Electronic Books

To execute John, change to the correct directory by typing:
cd ../run
Brute Force
343
After placing a hashed file into this directory, type:
john ??“i pwdump
The passwords will be broken and displayed on the screen.
344
Practical Hacking Techniques and Countermeasures
To interrupt the ???cracking??? process hold down the Ctrl key and press the
C key.
John keeps track of the passwords it finds for each hashed file. To verify
what passwords were found, type:
john ??“show pwdump
Brute Force
345
The passwords will be displayed unencrypted in the hash file with information
separated by a colon (:). The biggest ones of concern are the first three:

Username

Password

User ID
*Note: User ID is important because a user account can be renamed. In this example
this is a hashed file from a Windows target. Referring to Chapter 3, each user
is assigned a static user ID. The Administrator account on a Windows machine
will always be 500.
John the Ripper allows for the cracking of Linux/Unix password files as
well. The only limitation is if the password is ???shadowed??? with an asterisk (*).
346
Practical Hacking Techniques and Countermeasures
Lab 58: Brute-Force FTP Password
Brute-Force an FTP Password Connection: BruteFTP
Prerequisites: None
Countermeasures: Secured FTP, known as Secured Shell Client (SSL) or
Secure FTP Client (SFTP)
Description: File Transfer Protocol (FTP) is used to transfer files between
computers and is still widely in use.


Pages:
116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140