 2006-2008 Henning Norén
Parts of pdfcrack.c and md5.c is derived/copied/inspired from
xpdf/poppler and are copyright 1995-2006 Glyph & Cog, LLC.
The PDF data structures, operators, and specification are
copyright 1985-2006 Adobe Systems Inc.
Project page: http://sourceforge.net/projects/pdfcrack/
pdfcrack is a simple tool for recovering passwords from pdf-documents.
It should be able to handle all pdfs that uses the standard security handler
but the pdf-parsing routines are a bit of a quick hack so you might stumble
across some pdfs where the parser needs to be fixed to handle.
Type 'make' (or 'gmake' if you have BSD-make as default) to build the program.
You will need to have GNU Make and a recent version of GCC installed but there
are no external dependencies on libraries.
You will have to add the -march-switch in the CFLAGS-option in Makefile
for best optimization on your platform. Look into the GCC-manual
(http://gcc.gnu.org/onlinedocs/) if you are unsure.
The program is distributed under GPL version 2 (or later).
Features available in this release (check TODO for features that might come):
* Both owner- and user-passwords with the Standard Security Handler, rev 2 & 3.
* Search by wordlist
* Search by bruteforcing with specific charset
* Optimized search for owner-password when user-password is known (or empty)
* Extremely simple permutations of passwords (makes first letter uppercase)
- currently only useful for bruteforcing with charsets:
* Auto-save when interrupted (Ctrl-C or send SIGINT to the process)
* Loading saved state
- currently only for bruteforcing with charsets:
* Minimum length of password to start at
* Maximum length of password to try
Sort your wordlist by length for best performance and consider that almost
all passwords in PDFs are in iso latin 1 so use the correct character encoding
in your terminal and/or wordlist when using special characters.
This tool can not decrypt a Password Protected PDF.
Look up the pdftk toolkit which can do that, when you know the password.

26
data/john/doc/pdfcrack_TODO
View File

@ -1,26 +0,0 @@
Replace pdfparser with a more robust and complete parsing of a PDF
Optimize the crack and crypto-routines for greater performance
Add support for third-party security handlers
Add real permutation-support. Maybe John the Ripper could be a
source of inspiration?
Add support for masked passwords, when we already knows parts of the password
Furthermore:
Replace pdfparser with a complete representation of the structure of a
PDF-file that can be used to find information and more importantly, can be
written out again to a file.
For this we need to understand/represent objects (indirect and direct), the
file structure (lineraized and standard) and xreftables with trailers.
We need to be able to update/fix the xreftables when writing it.
We also need support for LZM-compression that is used for many streams.
When the above item is done there is nothing stopping us from adding complete
RC4-keyspace search and decrypt without having to bother cracking the
passwords. An example of this search can be viewed at:
http://www.upl.cs.wisc.edu/~hamblin/files/rc4_single_brute.c

BIN
data/john/run.linux.x64.mmx/all.chr
View File

Binary file not shown.

BIN
data/john/run.linux.x64.mmx/alnum.chr
View File

Binary file not shown.

BIN
data/john/run.linux.x64.mmx/alpha.chr
View File

Binary file not shown.

BIN
data/john/run.linux.x64.mmx/calc_stat
View File

Binary file not shown.

BIN
data/john/run.linux.x64.mmx/digits.chr
View File

Binary file not shown.

78
data/john/run.linux.x64.mmx/genincstats.rb
View File

@ -1,78 +0,0 @@
#!/usr/bin/ruby -w
require 'getoptlong'
def help
puts "Usage: #{$0} [options]"
puts "\t-h --help\t\tthis help."
puts "\t-f --file\t\toutput file."
puts "\t-n --num\t\tcharset: 0123456789"
puts "\t-a --alpha\t\tcharset: abcdefghijklmnopqrstuvwxyz"
puts "\t-A --alphamaj\t\tcharset: ABCDEFGHIJKLMNOPQRSTUVWXYZ"
puts "\t-l --alphanum\t\tcharset: alpha + num"
puts "\t-l --alphanummaj\tcharset: alpha + alphamaj + num"
puts "\t-s --all\t\tcharset: alpha + alphamaj + num + !@#$+=.*"
puts "\t-c --custom"
puts "\nExample:\n"
puts "#{$0} -f stats -s"
puts "#{$0} -f stats -c \"0123abc+=\""
exit
end
ch_alpha = 'abcdefghijklmnopqrstuvwxyz'
ch_num = '0123456789'
ch_sp = '!@#$+=.*'
opts = GetoptLong.new(
[ '--help', '-h', GetoptLong::NO_ARGUMENT ],
[ '--file', '-f', GetoptLong::OPTIONAL_ARGUMENT],
[ '--all', '-s', GetoptLong::NO_ARGUMENT],
[ '--num', '-n', GetoptLong::NO_ARGUMENT],
[ '--alpha', '-a', GetoptLong::NO_ARGUMENT ],
[ '--alphamaj', '-A', GetoptLong::NO_ARGUMENT ],
[ '--alphanum', '-l', GetoptLong::NO_ARGUMENT ],
[ '--alphanummaj', '-L', GetoptLong::NO_ARGUMENT ],
[ '--custom', '-c', GetoptLong::OPTIONAL_ARGUMENT ]
)
charset = nil
filename = "stats_out"
opts.each do |opt, arg|
case opt
when '--help'
help
when '--file'
filename = arg
when '--num'
charset = ch_num
when '--alpha'
charset = ch_alpha
when '--alphamaj'
charset = ch_alpha.capitalize
when '--alphanum'
charset = ch_alpha + ch_num
when '--alphanummaj'
charset = ch_alpha.capitalize + ch_num
when '--all'
charset = ch_alpha + ch_alpha.capitalize + ch_num + ch_sp
when '--custom'
charset = arg
end
end
if charset == nil
help
end
fstat = File.open(filename, "w")
charset.each_byte do |c|
fstat.write("1=proba1[#{c.to_s}]\n")
charset.each_byte do |tmp|
fstat.write("1=proba2[#{c.to_s}*256+#{tmp.to_s}]\n")
end
end
fstat.close

BIN
data/john/run.linux.x64.mmx/genmkvpwd
View File

Binary file not shown.

BIN
data/john/run.linux.x64.mmx/john
View File

Binary file not shown.

BIN
data/john/run.linux.x64.mmx/lanman.chr
View File

Binary file not shown.

25
data/john/run.linux.x64.mmx/ldif2pw.pl
View File

@ -1,25 +0,0 @@
#!/usr/bin/perl
$i=1;
while(<>) {
chomp;
if(/^$/) {
if($object{"uid"} ne "") {
print $object{"uid"}.":";
print $object{"userPassword"} ne "" ? $object{"userPassword"} : "*";
print ":";
print $i.":";
print $i.":";
print $object{"cn"}.":";
print $object{"homeDirectory"} ne "" ? $object{"homeDirectory"} : "/";
print ":/bin/sh\n";
}
%object = ();
$i++;
next;
}
($lhs, $rhs) = split(/: /);
$object{$lhs} = $rhs;
}

41
data/john/run.linux.x64.mmx/mailer
View File

@ -1,41 +0,0 @@
#!/bin/sh
#
# This file is part of John the Ripper password cracker,
# Copyright (c) 1996-98 by Solar Designer
#
if [ $# -ne 1 ]; then
echo "Usage: $0 PASSWORD-FILE"
exit 0
fi
# There's no need to mail users with these shells
SHELLS=-,/bin/false,/dev/null,/bin/sync
# Look for John in the same directory with this script
DIR="`echo "$0" | sed 's,/[^/]*$,,'`"
# Let's start
$DIR/john -show "$1" -shells:$SHELLS | sed -n 's/:.*//p' |
(
SENT=0
while read LOGIN; do
echo Sending mail to "$LOGIN"...
# You'll probably want to edit the message below
mail -s 'Bad password' "$LOGIN" << EOF
Hello!
Your password for account "$LOGIN" is insecure. Please change it as soon
as possible.
Yours,
Password Checking Robot.
EOF
SENT=$(($SENT+1))
done
echo $SENT messages sent
)

BIN
data/john/run.linux.x64.mmx/mkvcalcproba
View File

Binary file not shown.

262
data/john/run.linux.x64.mmx/netntlm.pl
View File

@ -1,262 +0,0 @@
#!/usr/bin/perl
#
#####################################################################
#
# Written by JoMo-Kun <jmk at foofus.net> in 2007
# and placed in the public domain.
#
# The purpose of this script is to aid with cracking a LM/NTLM
# challenge/response set, when part of the password is known. It
# was written with John's NetLM/NetNTLM formats and "halflmchall"
# Rainbow Tables in mind.
#
# Example Scenario:
# Let's assume you've captured LM/NTLM challenge/response set for
# the password Cricket88!. You may be able to crack the first part
# (i.e. CRICKET) using "Half LM" Rainbow Tables. This script will
# use that value as a seed and attempt to crack the second part
# (i.e. "88!") via an incremental brute. It'll then use the NetNTLM
# response hash to crack the case-sensitive version of the entire
# password.
#
#####################################################################
use Getopt::Long;
my $VERSION = "0.2";
my %opt;
my %data;
my $JOHN = "john";
GetOptions (
'seed=s' => \$opt{'seed'},
'file=s' => \$opt{'file'},
'help|h' => sub { ShowUsage(); },
);
sub showUsage {
print "john-netntlm.pl v$VERSION\n\n";
print "JoMo-Kun <jmk\@foofus.net>\n\n";
print "Usage: $0 [OPTIONS]\n";
print " $0\n";
print " --seed [RainbowCrack/HalfLM Response Password]\n";
print " --file [File Containing LM/NTLM challenge/responses (.lc format)]\n";
print " Ex: Domain\\User:::LM response:NTLM response:challenge";
print "\n";
print " Ex:\n";
print " $0 --file capture.lc\n";
print " $0 --seed \"GERGE!!\"--file capture.lc\n";
print "\n";
exit(1);
}
# Main
{
if ( !defined($opt{'file'}) ) { &showUsage; }
# Parse accounts to audit
open(HAND, $opt{'file'}) || die("Failed to open response file: $opt{'file'} -- $!");
@{ $data{'pairs'} } = <HAND>;
close(HAND);
# Load information for any accounts previous cracked
print STDERR "\n\n";
print STDERR "###########################################################################################\n";
open (HAND, "$JOHN -format:netlm -show $opt{'file'} |") || die("Failed to execute john: $!");
print STDERR "The following LM responses have been previously cracked:\n";
while(<HAND>) {
next if ( /\d+ password hashes cracked, \d+ left/ );
last if /^$/;
print "\t$_";
push @{ $data{'cracked-lm'} }, $_;
}
close(HAND);
print STDERR "\nThe following NTLM responses have been previously cracked:\n";
open (HAND, "$JOHN -format:netntlm -show $opt{'file'} |") || die("Failed to execute john: $!");
while(<HAND>) {
next if ( /\d+ password hashes cracked, \d+ left/ );
last if /^$/;
print "\t$_";
push @{ $data{'cracked-ntlm'} }, $_;
}
close(HAND);
mkdir("/tmp/john.$$") || die;
my $tmpconf = &createConf();
my $tmpsession = "/tmp/john.$$/john.session";
my $tmpsessionlog = "/tmp/john.$$/john.session.log";
my $tmplog = "/tmp/john.$$/john.log";
#print STDERR "Created temporary configuration file: $tmpconf\n";
# Crack case-sensitive version of password
my $tmpdict = "/tmp/john.$$/john.dict";
#print STDERR "Created temporary dictionary file: $tmpdict\n";
foreach $credential_set ( @{ $data{'cracked-lm'} } ) {
my ($account,$lmpass,$bar,$netlm,$netntlm,$chall) = split(/:/, $credential_set);
next if ( grep(/^$account:/i, @{ $data{'cracked-ntlm'} }) );
print STDERR "\n\n";
print STDERR "###########################################################################################\n";
print STDERR "Performing NTLM case-sensitive crack for account: $account.\n";
open(HAND, ">$tmpdict") || die("Failed to option file: $tmpdict -- $!");
print HAND "$lmpass";
close(HAND);
open (HAND, "$JOHN -format:netntlm -config:$tmpconf -wordlist:$tmpdict -rules -user:\"$account\" -session:$tmpsession $opt{'file'} |") || die("Failed to execute john: $!");
while(<HAND>) { print; }
close(HAND);
unlink $tmpdict || warn("Failed to unlink $tmpdict -- $!");
}
print STDERR "\n\n";
print STDERR "###########################################################################################\n";
print STDERR "Isolating accounts which have only had their LM response cracked.\n";
foreach $credential_set ( @{ $data{'pairs'} } ) {
$credential_set =~ s/\\/\\\\/g;
my ($account,$foo,$bar,$netlm,$netntlm,$chall) = split(/:/, $credential_set);
if (lc($netlm) eq lc($netntlm)) {
print STDERR "LM response is not unique from NTLM response (skipping):\n\t$credential_set\n";
push @{ $data{'pairs-ntlm'} }, $credential_set;
}
elsif ( @cracked = grep(/^$account:/i, @{ $data{'cracked-ntlm'} }) ) {
print STDERR "Account $account NTLM response previously cracked.\n";
#print "@cracked";
}
else {
print STDERR "Account $account LM response added to cracking list.\n";
push @{ $data{'pairs-lm'} }, $credential_set;
}
}
if ( defined($opt{'seed'}) ) {
print STDERR "\n\n";
print STDERR "###########################################################################################\n";
print STDERR "Testing seed password to determine whether it is the actual password.\n";
open(HAND, ">$tmpdict") || die("Failed to option file: $tmpdict -- $!");
print HAND $opt{'seed'};
close(HAND);
open (HAND, "$JOHN -format:netntlm -config:$tmpconf -wordlist:$tmpdict -rules -session:$tmpsession $opt{'file'} |") || die("Failed to execute john: $!");
while(<HAND>) {
print;
next if (/^guesses: .*time: / || (/^Loaded .* password hash /) || (/^No password hashes loaded/));
my ($account) = $_ =~ / \((.*)\)$/;
# Remove accounts which just cracked from list
my $i = 0;
foreach $credential_set ( @{ $data{'pairs-lm'} } ) {
$account =~ s/\\/_/g;
$credential_set =~ s/\\\\/_/g;
if ( $credential_set =~ /^$account:/ ) {
splice(@{ $data{'pairs-lm'} }, $i, 1);
}
$i++;
}
}
close(HAND);
unlink $tmpdict || warn("Failed to unlink $tmpdict -- $!");
my $tmppasswd = "/tmp/john.$$/john.passwd";
open(HAND, ">$tmppasswd") || die("Failed to open $tmppasswd: $!");
print HAND @{ $data{'pairs-lm'} };
close(HAND);
print STDERR "\n\n";
print STDERR "###########################################################################################\n";
print STDERR "The hashes contained within $tmppasswd have not been cracked.\n";
print STDERR "Executing the following (this could take a while...):\n\n";
print STDERR "john -format:netlm -config:$tmpconf -external:HalfLM -incremental:LM -session:$tmpsession $tmppasswd\n";
print STDERR "\n";
print STDERR " *If the passwords successfully crack, use this script again to crack the case-sensitive password\n";
print STDERR " without feeding a seed password\n";
print STDERR"\n\n";
system("$JOHN -format:netlm -config:$tmpconf -external:HalfLM -incremental:LM -session:$tmpsession $tmppasswd");
#exec("$JOHN -format:netlm -config:$tmpconf -external:HalfLM -incremental:LM -session:$tmpsession $tmppasswd");
unlink $tmppasswd || warn("Failed to unlink $tmppasswd -- $!");
}
else {
print STDERR "\nNo seed supplied for testing.\n";
}
#print STDERR "Removing temporary files and directory\n";
unlink $tmpconf, $tmplog, $tmpsession, $tmpsessionlog || warn("Failed to unlink temporary config files -- $!");
rmdir("/tmp/john.$$") || warn("Failed to delete temporary john directory -- $!");
}
exit(0);
sub createConf {
my $tmpconf = "/tmp/john.$$/john.conf";
open(CONF, ">$tmpconf") || die("Failed to open $tmpconf: $!");
# Define character keyspace
print CONF "[Incremental:LM]\n";
print CONF "File = \$JOHN/lanman.chr\n";
print CONF "MinLen = 1\n";
# John compiled for MaxLen <= 8
if (14 - length($opt{'seed'}) > 8) {
print CONF "MaxLen = 8\n";
} else {
print CONF "MaxLen = ", 14 - length($opt{'seed'}), "\n";
}
print CONF "CharCount = 69\n\n";
# Add external filter to handle uncracked characters
if ($opt{'seed'} ne "") {
my $i; $j;
my @seed = split(//, $opt{'seed'});
print CONF "[List.External:HalfLM]\n";
print CONF "void init()\n";
print CONF "{\n";
print CONF " word[14] = 0;\n";
print CONF "}\n\n";
print CONF "void filter()\n";
print CONF "{\n";
my $len = length($opt{'seed'});
for ($i = 13, $j = 13 - $len; $i>=0; $i--) {
if ($i >= $len) {
print CONF " word[$i] = word[$j];\n";
$j--;
} else {
print CONF " word[$i] = \'$seed[$i]\';\n";
}
}
print CONF "}\n\n";
}
# Add custom wordlist to utilize NTLM hash for character case cracking
print CONF "[List.Rules:Wordlist]\n";
print CONF ":\n";
print CONF "-c T0Q\n";
print CONF "-c T1QT[z0]\n";
print CONF "-c T2QT[z0]T[z1]\n";
print CONF "-c T3QT[z0]T[z1]T[z2]\n";
print CONF "-c T4QT[z0]T[z1]T[z2]T[z3]\n";
print CONF "-c T5QT[z0]T[z1]T[z2]T[z3]T[z4]\n";
print CONF "-c T6QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]\n";
print CONF "-c T7QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]\n";
print CONF "-c T8QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]\n";
print CONF "-c T9QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]\n";
print CONF "-c TAQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]\n";
print CONF "-c TBQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]\n";
print CONF "-c TCQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]T[zB]\n";
print CONF "-c TDQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]T[zB]T[zC]\n";
close(CONF);
return $tmpconf;
}

132
data/john/run.linux.x64.mmx/netscreen.py
View File

@ -1,132 +0,0 @@
##################################################################
# Filename: netscreen.py
#
# Please note this script will now run in Python version 3.x
#
# This script will generate a netscreen formatted password
#
# This program requires two command line arguments, and works in two modes:
# Mode 1:
# The first argument is a username
# The second argument is a plaintext password
# Mode 2:
# The first argument is -f to indicate reading usernames and passwords from a file
# The second argument is the filename to read
#
# The input file should have one of the following formats (a "," or ":" separator):
# <username>,<plain-text-password>
# or
# <username>:<plain-text-password>
#
# (Don't put a "space" after the separator, unless it is part of the password)
#
# Example input file:
# admin,netscreen
# cisco:cisco
# robert,harris
#
# Output will be the username and hashed password in John the Ripper format
# If reading usernames and passwords from a file, the output file name will be: netscreen-JtR-output.txt
# If the file netscreen-JtR-output.txt exists, it will be overwritten.
#
# Version 2.04
# Updated on September 13, 2010 by Robert B. Harris from VA and Brad Tilley
# Updated to now run in Python v3.x (still works in Python 2.x)
# Additional separator for the input file. It can now have the new separator ":" (or use the old one ",")
# Now correctly handles a separator ("," or ":") in the password field when reading from a file.
# Updated help text in script
#
# Version 2.01
# Updated on August 30, 2010 by Robert B. Harris from VA
# Very minor changes, removed tab, noted it won't run in python 3.x
#
# Version 2.0
# Updated on August 12, 2010 by Robert B. Harris from VA
# Updated to use the hashlib library
# Updated to print help text if both input arguments are missing
# Updated to optionally read from a file
#
##################################################################
import sys
def net(user, password):
b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
middle = "Administration Tools"
s = "%s:%s:%s" % (user, middle, password)
# For versions of Python 2.5 and older
if sys.version_info[0] == 2 and sys.version_info[1] < 6:
import md5
m = md5.new(s).digest()
else:
import hashlib
m = hashlib.md5(s.encode('latin_1')).digest()
narray = []
for i in range(8):
if sys.version_info[0] == 2:
n1 = ord(m[2*i])
n2 = ord(m[2*i+1])
narray.append( (n1<<8 & 0xff00) | (n2 & 0xff) )
if sys.version_info[0] == 3:
n1 = ord(chr(m[2*i]))
n2 = ord(chr(m[2*i+1]))
narray.append( (n1<<8 & 0xff00) | (n2 & 0xff) )
res = ""
for i in narray:
p1 = i >> 12 & 0xf
p2 = i >> 6 & 0x3f
p3 = i & 0x3f
res = res + b64[p1] + b64[p2] + b64[p3]
for c, n in zip("nrcstn", [0, 6, 12, 17, 23, 29]):
res = res[:n] + c + res[n:]
return res
if __name__ == '__main__':
if len(sys.argv) == 3:
if (sys.argv[1])== "-f": # If true, reading from a file
in_file = (sys.argv[2]) # 2nd commandline arg is the filename to read from
input_file = open( in_file, 'r')
output_file = open ("netscreen-JtR-output.txt" , 'w')
import re
for line in input_file:
data=line.strip('\n')
if re.search(',',line):
data=data.split(',',1) # line contains ,
else:
if re.search(':',line):
data=data.split(':',1) # line contains :
else:
print ("\n\n\n")
print ("Error in input file.")
print ("The input file must have either a \",\" or \":\" separator on each line.")
print ("Also it should not contain any blank lines. Please correct the input file.")
break
username = data[0]
password = data[1]
ciphertext = net(username,password)
output_file.write ("%s:%s$%s" % (username,username,ciphertext))
output_file.write ("\n")
input_file.close()
print("\nThe output file has been created.")
output_file.close()
else: # We are not reading from a file
username = sys.argv[1]
password = sys.argv[2]
ciphertext = net(username,password)
print(("%s:%s$%s" % (username,username,ciphertext)))
else: # User did not input the required two commandline arguments
print("\n\n")
print("This program requires two commandline arguments:")
print("The first argument is a username, or -f to indicate reading from a file.")
print("The second argument is a plaintext password, or the name of the file to read from.")
print("See the additional text at the beginning of this script for more details.\n")
print("Output will be the username and the (Netscreen algorithm based) hashed password, in John the Ripper format. \n\n")
print("Example")
print("Input: netscreen.py admin netscreen")
print("Output: admin:admin$nKv3LvrdAVtOcE5EcsGIpYBtniNbUn")
print("(Netscreen uses the username as the salt)")

1
data/john/run.linux.x64.mmx/pdf2john
View File

@ -1 +0,0 @@
john

1
data/john/run.linux.x64.mmx/rar2john
View File

@ -1 +0,0 @@
john

89
data/john/run.linux.x64.mmx/sap_prepare.pl
View File

@ -1,89 +0,0 @@
#!/usr/bin/perl -w
# Usage: sap_prepare.pl csv-input sap-codeB-output sap-codevnG-output
# csv-input: XLS-exported table USH02 or USR02
# tab-speparted e.g. column 4:username column 17:bcode column 24:codvn G
# sap-codeB-output: username:username<spaces>$bcode
# sap-codevnG-output: username:Username<spaces>$codvnG
#
# (all other formats with the right column names should work)
# sap uses the username as salt. those have different length, so we needed to come up w/ our
# own format. that is: username<space-padding-to-40>$HASHCODE
#
# evil spaghetti code, but works. sorry for the eye cancer ;-)
$SALT_LENGTH = 40;
if ($#ARGV != 2) {
die ("usage = $0 csv-input sap-codeB-output sap-codevnG-output \n");
}
open INPUT_FILE, "$ARGV[0]" or die ("Can't open input-file ($ARGV[0])\n");
open CODEB_FILE,">>$ARGV[1]" or die ("Can't open codeb-file ($ARGV[1])\n");
open CODEG_FILE,">>$ARGV[2]" or die ("Can't open codeg-file ($ARGV[2])\n");
print "data from >>$ARGV[0]<<\nto sap-codeB-output: >>$ARGV[1]<<\n";
print "and sap-codevnG-output: >>$ARGV[2]<<\n\n";
$line = "";
$pos_bname=-1;
$pos_codeb=-1;
$pos_codeg=-1;
$count=0;
until ($line =~ /BNAME/) {
$line=<INPUT_FILE>;
$count++;
}
chomp($line);
@tmp = split(/\t/, $line);
for ($i=0;$i<=$#tmp;$i++) {
if ($tmp[$i]=~ /BNAME/) { $pos_bname=$i }
elsif ($tmp[$i]=~ /BCODE/) { $pos_codeb=$i }
elsif ($tmp[$i]=~ /PASSCODE/) { $pos_codeg=$i }
}
print "Column: $#tmp BNAME: $pos_bname BCODE: $pos_codeb PASSCODE: $pos_codeg\n";
if (-1==$pos_bname || (-1==$pos_codeg && -1==$pos_codeb ) ) {
print "BNAME column not found OR both hash-columns are missing \n";
exit 0;
}
while ($line=<INPUT_FILE>) {
$count++;
chomp($line);
@tmp = split(/\t/, $line);
if ($#tmp<$pos_bname || ($#tmp<$pos_codeb && $#tmp<$pos_codeg)) {
print "******** line $count in csv file has the wrong format ********\n";
next;
}
if ($pos_codeg!=-1 && $tmp[$pos_codeg]=~/[a-zA-Z0-9]/) { # both hashes
print "username: $tmp[$pos_bname] codeB: $tmp[$pos_codeb] codeG: $tmp[$pos_codeg] \n";
$strN = $tmp[$pos_bname];
$strSALT = "$strN"." "x($SALT_LENGTH-length($tmp[$pos_bname]));
$strB = "$tmp[$pos_codeb]";
$strG = "$tmp[$pos_codeg]";
print CODEB_FILE "$strN:$strSALT\$$strB\n";
print CODEG_FILE "$strN:$strSALT\$$strG\n";
}
elsif ($pos_codeb!=-1 && $tmp[$pos_codeb]=~/[a-zA-Z0-9]/ ) { # only bcode
print "username: $tmp[$pos_bname] codeB: $tmp[$pos_codeb] \n";
$strN = $tmp[$pos_bname];
$strSALT = "$strN"." "x($SALT_LENGTH-length($tmp[$pos_bname]));
$strB = "$tmp[$pos_codeb]";
print CODEB_FILE "$strN:$strSALT\$$strB\n";
}
else {
print "******** line $count in csv file has the wrong format ********\n";
}
}
close INPUT_FILE;
close CODEB_FILE;
close CODEG_FILE;
print "\nDone!\n";
exit 0;

23
data/john/run.linux.x64.mmx/sha-dump.pl
View File

@ -1,23 +0,0 @@
#!/usr/bin/perl
use Net::LDAP;
$server = $ARGV[0];
$password = $ARGV[1];
$ldap = Net::LDAP->new($server) || die "$@";
$ldap->bind("cn=Directory Manager", password => $password) || die "$@";
$search = $ldap->search(base => "o=test",
scope => "subtree",
filter => "(uid=*)");
$search->code && die $search->error;
$i=0;
foreach $user ($search->all_entries) {
@uid=$user->get("uid");
@pass=$user->get("userpassword");
print $uid[0].":".$pass[0].":".
$i.":".$i.":/".$uid[0].":\n";
}
$ldap->unbind();

19
data/john/run.linux.x64.mmx/sha-test.pl
View File

@ -1,19 +0,0 @@
#!/usr/bin/perl
# http://www.perl.com/CPAN-local/modules/by-module/MIME/MIME-Base64-2.06.tar.gz
# http://www.perl.com/CPAN-local/modules/by-module/SHA/SHA-1.2.tar.gz
use MIME::Base64;
use SHA;
if ("SHA-1" ne &SHA::sha_version) { die "wrong SHA version\n"; }
$sha = new SHA;
$label = "{SHA}";
$count = 1;
while(<>) {
chomp;
$hash = $sha->hash ($_);
printf ("%s:%s%s:%d:%d:%s:/home/%s/:\n",
$_, $label, encode_base64 ($hash . $salt, ""), $count, $count,
$_, $_);
$count++;
}

1
data/john/run.linux.x64.mmx/ssh2john
View File

@ -1 +0,0 @@
john

4986
data/john/run.linux.x64.mmx/stats
View File

File diff suppressed because it is too large Load Diff

BIN
data/john/run.linux.x64.mmx/tgtsnarf
View File

Binary file not shown.

1
data/john/run.linux.x64.mmx/unafs
View File

@ -1 +0,0 @@
john

1
data/john/run.linux.x64.mmx/undrop
View File

@ -1 +0,0 @@
john

1
data/john/run.linux.x64.mmx/unique
View File

@ -1 +0,0 @@
john

1
data/john/run.linux.x64.mmx/unshadow
View File

@ -1 +0,0 @@
john

1
data/john/run.linux.x64.mmx/zip2john
View File

@ -1 +0,0 @@
john

BIN
data/john/run.linux.x86.any/all.chr
View File

Binary file not shown.

BIN
data/john/run.linux.x86.any/alnum.chr
View File

Binary file not shown.

BIN
data/john/run.linux.x86.any/alpha.chr
View File

Binary file not shown.

BIN
data/john/run.linux.x86.any/calc_stat
View File

Binary file not shown.

BIN
data/john/run.linux.x86.any/digits.chr
View File

Binary file not shown.

78
data/john/run.linux.x86.any/genincstats.rb
View File

@ -1,78 +0,0 @@
#!/usr/bin/ruby -w
require 'getoptlong'
def help
puts "Usage: #{$0} [options]"
puts "\t-h --help\t\tthis help."
puts "\t-f --file\t\toutput file."
puts "\t-n --num\t\tcharset: 0123456789"
puts "\t-a --alpha\t\tcharset: abcdefghijklmnopqrstuvwxyz"
puts "\t-A --alphamaj\t\tcharset: ABCDEFGHIJKLMNOPQRSTUVWXYZ"
puts "\t-l --alphanum\t\tcharset: alpha + num"
puts "\t-l --alphanummaj\tcharset: alpha + alphamaj + num"
puts "\t-s --all\t\tcharset: alpha + alphamaj + num + !@#$+=.*"
puts "\t-c --custom"
puts "\nExample:\n"
puts "#{$0} -f stats -s"
puts "#{$0} -f stats -c \"0123abc+=\""
exit
end
ch_alpha = 'abcdefghijklmnopqrstuvwxyz'
ch_num = '0123456789'
ch_sp = '!@#$+=.*'
opts = GetoptLong.new(
[ '--help', '-h', GetoptLong::NO_ARGUMENT ],
[ '--file', '-f', GetoptLong::OPTIONAL_ARGUMENT],
[ '--all', '-s', GetoptLong::NO_ARGUMENT],
[ '--num', '-n', GetoptLong::NO_ARGUMENT],
[ '--alpha', '-a', GetoptLong::NO_ARGUMENT ],
[ '--alphamaj', '-A', GetoptLong::NO_ARGUMENT ],
[ '--alphanum', '-l', GetoptLong::NO_ARGUMENT ],
[ '--alphanummaj', '-L', GetoptLong::NO_ARGUMENT ],
[ '--custom', '-c', GetoptLong::OPTIONAL_ARGUMENT ]
)
charset = nil
filename = "stats_out"
opts.each do |opt, arg|
case opt
when '--help'
help
when '--file'
filename = arg
when '--num'
charset = ch_num
when '--alpha'
charset = ch_alpha
when '--alphamaj'
charset = ch_alpha.capitalize
when '--alphanum'
charset = ch_alpha + ch_num
when '--alphanummaj'
charset = ch_alpha.capitalize + ch_num
when '--all'
charset = ch_alpha + ch_alpha.capitalize + ch_num + ch_sp
when '--custom'
charset = arg
end
end
if charset == nil
help
end
fstat = File.open(filename, "w")
charset.each_byte do |c|
fstat.write("1=proba1[#{c.to_s}]\n")
charset.each_byte do |tmp|
fstat.write("1=proba2[#{c.to_s}*256+#{tmp.to_s}]\n")
end
end
fstat.close

BIN
data/john/run.linux.x86.any/genmkvpwd
View File

Binary file not shown.

BIN
data/john/run.linux.x86.any/john
View File

Binary file not shown.

BIN
data/john/run.linux.x86.any/lanman.chr
View File

Binary file not shown.

25
data/john/run.linux.x86.any/ldif2pw.pl
View File

@ -1,25 +0,0 @@
#!/usr/bin/perl
$i=1;
while(<>) {
chomp;
if(/^$/) {
if($object{"uid"} ne "") {
print $object{"uid"}.":";
print $object{"userPassword"} ne "" ? $object{"userPassword"} : "*";
print ":";
print $i.":";
print $i.":";
print $object{"cn"}.":";
print $object{"homeDirectory"} ne "" ? $object{"homeDirectory"} : "/";
print ":/bin/sh\n";
}
%object = ();
$i++;
next;
}
($lhs, $rhs) = split(/: /);
$object{$lhs} = $rhs;
}

41
data/john/run.linux.x86.any/mailer
View File

@ -1,41 +0,0 @@
#!/bin/sh
#
# This file is part of John the Ripper password cracker,
# Copyright (c) 1996-98 by Solar Designer
#
if [ $# -ne 1 ]; then
echo "Usage: $0 PASSWORD-FILE"
exit 0
fi
# There's no need to mail users with these shells
SHELLS=-,/bin/false,/dev/null,/bin/sync
# Look for John in the same directory with this script
DIR="`echo "$0" | sed 's,/[^/]*$,,'`"
# Let's start
$DIR/john -show "$1" -shells:$SHELLS | sed -n 's/:.*//p' |
(
SENT=0
while read LOGIN; do
echo Sending mail to "$LOGIN"...
# You'll probably want to edit the message below
mail -s 'Bad password' "$LOGIN" << EOF
Hello!
Your password for account "$LOGIN" is insecure. Please change it as soon
as possible.
Yours,
Password Checking Robot.
EOF
SENT=$(($SENT+1))
done
echo $SENT messages sent
)

BIN
data/john/run.linux.x86.any/mkvcalcproba
View File

Binary file not shown.

262
data/john/run.linux.x86.any/netntlm.pl
View File

@ -1,262 +0,0 @@
#!/usr/bin/perl
#
#####################################################################
#
# Written by JoMo-Kun <jmk at foofus.net> in 2007
# and placed in the public domain.
#
# The purpose of this script is to aid with cracking a LM/NTLM
# challenge/response set, when part of the password is known. It
# was written with John's NetLM/NetNTLM formats and "halflmchall"
# Rainbow Tables in mind.
#
# Example Scenario:
# Let's assume you've captured LM/NTLM challenge/response set for
# the password Cricket88!. You may be able to crack the first part
# (i.e. CRICKET) using "Half LM" Rainbow Tables. This script will
# use that value as a seed and attempt to crack the second part
# (i.e. "88!") via an incremental brute. It'll then use the NetNTLM
# response hash to crack the case-sensitive version of the entire
# password.
#
#####################################################################
use Getopt::Long;
my $VERSION = "0.2";
my %opt;
my %data;
my $JOHN = "john";
GetOptions (
'seed=s' => \$opt{'seed'},
'file=s' => \$opt{'file'},
'help|h' => sub { ShowUsage(); },
);
sub showUsage {
print "john-netntlm.pl v$VERSION\n\n";
print "JoMo-Kun <jmk\@foofus.net>\n\n";
print "Usage: $0 [OPTIONS]\n";
print " $0\n";
print " --seed [RainbowCrack/HalfLM Response Password]\n";
print " --file [File Containing LM/NTLM challenge/responses (.lc format)]\n";
print " Ex: Domain\\User:::LM response:NTLM response:challenge";
print "\n";
print " Ex:\n";
print " $0 --file capture.lc\n";
print " $0 --seed \"GERGE!!\"--file capture.lc\n";
print "\n";
exit(1);
}
# Main
{
if ( !defined($opt{'file'}) ) { &showUsage; }
# Parse accounts to audit
open(HAND, $opt{'file'}) || die("Failed to open response file: $opt{'file'} -- $!");
@{ $data{'pairs'} } = <HAND>;
close(HAND);
# Load information for any accounts previous cracked
print STDERR "\n\n";
print STDERR "###########################################################################################\n";
open (HAND, "$JOHN -format:netlm -show $opt{'file'} |") || die("Failed to execute john: $!");
print STDERR "The following LM responses have been previously cracked:\n";
while(<HAND>) {
next if ( /\d+ password hashes cracked, \d+ left/ );
last if /^$/;
print "\t$_";
push @{ $data{'cracked-lm'} }, $_;
}
close(HAND);
print STDERR "\nThe following NTLM responses have been previously cracked:\n";
open (HAND, "$JOHN -format:netntlm -show $opt{'file'} |") || die("Failed to execute john: $!");
while(<HAND>) {
next if ( /\d+ password hashes cracked, \d+ left/ );
last if /^$/;
print "\t$_";
push @{ $data{'cracked-ntlm'} }, $_;
}
close(HAND);
mkdir("/tmp/john.$$") || die;
my $tmpconf = &createConf();
my $tmpsession = "/tmp/john.$$/john.session";
my $tmpsessionlog = "/tmp/john.$$/john.session.log";
my $tmplog = "/tmp/john.$$/john.log";
#print STDERR "Created temporary configuration file: $tmpconf\n";
# Crack case-sensitive version of password
my $tmpdict = "/tmp/john.$$/john.dict";
#print STDERR "Created temporary dictionary file: $tmpdict\n";
foreach $credential_set ( @{ $data{'cracked-lm'} } ) {
my ($account,$lmpass,$bar,$netlm,$netntlm,$chall) = split(/:/, $credential_set);
next if ( grep(/^$account:/i, @{ $data{'cracked-ntlm'} }) );
print STDERR "\n\n";
print STDERR "###########################################################################################\n";
print STDERR "Performing NTLM case-sensitive crack for account: $account.\n";
open(HAND, ">$tmpdict") || die("Failed to option file: $tmpdict -- $!");
print HAND "$lmpass";
close(HAND);
open (HAND, "$JOHN -format:netntlm -config:$tmpconf -wordlist:$tmpdict -rules -user:\"$account\" -session:$tmpsession $opt{'file'} |") || die("Failed to execute john: $!");
while(<HAND>) { print; }
close(HAND);
unlink $tmpdict || warn("Failed to unlink $tmpdict -- $!");
}
print STDERR "\n\n";
print STDERR "###########################################################################################\n";
print STDERR "Isolating accounts which have only had their LM response cracked.\n";
foreach $credential_set ( @{ $data{'pairs'} } ) {
$credential_set =~ s/\\/\\\\/g;
my ($account,$foo,$bar,$netlm,$netntlm,$chall) = split(/:/, $credential_set);
if (lc($netlm) eq lc($netntlm)) {
print STDERR "LM response is not unique from NTLM response (skipping):\n\t$credential_set\n";
push @{ $data{'pairs-ntlm'} }, $credential_set;
}
elsif ( @cracked = grep(/^$account:/i, @{ $data{'cracked-ntlm'} }) ) {
print STDERR "Account $account NTLM response previously cracked.\n";
#print "@cracked";
}
else {
print STDERR "Account $account LM response added to cracking list.\n";
push @{ $data{'pairs-lm'} }, $credential_set;
}
}
if ( defined($opt{'seed'}) ) {
print STDERR "\n\n";
print STDERR "###########################################################################################\n";
print STDERR "Testing seed password to determine whether it is the actual password.\n";
open(HAND, ">$tmpdict") || die("Failed to option file: $tmpdict -- $!");
print HAND $opt{'seed'};
close(HAND);
open (HAND, "$JOHN -format:netntlm -config:$tmpconf -wordlist:$tmpdict -rules -session:$tmpsession $opt{'file'} |") || die("Failed to execute john: $!");
while(<HAND>) {
print;
next if (/^guesses: .*time: / || (/^Loaded .* password hash /) || (/^No password hashes loaded/));
my ($account) = $_ =~ / \((.*)\)$/;
# Remove accounts which just cracked from list
my $i = 0;
foreach $credential_set ( @{ $data{'pairs-lm'} } ) {
$account =~ s/\\/_/g;
$credential_set =~ s/\\\\/_/g;
if ( $credential_set =~ /^$account:/ ) {
splice(@{ $data{'pairs-lm'} }, $i, 1);
}
$i++;
}
}
close(HAND);
unlink $tmpdict || warn("Failed to unlink $tmpdict -- $!");
my $tmppasswd = "/tmp/john.$$/john.passwd";
open(HAND, ">$tmppasswd") || die("Failed to open $tmppasswd: $!");
print HAND @{ $data{'pairs-lm'} };
close(HAND);
print STDERR "\n\n";
print STDERR "###########################################################################################\n";
print STDERR "The hashes contained within $tmppasswd have not been cracked.\n";
print STDERR "Executing the following (this could take a while...):\n\n";
print STDERR "john -format:netlm -config:$tmpconf -external:HalfLM -incremental:LM -session:$tmpsession $tmppasswd\n";
print STDERR "\n";
print STDERR " *If the passwords successfully crack, use this script again to crack the case-sensitive password\n";
print STDERR " without feeding a seed password\n";
print STDERR"\n\n";
system("$JOHN -format:netlm -config:$tmpconf -external:HalfLM -incremental:LM -session:$tmpsession $tmppasswd");
#exec("$JOHN -format:netlm -config:$tmpconf -external:HalfLM -incremental:LM -session:$tmpsession $tmppasswd");
unlink $tmppasswd || warn("Failed to unlink $tmppasswd -- $!");
}
else {
print STDERR "\nNo seed supplied for testing.\n";
}
#print STDERR "Removing temporary files and directory\n";
unlink $tmpconf, $tmplog, $tmpsession, $tmpsessionlog || warn("Failed to unlink temporary config files -- $!");
rmdir("/tmp/john.$$") || warn("Failed to delete temporary john directory -- $!");
}
exit(0);
sub createConf {
my $tmpconf = "/tmp/john.$$/john.conf";
open(CONF, ">$tmpconf") || die("Failed to open $tmpconf: $!");
# Define character keyspace
print CONF "[Incremental:LM]\n";
print CONF "File = \$JOHN/lanman.chr\n";
print CONF "MinLen = 1\n";
# John compiled for MaxLen <= 8
if (14 - length($opt{'seed'}) > 8) {
print CONF "MaxLen = 8\n";
} else {
print CONF "MaxLen = ", 14 - length($opt{'seed'}), "\n";
}
print CONF "CharCount = 69\n\n";
# Add external filter to handle uncracked characters
if ($opt{'seed'} ne "") {
my $i; $j;
my @seed = split(//, $opt{'seed'});
print CONF "[List.External:HalfLM]\n";
print CONF "void init()\n";
print CONF "{\n";
print CONF " word[14] = 0;\n";
print CONF "}\n\n";
print CONF "void filter()\n";
print CONF "{\n";
my $len = length($opt{'seed'});
for ($i = 13, $j = 13 - $len; $i>=0; $i--) {
if ($i >= $len) {
print CONF " word[$i] = word[$j];\n";
$j--;
} else {
print CONF " word[$i] = \'$seed[$i]\';\n";
}
}
print CONF "}\n\n";
}
# Add custom wordlist to utilize NTLM hash for character case cracking
print CONF "[List.Rules:Wordlist]\n";
print CONF ":\n";
print CONF "-c T0Q\n";
print CONF "-c T1QT[z0]\n";
print CONF "-c T2QT[z0]T[z1]\n";
print CONF "-c T3QT[z0]T[z1]T[z2]\n";
print CONF "-c T4QT[z0]T[z1]T[z2]T[z3]\n";
print CONF "-c T5QT[z0]T[z1]T[z2]T[z3]T[z4]\n";
print CONF "-c T6QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]\n";
print CONF "-c T7QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]\n";
print CONF "-c T8QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]\n";
print CONF "-c T9QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]\n";
print CONF "-c TAQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]\n";
print CONF "-c TBQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]\n";
print CONF "-c TCQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]T[zB]\n";
print CONF "-c TDQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]T[zB]T[zC]\n";
close(CONF);
return $tmpconf;
}

132
data/john/run.linux.x86.any/netscreen.py
View File

@ -1,132 +0,0 @@
##################################################################
# Filename: netscreen.py
#
# Please note this script will now run in Python version 3.x
#
# This script will generate a netscreen formatted password
#
# This program requires two command line arguments, and works in two modes:
# Mode 1:
# The first argument is a username
# The second argument is a plaintext password
# Mode 2:
# The first argument is -f to indicate reading usernames and passwords from a file
# The second argument is the filename to read
#
# The input file should have one of the following formats (a "," or ":" separator):
# <username>,<plain-text-password>
# or
# <username>:<plain-text-password>
#
# (Don't put a "space" after the separator, unless it is part of the password)
#
# Example input file:
# admin,netscreen
# cisco:cisco
# robert,harris
#
# Output will be the username and hashed password in John the Ripper format
# If reading usernames and passwords from a file, the output file name will be: netscreen-JtR-output.txt
# If the file netscreen-JtR-output.txt exists, it will be overwritten.
#
# Version 2.04
# Updated on September 13, 2010 by Robert B. Harris from VA and Brad Tilley
# Updated to now run in Python v3.x (still works in Python 2.x)
# Additional separator for the input file. It can now have the new separator ":" (or use the old one ",")
# Now correctly handles a separator ("," or ":") in the password field when reading from a file.
# Updated help text in script
#
# Version 2.01
# Updated on August 30, 2010 by Robert B. Harris from VA
# Very minor changes, removed tab, noted it won't run in python 3.x
#
# Version 2.0
# Updated on August 12, 2010 by Robert B. Harris from VA
# Updated to use the hashlib library
# Updated to print help text if both input arguments are missing
# Updated to optionally read from a file
#
##################################################################
import sys
def net(user, password):
b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
middle = "Administration Tools"
s = "%s:%s:%s" % (user, middle, password)
# For versions of Python 2.5 and older
if sys.version_info[0] == 2 and sys.version_info[1] < 6:
import md5
m = md5.new(s).digest()
else:
import hashlib
m = hashlib.md5(s.encode('latin_1')).digest()
narray = []
for i in range(8):
if sys.version_info[0] == 2:
n1 = ord(m[2*i])
n2 = ord(m[2*i+1])
narray.append( (n1<<8 & 0xff00) | (n2 & 0xff) )
if sys.version_info[0] == 3:
n1 = ord(chr(m[2*i]))
n2 = ord(chr(m[2*i+1]))
narray.append( (n1<<8 & 0xff00) | (n2 & 0xff) )
res = ""
for i in narray:
p1 = i >> 12 & 0xf
p2 = i >> 6 & 0x3f
p3 = i & 0x3f
res = res + b64[p1] + b64[p2] + b64[p3]
for c, n in zip("nrcstn", [0, 6, 12, 17, 23, 29]):
res = res[:n] + c + res[n:]
return res
if __name__ == '__main__':
if len(sys.argv) == 3:
if (sys.argv[1])== "-f": # If true, reading from a file
in_file = (sys.argv[2]) # 2nd commandline arg is the filename to read from
input_file = open( in_file, 'r')
output_file = open ("netscreen-JtR-output.txt" , 'w')
import re
for line in input_file:
data=line.strip('\n')
if re.search(',',line):
data=data.split(',',1) # line contains ,
else:
if re.search(':',line):
data=data.split(':',1) # line contains :
else:
print ("\n\n\n")
print ("Error in input file.")
print ("The input file must have either a \",\" or \":\" separator on each line.")
print ("Also it should not contain any blank lines. Please correct the input file.")
break
username = data[0]
password = data[1]
ciphertext = net(username,password)
output_file.write ("%s:%s$%s" % (username,username,ciphertext))
output_file.write ("\n")
input_file.close()
print("\nThe output file has been created.")
output_file.close()
else: # We are not reading from a file
username = sys.argv[1]
password = sys.argv[2]
ciphertext = net(username,password)
print(("%s:%s$%s" % (username,username,ciphertext)))
else: # User did not input the required two commandline arguments
print("\n\n")
print("This program requires two commandline arguments:")
print("The first argument is a username, or -f to indicate reading from a file.")
print("The second argument is a plaintext password, or the name of the file to read from.")
print("See the additional text at the beginning of this script for more details.\n")
print("Output will be the username and the (Netscreen algorithm based) hashed password, in John the Ripper format. \n\n")
print("Example")
print("Input: netscreen.py admin netscreen")
print("Output: admin:admin$nKv3LvrdAVtOcE5EcsGIpYBtniNbUn")
print("(Netscreen uses the username as the salt)")

1
data/john/run.linux.x86.any/pdf2john
View File

@ -1 +0,0 @@
john

1
data/john/run.linux.x86.any/rar2john
View File

@ -1 +0,0 @@
john

89
data/john/run.linux.x86.any/sap_prepare.pl
View File

@ -1,89 +0,0 @@
#!/usr/bin/perl -w
# Usage: sap_prepare.pl csv-input sap-codeB-output sap-codevnG-output
# csv-input: XLS-exported table USH02 or USR02
# tab-speparted e.g. column 4:username column 17:bcode column 24:codvn G
# sap-codeB-output: username:username<spaces>$bcode
# sap-codevnG-output: username:Username<spaces>$codvnG
#
# (all other formats with the right column names should work)
# sap uses the username as salt. those have different length, so we needed to come up w/ our
# own format. that is: username<space-padding-to-40>$HASHCODE
#
# evil spaghetti code, but works. sorry for the eye cancer ;-)
$SALT_LENGTH = 40;
if ($#ARGV != 2) {
die ("usage = $0 csv-input sap-codeB-output sap-codevnG-output \n");
}
open INPUT_FILE, "$ARGV[0]" or die ("Can't open input-file ($ARGV[0])\n");
open CODEB_FILE,">>$ARGV[1]" or die ("Can't open codeb-file ($ARGV[1])\n");
open CODEG_FILE,">>$ARGV[2]" or die ("Can't open codeg-file ($ARGV[2])\n");
print "data from >>$ARGV[0]<<\nto sap-codeB-output: >>$ARGV[1]<<\n";
print "and sap-codevnG-output: >>$ARGV[2]<<\n\n";
$line = "";
$pos_bname=-1;
$pos_codeb=-1;
$pos_codeg=-1;
$count=0;
until ($line =~ /BNAME/) {
$line=<INPUT_FILE>;
$count++;
}
chomp($line);
@tmp = split(/\t/, $line);
for ($i=0;$i<=$#tmp;$i++) {
if ($tmp[$i]=~ /BNAME/) { $pos_bname=$i }
elsif ($tmp[$i]=~ /BCODE/) { $pos_codeb=$i }
elsif ($tmp[$i]=~ /PASSCODE/) { $pos_codeg=$i }
}
print "Column: $#tmp BNAME: $pos_bname BCODE: $pos_codeb PASSCODE: $pos_codeg\n";
if (-1==$pos_bname || (-1==$pos_codeg && -1==$pos_codeb ) ) {
print "BNAME column not found OR both hash-columns are missing \n";
exit 0;
}
while ($line=<INPUT_FILE>) {
$count++;
chomp($line);
@tmp = split(/\t/, $line);
if ($#tmp<$pos_bname || ($#tmp<$pos_codeb && $#tmp<$pos_codeg)) {
print "******** line $count in csv file has the wrong format ********\n";
next;
}
if ($pos_codeg!=-1 && $tmp[$pos_codeg]=~/[a-zA-Z0-9]/) { # both hashes
print "username: $tmp[$pos_bname] codeB: $tmp[$pos_codeb] codeG: $tmp[$pos_codeg] \n";
$strN = $tmp[$pos_bname];
$strSALT = "$strN"." "x($SALT_LENGTH-length($tmp[$pos_bname]));
$strB = "$tmp[$pos_codeb]";
$strG = "$tmp[$pos_codeg]";
print CODEB_FILE "$strN:$strSALT\$$strB\n";
print CODEG_FILE "$strN:$strSALT\$$strG\n";
}
elsif ($pos_codeb!=-1 && $tmp[$pos_codeb]=~/[a-zA-Z0-9]/ ) { # only bcode
print "username: $tmp[$pos_bname] codeB: $tmp[$pos_codeb] \n";
$strN = $tmp[$pos_bname];
$strSALT = "$strN"." "x($SALT_LENGTH-length($tmp[$pos_bname]));
$strB = "$tmp[$pos_codeb]";
print CODEB_FILE "$strN:$strSALT\$$strB\n";
}
else {
print "******** line $count in csv file has the wrong format ********\n";
}
}
close INPUT_FILE;
close CODEB_FILE;
close CODEG_FILE;
print "\nDone!\n";
exit 0;

23
data/john/run.linux.x86.any/sha-dump.pl
View File

@ -1,23 +0,0 @@
#!/usr/bin/perl
use Net::LDAP;
$server = $ARGV[0];
$password = $ARGV[1];
$ldap = Net::LDAP->new($server) || die "$@";
$ldap->bind("cn=Directory Manager", password => $password) || die "$@";
$search = $ldap->search(base => "o=test",
scope => "subtree",
filter => "(uid=*)");
$search->code && die $search->error;
$i=0;
foreach $user ($search->all_entries) {
@uid=$user->get("uid");
@pass=$user->get("userpassword");
print $uid[0].":".$pass[0].":".
$i.":".$i.":/".$uid[0].":\n";
}
$ldap->unbind();

19
data/john/run.linux.x86.any/sha-test.pl
View File

@ -1,19 +0,0 @@
#!/usr/bin/perl
# http://www.perl.com/CPAN-local/modules/by-module/MIME/MIME-Base64-2.06.tar.gz
# http://www.perl.com/CPAN-local/modules/by-module/SHA/SHA-1.2.tar.gz
use MIME::Base64;
use SHA;
if ("SHA-1" ne &SHA::sha_version) { die "wrong SHA version\n"; }
$sha = new SHA;
$label = "{SHA}";
$count = 1;
while(<>) {
chomp;
$hash = $sha->hash ($_);
printf ("%s:%s%s:%d:%d:%s:/home/%s/:\n",
$_, $label, encode_base64 ($hash . $salt, ""), $count, $count,
$_, $_);
$count++;
}

1
data/john/run.linux.x86.any/ssh2john
View File

@ -1 +0,0 @@
john

4986
data/john/run.linux.x86.any/stats
View File

File diff suppressed because it is too large Load Diff

BIN
data/john/run.linux.x86.any/tgtsnarf
View File

Binary file not shown.

1
data/john/run.linux.x86.any/unafs
View File

@ -1 +0,0 @@
john

1
data/john/run.linux.x86.any/undrop
View File

@ -1 +0,0 @@
john

1
data/john/run.linux.x86.any/unique
View File

@ -1 +0,0 @@
john

1
data/john/run.linux.x86.any/unshadow
View File

@ -1 +0,0 @@
john

1
data/john/run.linux.x86.any/zip2john
View File

@ -1 +0,0 @@
john

BIN
data/john/run.linux.x86.mmx/all.chr
View File

Binary file not shown.

BIN
data/john/run.linux.x86.mmx/alnum.chr
View File

Binary file not shown.

BIN
data/john/run.linux.x86.mmx/alpha.chr
View File

Binary file not shown.

BIN
data/john/run.linux.x86.mmx/calc_stat
View File

Binary file not shown.

BIN
data/john/run.linux.x86.mmx/digits.chr
View File

Binary file not shown.

78
data/john/run.linux.x86.mmx/genincstats.rb
View File

@ -1,78 +0,0 @@
#!/usr/bin/ruby -w
require 'getoptlong'
def help
puts "Usage: #{$0} [options]"
puts "\t-h --help\t\tthis help."
puts "\t-f --file\t\toutput file."
puts "\t-n --num\t\tcharset: 0123456789"
puts "\t-a --alpha\t\tcharset: abcdefghijklmnopqrstuvwxyz"
puts "\t-A --alphamaj\t\tcharset: ABCDEFGHIJKLMNOPQRSTUVWXYZ"
puts "\t-l --alphanum\t\tcharset: alpha + num"
puts "\t-l --alphanummaj\tcharset: alpha + alphamaj + num"
puts "\t-s --all\t\tcharset: alpha + alphamaj + num + !@#$+=.*"
puts "\t-c --custom"
puts "\nExample:\n"
puts "#{$0} -f stats -s"
puts "#{$0} -f stats -c \"0123abc+=\""
exit
end
ch_alpha = 'abcdefghijklmnopqrstuvwxyz'
ch_num = '0123456789'
ch_sp = '!@#$+=.*'
opts = GetoptLong.new(
[ '--help', '-h', GetoptLong::NO_ARGUMENT ],
[ '--file', '-f', GetoptLong::OPTIONAL_ARGUMENT],
[ '--all', '-s', GetoptLong::NO_ARGUMENT],
[ '--num', '-n', GetoptLong::NO_ARGUMENT],
[ '--alpha', '-a', GetoptLong::NO_ARGUMENT ],
[ '--alphamaj', '-A', GetoptLong::NO_ARGUMENT ],
[ '--alphanum', '-l', GetoptLong::NO_ARGUMENT ],
[ '--alphanummaj', '-L', GetoptLong::NO_ARGUMENT ],
[ '--custom', '-c', GetoptLong::OPTIONAL_ARGUMENT ]
)
charset = nil
filename = "stats_out"
opts.each do |opt, arg|
case opt
when '--help'
help
when '--file'
filename = arg
when '--num'
charset = ch_num
when '--alpha'
charset = ch_alpha
when '--alphamaj'
charset = ch_alpha.capitalize
when '--alphanum'
charset = ch_alpha + ch_num
when '--alphanummaj'
charset = ch_alpha.capitalize + ch_num
when '--all'
charset = ch_alpha + ch_alpha.capitalize + ch_num + ch_sp
when '--custom'
charset = arg
end
end
if charset == nil
help
end
fstat = File.open(filename, "w")
charset.each_byte do |c|
fstat.write("1=proba1[#{c.to_s}]\n")
charset.each_byte do |tmp|
fstat.write("1=proba2[#{c.to_s}*256+#{tmp.to_s}]\n")
end
end
fstat.close

BIN
data/john/run.linux.x86.mmx/genmkvpwd
View File

Binary file not shown.

BIN
data/john/run.linux.x86.mmx/john
View File

Binary file not shown.

BIN
data/john/run.linux.x86.mmx/lanman.chr
View File

Binary file not shown.

25
data/john/run.linux.x86.mmx/ldif2pw.pl
View File

@ -1,25 +0,0 @@
#!/usr/bin/perl
$i=1;
while(<>) {
chomp;
if(/^$/) {
if($object{"uid"} ne "") {
print $object{"uid"}.":";
print $object{"userPassword"} ne "" ? $object{"userPassword"} : "*";
print ":";
print $i.":";
print $i.":";
print $object{"cn"}.":";
print $object{"homeDirectory"} ne "" ? $object{"homeDirectory"} : "/";
print ":/bin/sh\n";
}
%object = ();
$i++;
next;
}
($lhs, $rhs) = split(/: /);
$object{$lhs} = $rhs;
}

41
data/john/run.linux.x86.mmx/mailer
View File

@ -1,41 +0,0 @@
#!/bin/sh
#
# This file is part of John the Ripper password cracker,
# Copyright (c) 1996-98 by Solar Designer
#
if [ $# -ne 1 ]; then
echo "Usage: $0 PASSWORD-FILE"
exit 0
fi
# There's no need to mail users with these shells
SHELLS=-,/bin/false,/dev/null,/bin/sync
# Look for John in the same directory with this script
DIR="`echo "$0" | sed 's,/[^/]*$,,'`"
# Let's start
$DIR/john -show "$1" -shells:$SHELLS | sed -n 's/:.*//p' |
(
SENT=0
while read LOGIN; do
echo Sending mail to "$LOGIN"...
# You'll probably want to edit the message below
mail -s 'Bad password' "$LOGIN" << EOF
Hello!
Your password for account "$LOGIN" is insecure. Please change it as soon
as possible.
Yours,
Password Checking Robot.
EOF
SENT=$(($SENT+1))
done
echo $SENT messages sent
)

BIN
data/john/run.linux.x86.mmx/mkvcalcproba
View File

Binary file not shown.

262
data/john/run.linux.x86.mmx/netntlm.pl
View File

@ -1,262 +0,0 @@
#!/usr/bin/perl
#
#####################################################################
#
# Written by JoMo-Kun <jmk at foofus.net> in 2007
# and placed in the public domain.
#
# The purpose of this script is to aid with cracking a LM/NTLM
# challenge/response set, when part of the password is known. It
# was written with John's NetLM/NetNTLM formats and "halflmchall"
# Rainbow Tables in mind.
#
# Example Scenario:
# Let's assume you've captured LM/NTLM challenge/response set for
# the password Cricket88!. You may be able to crack the first part
# (i.e. CRICKET) using "Half LM" Rainbow Tables. This script will
# use that value as a seed and attempt to crack the second part
# (i.e. "88!") via an incremental brute. It'll then use the NetNTLM
# response hash to crack the case-sensitive version of the entire
# password.
#
#####################################################################
use Getopt::Long;
my $VERSION = "0.2";
my %opt;
my %data;
my $JOHN = "john";
GetOptions (
'seed=s' => \$opt{'seed'},
'file=s' => \$opt{'file'},
'help|h' => sub { ShowUsage(); },
);
sub showUsage {
print "john-netntlm.pl v$VERSION\n\n";
print "JoMo-Kun <jmk\@foofus.net>\n\n";
print "Usage: $0 [OPTIONS]\n";
print " $0\n";
print " --seed [RainbowCrack/HalfLM Response Password]\n";
print " --file [File Containing LM/NTLM challenge/responses (.lc format)]\n";
print " Ex: Domain\\User:::LM response:NTLM response:challenge";
print "\n";
print " Ex:\n";
print " $0 --file capture.lc\n";
print " $0 --seed \"GERGE!!\"--file capture.lc\n";
print "\n";
exit(1);
}
# Main
{
if ( !defined($opt{'file'}) ) { &showUsage; }
# Parse accounts to audit
open(HAND, $opt{'file'}) || die("Failed to open response file: $opt{'file'} -- $!");
@{ $data{'pairs'} } = <HAND>;
close(HAND);
# Load information for any accounts previous cracked
print STDERR "\n\n";
print STDERR "###########################################################################################\n";
open (HAND, "$JOHN -format:netlm -show $opt{'file'} |") || die("Failed to execute john: $!");
print STDERR "The following LM responses have been previously cracked:\n";
while(<HAND>) {
next if ( /\d+ password hashes cracked, \d+ left/ );
last if /^$/;
print "\t$_";
push @{ $data{'cracked-lm'} }, $_;
}
close(HAND);
print STDERR "\nThe following NTLM responses have been previously cracked:\n";
open (HAND, "$JOHN -format:netntlm -show $opt{'file'} |") || die("Failed to execute john: $!");
while(<HAND>) {
next if ( /\d+ password hashes cracked, \d+ left/ );
last if /^$/;
print "\t$_";
push @{ $data{'cracked-ntlm'} }, $_;
}
close(HAND);
mkdir("/tmp/john.$$") || die;
my $tmpconf = &createConf();
my $tmpsession = "/tmp/john.$$/john.session";
my $tmpsessionlog = "/tmp/john.$$/john.session.log";
my $tmplog = "/tmp/john.$$/john.log";
#print STDERR "Created temporary configuration file: $tmpconf\n";
# Crack case-sensitive version of password
my $tmpdict = "/tmp/john.$$/john.dict";
#print STDERR "Created temporary dictionary file: $tmpdict\n";
foreach $credential_set ( @{ $data{'cracked-lm'} } ) {
my ($account,$lmpass,$bar,$netlm,$netntlm,$chall) = split(/:/, $credential_set);
next if ( grep(/^$account:/i, @{ $data{'cracked-ntlm'} }) );
print STDERR "\n\n";
print STDERR "###########################################################################################\n";
print STDERR "Performing NTLM case-sensitive crack for account: $account.\n";
open(HAND, ">$tmpdict") || die("Failed to option file: $tmpdict -- $!");
print HAND "$lmpass";
close(HAND);
open (HAND, "$JOHN -format:netntlm -config:$tmpconf -wordlist:$tmpdict -rules -user:\"$account\" -session:$tmpsession $opt{'file'} |") || die("Failed to execute john: $!");
while(<HAND>) { print; }
close(HAND);
unlink $tmpdict || warn("Failed to unlink $tmpdict -- $!");
}
print STDERR "\n\n";
print STDERR "###########################################################################################\n";
print STDERR "Isolating accounts which have only had their LM response cracked.\n";
foreach $credential_set ( @{ $data{'pairs'} } ) {
$credential_set =~ s/\\/\\\\/g;
my ($account,$foo,$bar,$netlm,$netntlm,$chall) = split(/:/, $credential_set);
if (lc($netlm) eq lc($netntlm)) {
print STDERR "LM response is not unique from NTLM response (skipping):\n\t$credential_set\n";
push @{ $data{'pairs-ntlm'} }, $credential_set;
}
elsif ( @cracked = grep(/^$account:/i, @{ $data{'cracked-ntlm'} }) ) {
print STDERR "Account $account NTLM response previously cracked.\n";
#print "@cracked";
}
else {
print STDERR "Account $account LM response added to cracking list.\n";
push @{ $data{'pairs-lm'} }, $credential_set;
}
}
if ( defined($opt{'seed'}) ) {
print STDERR "\n\n";
print STDERR "###########################################################################################\n";
print STDERR "Testing seed password to determine whether it is the actual password.\n";
open(HAND, ">$tmpdict") || die("Failed to option file: $tmpdict -- $!");
print HAND $opt{'seed'};
close(HAND);
open (HAND, "$JOHN -format:netntlm -config:$tmpconf -wordlist:$tmpdict -rules -session:$tmpsession $opt{'file'} |") || die("Failed to execute john: $!");
while(<HAND>) {
print;
next if (/^guesses: .*time: / || (/^Loaded .* password hash /) || (/^No password hashes loaded/));
my ($account) = $_ =~ / \((.*)\)$/;
# Remove accounts which just cracked from list
my $i = 0;
foreach $credential_set ( @{ $data{'pairs-lm'} } ) {
$account =~ s/\\/_/g;
$credential_set =~ s/\\\\/_/g;
if ( $credential_set =~ /^$account:/ ) {
splice(@{ $data{'pairs-lm'} }, $i, 1);
}
$i++;
}
}
close(HAND);
unlink $tmpdict || warn("Failed to unlink $tmpdict -- $!");
my $tmppasswd = "/tmp/john.$$/john.passwd";
open(HAND, ">$tmppasswd") || die("Failed to open $tmppasswd: $!");
print HAND @{ $data{'pairs-lm'} };
close(HAND);
print STDERR "\n\n";
print STDERR "###########################################################################################\n";
print STDERR "The hashes contained within $tmppasswd have not been cracked.\n";
print STDERR "Executing the following (this could take a while...):\n\n";
print STDERR "john -format:netlm -config:$tmpconf -external:HalfLM -incremental:LM -session:$tmpsession $tmppasswd\n";
print STDERR "\n";
print STDERR " *If the passwords successfully crack, use this script again to crack the case-sensitive password\n";
print STDERR " without feeding a seed password\n";
print STDERR"\n\n";
system("$JOHN -format:netlm -config:$tmpconf -external:HalfLM -incremental:LM -session:$tmpsession $tmppasswd");
#exec("$JOHN -format:netlm -config:$tmpconf -external:HalfLM -incremental:LM -session:$tmpsession $tmppasswd");
unlink $tmppasswd || warn("Failed to unlink $tmppasswd -- $!");
}
else {
print STDERR "\nNo seed supplied for testing.\n";
}
#print STDERR "Removing temporary files and directory\n";
unlink $tmpconf, $tmplog, $tmpsession, $tmpsessionlog || warn("Failed to unlink temporary config files -- $!");
rmdir("/tmp/john.$$") || warn("Failed to delete temporary john directory -- $!");
}
exit(0);
sub createConf {
my $tmpconf = "/tmp/john.$$/john.conf";
open(CONF, ">$tmpconf") || die("Failed to open $tmpconf: $!");
# Define character keyspace
print CONF "[Incremental:LM]\n";
print CONF "File = \$JOHN/lanman.chr\n";
print CONF "MinLen = 1\n";
# John compiled for MaxLen <= 8
if (14 - length($opt{'seed'}) > 8) {
print CONF "MaxLen = 8\n";
} else {
print CONF "MaxLen = ", 14 - length($opt{'seed'}), "\n";
}
print CONF "CharCount = 69\n\n";
# Add external filter to handle uncracked characters
if ($opt{'seed'} ne "") {
my $i; $j;
my @seed = split(//, $opt{'seed'});
print CONF "[List.External:HalfLM]\n";
print CONF "void init()\n";
print CONF "{\n";
print CONF " word[14] = 0;\n";
print CONF "}\n\n";
print CONF "void filter()\n";
print CONF "{\n";
my $len = length($opt{'seed'});
for ($i = 13, $j = 13 - $len; $i>=0; $i--) {
if ($i >= $len) {
print CONF " word[$i] = word[$j];\n";
$j--;
} else {
print CONF " word[$i] = \'$seed[$i]\';\n";
}
}
print CONF "}\n\n";
}
# Add custom wordlist to utilize NTLM hash for character case cracking
print CONF "[List.Rules:Wordlist]\n";
print CONF ":\n";
print CONF "-c T0Q\n";
print CONF "-c T1QT[z0]\n";
print CONF "-c T2QT[z0]T[z1]\n";
print CONF "-c T3QT[z0]T[z1]T[z2]\n";
print CONF "-c T4QT[z0]T[z1]T[z2]T[z3]\n";
print CONF "-c T5QT[z0]T[z1]T[z2]T[z3]T[z4]\n";
print CONF "-c T6QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]\n";
print CONF "-c T7QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]\n";
print CONF "-c T8QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]\n";
print CONF "-c T9QT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]\n";
print CONF "-c TAQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]\n";
print CONF "-c TBQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]\n";
print CONF "-c TCQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]T[zB]\n";
print CONF "-c TDQT[z0]T[z1]T[z2]T[z3]T[z4]T[z5]T[z6]T[z7]T[z8]T[z9]T[zA]T[zB]T[zC]\n";
close(CONF);
return $tmpconf;
}

132
data/john/run.linux.x86.mmx/netscreen.py
View File

@ -1,132 +0,0 @@
##################################################################
# Filename: netscreen.py
#
# Please note this script will now run in Python version 3.x
#
# This script will generate a netscreen formatted password
#
# This program requires two command line arguments, and works in two modes:
# Mode 1:
# The first argument is a username
# The second argument is a plaintext password
# Mode 2:
# The first argument is -f to indicate reading usernames and passwords from a file
# The second argument is the filename to read
#
# The input file should have one of the following formats (a "," or ":" separator):
# <username>,<plain-text-password>
# or
# <username>:<plain-text-password>
#
# (Don't put a "space" after the separator, unless it is part of the password)
#
# Example input file:
# admin,netscreen
# cisco:cisco
# robert,harris
#
# Output will be the username and hashed password in John the Ripper format
# If reading usernames and passwords from a file, the output file name will be: netscreen-JtR-output.txt
# If the file netscreen-JtR-output.txt exists, it will be overwritten.
#
# Version 2.04
# Updated on September 13, 2010 by Robert B. Harris from VA and Brad Tilley
# Updated to now run in Python v3.x (still works in Python 2.x)
# Additional separator for the input file. It can now have the new separator ":" (or use the old one ",")
# Now correctly handles a separator ("," or ":") in the password field when reading from a file.
# Updated help text in script
#
# Version 2.01
# Updated on August 30, 2010 by Robert B. Harris from VA
# Very minor changes, removed tab, noted it won't run in python 3.x
#
# Version 2.0
# Updated on August 12, 2010 by Robert B. Harris from VA
# Updated to use the hashlib library
# Updated to print help text if both input arguments are missing
# Updated to optionally read from a file
#
##################################################################
import sys
def net(user, password):
b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
middle = "Administration Tools"
s = "%s:%s:%s" % (user, middle, password)
# For versions of Python 2.5 and older
if sys.version_info[0] == 2 and sys.version_info[1] < 6:
import md5
m = md5.new(s).digest()
else:
import hashlib
m = hashlib.md5(s.encode('latin_1')).digest()
narray = []
for i in range(8):
if sys.version_info[0] == 2:
n1 = ord(m[2*i])
n2 = ord(m[2*i+1])
narray.append( (n1<<8 & 0xff00) | (n2 & 0xff) )
if sys.version_info[0] == 3:
n1 = ord(chr(m[2*i]))
n2 = ord(chr(m[2*i+1]))
narray.append( (n1<<8 & 0xff00) | (n2 & 0xff) )
res = ""
for i in narray:
p1 = i >> 12 & 0xf
p2 = i >> 6 & 0x3f
p3 = i & 0x3f
res = res + b64[p1] + b64[p2] + b64[p3]
for c, n in zip("nrcstn", [0, 6, 12, 17, 23, 29]):
res = res[:n] + c + res[n:]
return res
if __name__ == '__main__':
if len(sys.argv) == 3:
if (sys.argv[1])== "-f": # If true, reading from a file
in_file = (sys.argv[2]) # 2nd commandline arg is the filename to read from
input_file = open( in_file, 'r')
output_file = open ("netscreen-JtR-output.txt" , 'w')
import re
for line in input_file:
data=line.strip('\n')
if re.search(',',line):
data=data.split(',',1) # line contains ,
else:
if re.search(':',line):
data=data.split(':',1) # line contains :
else:
print ("\n\n\n")
print ("Error in input file.")
print ("The input file must have either a \",\" or \":\" separator on each line.")
print ("Also it should not contain any blank lines. Please correct the input file.")
break
username = data[0]
password = data[1]
ciphertext = net(username,password)
output_file.write ("%s:%s$%s" % (username,username,ciphertext))
output_file.write ("\n")
input_file.close()
print("\nThe output file has been created.")
output_file.close()
else: # We are not reading from a file
username = sys.argv[1]
password = sys.argv[2]
ciphertext = net(username,password)
print(("%s:%s$%s" % (username,username,ciphertext)))
else: # User did not input the required two commandline arguments
print("\n\n")
print("This program requires two commandline arguments:")
print("The first argument is a username, or -f to indicate reading from a file.")
print("The second argument is a plaintext password, or the name of the file to read from.")
print("See the additional text at the beginning of this script for more details.\n")
print("Output will be the username and the (Netscreen algorithm based) hashed password, in John the Ripper format. \n\n")
print("Example")
print("Input: netscreen.py admin netscreen")
print("Output: admin:admin$nKv3LvrdAVtOcE5EcsGIpYBtniNbUn")
print("(Netscreen uses the username as the salt)")

1
data/john/run.linux.x86.mmx/pdf2john
View File

@ -1 +0,0 @@
john

1
data/john/run.linux.x86.mmx/rar2john
View File

@ -1 +0,0 @@
john

Some files were not shown because too many files have changed in this diff Show More