Re: SOLVED john the ripper

purplepenguin — Mon Sep 24, 2012 10:59 pm

Author: purplepenguin

Posted: Mon Sep 24, 2012 10:59 pm

OK I seem to have answered my own question those parameters only affect the incremental mode not the wordlist attack. to make the MaxLen larger I would need to recompile John.

SOLVED john the ripper

purplepenguin — Mon Sep 24, 2012 9:25 pm

Author: purplepenguin

Posted: Mon Sep 24, 2012 9:25 pm

After reading the articles by James Litton "Passwords a better strategy" in issue 162 and Ben's "Hack a server" article in issue 163 I wanted to see how secure my passwords are on my home server.

I installed JTR on my main Mint PC and copied the shadow file from the server (which is running Ubuntu 12.04 server). to a file on in my home directory called pass.txt. I ran JTR overnight and it failed to crack any of the 3 user passwords yipee I thought my passwords must be fairly strong.

I was nosing about in /etc/john/john.conf and saw this section

Code:

Incremental modes
[Incremental:All]
File = $JOHN/all.chr
MinLen = 0
MaxLen = 8
CharCount = 95

[Incremental:Alpha]
File = $JOHN/alpha.chr
MinLen = 1
MaxLen = 8
CharCount = 26

[Incremental:Digits]
File = $JOHN/digits.chr
MinLen = 1
MaxLe]n = 8
CharCount = 10

[Incremental:Alnum]
File = $JOHN/alnum.chr
MinLen = 1
MaxLen = 8
CharCount = 36

[Incremental:LanMan]
File = $JOHN/lanman.chr
MinLen = 0
MaxLen = 7
CharCount = 69

Does the MaxLen=X part mean that JTR cannot crack passwords over this length? and can I just change this value to a larger one say 20?

The shortest password in use on my server is 12 characters long all lowercase and I was wondering if the reason JTR failed to crack any of them is due to this MaxLen parameter.

Thanks for any insight

Lee

Linux Format forums

Re: SOLVED john the ripper

SOLVED john the ripper