Hacktopia

In this short tutorial I will show you how to generate your very own password list to feed into a password cracker. First make sure you have plenty of disk space. You will need terabytes to store all that you will be able to generate by using my example so be careful and watch the password file grow to make sure that it does not fill up your system. So for starters get a Unix system, preferbly Linux with some nice fast processor, and like I stated before plenty of disk space. Then install ‘John The Ripper often refered to as simply john when run from the command line.

Here is a example ubuntu system package search

user@server:~$ aptitude search john
i   john                                                      – active password cracking tool

I am sure you can use the power of john for good or evil, but pleas try to use it for good.  I have used it for noble reasons.  One company that I worked for wanted to make sure that the passwords of the accounts for the servers where secure so I was asked to run a password cracker on the user.  So I broke out john and watched how the majority of them where cracked in under a second.  it did take several times asking the users to make better passwords before it took a resonable amount of time to cracks them.  At the time I considered a couple of days good enough.

Recently I was unable to long into one of my systems.  I was authorized for the system so I simply asked a friend to reset my password.  Before the password was reset I had the freind copy my hash from the shadow file like so.

user@server:~$ grep user/etc/passwd > pass
user:x:1000:1000:user,,,:/home/user:/bin/bash

I used the resulting pass file to feed to john.  I did this with out a dictionary file.  The benifits to using a dictionary is that john does not need to use processign power to generate diffrent passwords.

bab@nixer:~$ john pass
Loaded 1 password (Standard DES [48/64 4K])

I finally was told what my password was after 11 days.  It is very neat that you can press return while it is running to see what kind of guesses john is trying.  For background info the password that was used was only 8 charaters long with one capital and one number the rest where lower case. The reason that it took so long was that john had to generate each password and then try it against the has that I provided.  As you might of guessed these kind of attaches are only usefull when you have the password and the hash.

Below is the command to generate 95 printable ASCII characters of lengths 1 to 8.  I would suggest simiting the list to something smaller like replacin ALL with Alpha or Digit.  You can also edit the /etc/john/john.conf file to shorten or letehen the passwords generated and a few other options.

john -incremental=All –stdout > john_string_list

Here are the 26 printiable ASCII charaters

!”#$%&’()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~

Trying to find out where all your man pages are located, have no fear this is how you can find them.

user@server:~$ manpath
/usr/local/man:/usr/local/share/man:/usr/share/man

Which will tell you what directories you computer will look for man files.
you can also look in

$ grep MANPATH /etc/manpath.config

To see where you system expects the man pages to be located.

I you would like to read some man pages about man then then ‘man man’ and ‘man 5 manpath’ for more information.  If there are man pages that you have but you cant get them to show up by typing “man widget” then you simply have to add them to you man path.

You can check which version of debian you are running by running the command

user@server:/var/log/installer$ cat /var/log/installer/lsb-release
DISTRIB_ID=Debian
DISTRIB_DESCRIPTION=”Debian GNU/Linux installer”
DISTRIB_RELEASE=”4.0 (installer build 20070308etch2)”
X_INSTALLATION_MEDIUM=cdrom

or similary for Ubuntu you can run

user@server:~$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=8.04
DISTRIB_CODENAME=hardy
DISTRIB_DESCRIPTION=”Ubuntu 8.04.1″