At 22:23 12/11/1999 +0700, **CyberJunkies**, has written a message, and
here is the reply :
>Mau coba jawab yah
>Aplikasi John the ripper itu untuk menterjemahkan password unix (DES ?)
>Jadi kalau kamu punya password unix (co : passwd) dia bisa menterjemahkan
>password tersebut ke huruf biasa dengan cara mencocokan dengan wordlists
>yang sudah tersedia
>apakah penjelasan saya benar ?
Wah tidak terlampau tepat, dia tidak menterjemahkan, tapi mengcocokkan.
Penjelasannya ada di attachment.....
***********************
John the Ripper -- Password Cracker
=====================================
John the Ripper is a password cracker, currently available for UNIX, DOS,
WinNT/Win95. Its primary purpose is to detect weak UNIX passwords. It has
been tested with Linux x86/Alpha/SPARC, FreeBSD x86, OpenBSD x86, Solaris
2.x SPARC and x86, Digital UNIX, AIX, HP-UX, and IRIX.
The DOS and Win32 ports are done with DJGPP and Cygnus Developer's Kit,
respectively.
How to Install
----------------
See doc/INSTALL for information on installing John on your system.
How to Use
------------
To run John, you need to supply it with some password files and optionally
specify a cracking mode, like this, using the default order of modes, and
assuming that passwd is a copy of your password file:
john passwd
or, to make it use a wordlist with rules only:
john -wordfile:/usr/dict/words -rules passwd
Cracked passwords will be printed to the terminal and saved in file called
~/john.pot (in this text '~' means John's "home directory", that is, the
directory you installed John's binary in). This file is also used not to
load passwords that you already cracked, when you run John the next time.
To retrieve the cracked passwords, run:
john -show passwd
While cracking, you can press any key for status, or Ctrl+C to abort the
session, saving point information to a file (~/restore by default). By the
way, if you press Ctrl+C twice John will abort immediately without saving.
The point information is also saved every 10 minutes (configurable in the
configuration file, ~/john.ini) in case of a crash.
To continue an interrupted session, run:
john -restore
Anyway, you probably should have a look at doc/OPTIONS for a list of all
the command line options, and at doc/EXAMPLES for more John usage examples
with other cracking modes.
Features and Performance
--------------------------
John the Ripper is designed to be both powerful and fast. It combines
several cracking modes in one program, and is fully configurable for your
particular needs (you can even define a custom cracking mode using the
built-in compiler supporting a subset of C). Also, John is available for
several different platforms, which enables you to use the same cracker
everywhere (for example even continue a cracking session that you started
on another platform).
Out of the box, John supports (and autodetects) the following ciphertext
formats: standard and double-length DES-based, BSDI's extended DES-based,
FreeBSD's (and not only) MD5-based, and OpenBSD's Blowfish-based.
With just one extra command (required to extract the passwords), John can
crack AFS passwords and WinNT LM hashes.
Unlike other crackers, John doesn't use a crypt(3)-style routine. Instead,
it has its own highly optimized modules for different ciphertext formats
and architectures. Some of the algorithms used couldn't be implemented in
a crypt(3)-style routine: they require a more powerful interface (bitslice
DES is an example). Additionally, there're assembly routines for several
processors and architectures (special Intel Pentium version, x86 with MMX,
generic x86, Alpha EV4, SPARC V8).
Documentation
---------------
The rest of documentation is located in separate files, listed here in the
recommended reading order:
INSTALL - you've probably read it already
OPTIONS - command line options, and additional utilities
MODES - cracking modes: what they are
CONFIG (*) - how to customize
RULES (*) - wordlist rules syntax
EXTERNAL (*) - defining an external mode
EXAMPLES - usage examples -- strongly recommended
FAQ - guess
NEWS - history of changes
CREDITS - credits, and how to contact me
(*) most users can safely skip these
Happy reading!
********************************
John the Ripper's Cracking Modes
==================================
Mode descriptions here are short, and only cover the basic things. Check
other documentation files for information on customizing the modes.
Wordlist Mode
---------------
This is the simplest cracking mode supported by John. All you need to do
is specify a wordlist (text file containing one word per line), and some
password files. You can enable rules (which are used to modify words) if
desired, they will then be applied to every word in the list.
The wordlist should not contain dupes. John doesn't sort the words not to
use too much memory, since that would require at least loading the entire
wordlist to memory or temporary space, while now it's read from disk while
cracking. Also, leaving the words order as it is allows you to put frequent
words first. However, if you don't place words in a reasonable order, it is
better if you sort the wordlist alphabetically: John runs a bit faster if
each word it tries only differs from the previous one by a few characters,
this is especially noticable when cracking only a few passwords at a time.
Most wordlists that you may find on the net are already sorted anyway.
However, you shouldn't bother about words longer than 8 (or whatever limit
your current password hashing algorithm has) characters being effectively
the same password if their first 8 characters match. John can handle this
situation (and only try the password once) when such words are going one
immediately after the other (that is, when the wordlist is sorted). You'd
better not truncate words to 8 characters in your wordlist, since the rest
may be needed when you enable the rules.
The recommended way to sort a wordlist for use with default wordlist rule
set is:
tr A-Z a-z < SOURCE | sort -u > TARGET
See doc/RULES for information on writing your own wordlist rules.
"Single Crack" Mode
---------------------
This is the mode you should start cracking with. It will try using the
login/GECOS information as passwords. Since the information is only used
on the account it was taken from (and on passwords with the same salt,
which takes almost no extra time), "single crack" mode is much faster than
the wordlist mode, which allows using a lot of rules (they are always
enabled for this mode) in a reasonable time. Guessed passwords are also
tried on the entire password list, just in case more users have the same
password. Of course, this will only get those passwords that are based on
the information used.
Note that running this mode on many password files at the same time may
sometimes get more passwords cracked than you would get if you ran it on
the files separately.
Incremental Mode
------------------
This is the most powerful cracking mode, it can try all possible character
combinations as passwords. However, it is assumed that cracking with this
mode will never terminate because of the number of combinations being too
large (actually, it will terminate if you set a low password length limit,
or make it use a small charset), and you'll have to interrupt it earlier.
That's why this mode deals with character frequency tables, to get as many
passwords as possible within a limited time.
To use the mode you need a specific definition for the mode's parameters
(including password length limits and the charsets). These parameters are
defined in ~/john.ini's sections called [Incremental:MODE], where MODE is
any name that you assign to the mode (it's the name you'll need to specify
on John's command line). You can either use a pre-defined incremental mode
definition ('All', 'Alpha', or 'Digits'), or define a custom one.
See doc/CONFIG and doc/EXAMPLES for information on defining custom modes.
External Mode
---------------
You can define an external cracking mode for use with John. This is done
with ~/john.ini's sections called [List.External:MODE], where MODE is any
name that you assign to the mode. The section should contain some functions
that John will use to generate the words it tries. The functions are coded
in a subset of the C language, and are compiled by John at startup (if you
enable the mode on John's command line). See doc/EXTERNAL.
What Modes Should I Use?
--------------------------
See doc/EXAMPLES for a reasonable order of cracking modes to use.
-------
AFLHI 058009990407128029/089802---(102598//991024)
milis ini didukung oleh :
>> http://www.indolinux.com - dunia linux indonesia
-------------------------------------------------------------------
untuk berhenti kirim email ke [EMAIL PROTECTED]
untuk melihat peraturan kirim email ke [EMAIL PROTECTED]
arsip berada di http://www.mail-archive.com/[email protected]
