Basic JTR tutorial

Security Whitepapers

Beginner Security Articles

Hacking Articles

IT Certification Articles

Computer How-To's

Web Hosting Tutorials

Network Security Jobs

Consultants Directory

Exploit Articles

Internet Anonymity

General Security

Encryption Information

E-Mail Security

HTTP Protocol Security

Linux Security

Exploit Discussion

Complete PDF Archive of Security Manuals

In The News General Security Information Exploit & Vulnerability Mailing List Archives Product and Program Reviews GSO Tutorials System Security Windows Systems Beginners Section Linux & Unix Systems Trojan & Virus Errata Networking Security / Firewall / IDS / VPN / Routers System Hardening E-Mail Security Wifi Security Trial Member Uploads Upload discovered Trojans & Mal ware (25 posts) The Cork Board Network Security Consultant Directory Network Security Jobs The Archives Encryption Information General Network Security Internet Anonymity HTTP Protocol Security Linux Security MS IIS Information Exploit Articles Programming / Tool Design GSO Software Projects Public Downloads Microsoft Security Questions and Papers
	Database Security (Common-sense Principles)
	Places that viruses and trojans hide on start up
	Step-by-Step Guide to Using the Security Configuration Tool Set
	Improving the Security of Your Site by Breaking Into it
	Domain Name Robbery
	XDCC - An .EDU Admin's Nightmare
	Database Security
	Database Security
	Is Database Security an Oxymoron?
	Database security: protecting sensitive and critical information
	The database security blanket
	Database security in your Web-enabled apps
	Making Your Network Safe for Databases
	SQL Injection: Modes of Attack, Defence, and Why It Matters
	Database Security in High Risk Environments
	Linksys Router Information (A collection)
	Common Ports
	Protection of the Administrator Account in the Offline SAM
	Windows 2000 Security
	The dangers of ftp conversions on misconfigured systems
	Win98.BlackBat
	AnnaKournikova worm decrypted
	C/C++ made easy with GoGooSE 1.0
	UNIX Bourne Shell Programming
	BATCH ProgramminG
	Assembly for nerds using linux
	THE LATEST IN DENIAL OF SERVICE ATTACKS: "SMURFING"
	The Ingredients to ARP Poison
	Outlook 2002: can't send .exe file with Email
	Windows 9x/Me Security and System Restrictions
	Exploiting The IPC Share
	Local Windows hacking
	Windows Cryptic Error Messages
	Windows NT Registry Tutorial
	catch a macro virus
	Protecting Files with Windows NTXP
	Microsoft Baseline Security Analyzer V1.1
	A Beginners Guide To Wireless Security
	Default Logins and Passwords for Networked Devices
	How To Eliminate The Ten Most Critical Internet Security Threats
	About computer crime
	System Backdoor Information
	System Backdoors Explained
	Introduction to Buffer Overflow
	Donald Pipkin's Security Tips for the Week of December 23rd
	Getting IP data from numerous sources
	Rainbow Series Library [The One The Only]
	Honeypots (Definitions and Value of Honeypots)
	General Attack Descriptions
	Wireless Taping
	CYBERTERRORISM
	Security from a different angle

JTR Quick Guide

Simple jtr tutorial by..... ComSec

program: john the ripper

download : http://www.openwall.com/john/
===============================

ok first using an old frontpage exploit just for this tutorial i searched google and was able to gather info and

found plenty of targets for this guide , i took some screenshots to show you some examples

example:

inside the file i targeted i found the hashed password like this

blah:S2XSgk2WEfE9w

so saved to list ready to crack , i called mine MD5pass for this lesson

this is what jtr will be cracking,

after you have several passwords to various sites you can begin jtr or just use a single hashed password ..its up to you

now there are many ways to crack the file using jtr am just going to use the basic
one i find the easiest but slowest to use...there are plenty of jtr guides around for more detail cracking modes

common modes are

john -si [passfile]

john -w:[wordlist] [passfile]

john -i [passfile]

there are other modes using digits,alpha,all...they all do the same thing... anyway on to basics

assuming you have john in C:\ directory just type

c:\john -i MD5pass.txt

image 1

user posted image

after several minutes\hours you should have something like this with cracked passwords if you take a look at the image

after 21 minutes it had cracked 13 of the 36...not bad after 3hrs 24min 18 cracked...half done

btw each password cracked is a website....so up to now 18 possible targets

image 2

user posted image

to check progress hit any key

to stop the cracking hit Ctrl+c session aborted

to view your results type:

c:\john -show MD5pass.txt>result2.txt....this will save the file called result2.txt in the jtr root like this

image 3

user posted image

you now have the password to gain access to the ftp,or whatever

to resume your cracking

type:

c:\john -restore

will load the remaning uncracked passwords and resume attempts from were it left off

image 4

user posted image

JTR Commands and Modes

**if you look in the doc folder that came with JTR it gives you details on how to use them**

hope you enjoyed the tutorial...remember if you do gain access to a site\server please inform the admin

i hold no resposibility for your actions

ComSec

23 june 2003

dont come any easier than this...i think !

--------------------
=============================
No matter were you go....there you are !!

http://comsec.governmentsecurity.org
=============================

Security Forum & Discussion Topics

	finger print?

	A Security Assessment of the Internet Protocol

	Web Fraud 2.0: Cloaking Connections

	Data Fusion: The Ups and Downs of All-Encompassing Digital Profiles

	Seven online-security blunders to avoid

	Mac, Windows clipboards poisoned by URL attacks

	Information about Domain Controller 2003

	When Will Your Mobile Phone get Hacked?

	Learn XSS

	Thats easy