Linux Certification

John the Ripper is a free password cracking software tool. Initially developed for the UNIX operating system, it currently runs on fifteen different platforms (11 architecture-specific flavors of Unix, DOS, Win32, BeOS, and OpenVMS). It is one of the most popular password testing/breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix flavors (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL and others. You will take the following steps to installing John the Ripper and cracking passwords using it:

1. From the Ubuntu menu bar, click Applications, Accessories, Terminal.
2. In the terminal window, enter this command, then press the Enter key:

sudo apt-get install john

3. Enter your password when you are prompted to. When you are asked to continue, enter Y.

Running john the ripper

In the terminal window, enter this command, then press the Enter key:

sudo john /etc/shadow

Enter your password when you are prompted to.  This command cracks the hashes, which are MD5s salted with a two-character salt.  Some passwords come up quickly, as shown below on this page.  Others take longer.  In this mode, john uses a configuration file that tests passwords in the order the designer found to be most effective.