John the Ripper survitaminé avec le Jumbo patch

Il existe une version bien plus complète du célèbre casseur de mots de passe, avec plus d'une centaine de types de hash et de chiffrement supportés.



Ce n'est pas une version officielle de John, elle est soutenue par la communauté.

John peut casser par exemple les clés privées SSH RSA/DSA, WPA/PSK, VNC, les archives ZIP et RAR, PDF, MD4, MD5, SHA-1, SHA-256, SHA-512, DES, NTLM, les documents Office 2007/2010, les documents OpenDocument (OpenOffice.org, LibreOffice), MySQL, Kerberos, Mac OS X Keychain, MSCHAPv2, etc.
Et en plus le support des GPU et du multi-threading.


On commence par télécharger les sources sur le site. Il faut la version community-enhanced.

Pour Windows, il suffit de prendre l'archive de celui-ci, les binaires sont dedant.

Pour les systèmes basés sur Unix (Linux, Android, MAC OS X...) il faut prendre une des deux archives, puis :

root@localhost:/tmp/john-1.7.9-jumbo-6$ cd src/
root@localhost:/tmp/john-1.7.9-jumbo-6/src$ make
To build John the Ripper, type:
        make clean SYSTEM
where SYSTEM can be one of the following:
([i] is an optional letter for pre-built intrinsics, eg. -sse2i vs -sse2):
linux-x86-64-native      Linux, x86-64 'native' (all CPU features you've got)
linux-x86-64-gpu         Linux, x86-64 'native', CUDA and OpenCL (experimental)
linux-x86-64-opencl      Linux, x86-64 'native', OpenCL (experimental)
linux-x86-64-cuda        Linux, x86-64 'native', CUDA (experimental)
linux-x86-64-avx         Linux, x86-64 with AVX (2011+ Intel CPUs)
linux-x86-64-xop         Linux, x86-64 with AVX and XOP (2011+ AMD CPUs)
linux-x86-64[i]          Linux, x86-64 with SSE2 (most common)
linux-x86-64-icc         Linux, x86-64 compiled with icc
linux-x86-64-clang       Linux, x86-64 compiled with clang
linux-x86-gpu            Linux, x86 32-bit with SSE2, CUDA and OpenCL (experimental)
linux-x86-opencl         Linux, x86 32-bit with SSE2 and OpenCL (experimental)
linux-x86-cuda           Linux, x86 32-bit with SSE2 and CUDA (experimental)
linux-x86-sse2[i]        Linux, x86 32-bit with SSE2 (most common, 32-bit)
linux-x86-native         Linux, x86 32-bit, with all CPU features you've got (not necessarily best)
linux-x86-mmx            Linux, x86 32-bit with MMX (for old computers)
linux-x86-any            Linux, x86 32-bit (for truly ancient computers)
linux-x86-clang          Linux, x86 32-bit with SSE2, compiled with clang
linux-alpha              Linux, Alpha
linux-sparc              Linux, SPARC 32-bit
linux-ppc32-altivec      Linux, PowerPC w/AltiVec (best)
linux-ppc32              Linux, PowerPC 32-bit
linux-ppc64              Linux, PowerPC 64-bit
linux-ia64               Linux, IA-64
freebsd-x86-64[i]        FreeBSD, x86-64 with SSE2 (best)
freebsd-x86-sse2[i]      FreeBSD, x86 with SSE2 (best if 32-bit)
freebsd-x86-mmx          FreeBSD, x86 with MMX
freebsd-x86-any          FreeBSD, x86
freebsd-alpha            FreeBSD, Alpha
openbsd-x86-64[i]        OpenBSD, x86-64 with SSE2 (best)
openbsd-x86-sse2[i]      OpenBSD, x86 with SSE2 (best if 32-bit)
openbsd-x86-mmx          OpenBSD, x86 with MMX
openbsd-x86-any          OpenBSD, x86
openbsd-alpha            OpenBSD, Alpha
openbsd-sparc64          OpenBSD, SPARC 64-bit (best)
openbsd-sparc            OpenBSD, SPARC 32-bit
openbsd-ppc32            OpenBSD, PowerPC 32-bit
openbsd-ppc64            OpenBSD, PowerPC 64-bit
openbsd-pa-risc          OpenBSD, PA-RISC
openbsd-vax              OpenBSD, VAX
netbsd-sparc64           NetBSD, SPARC 64-bit
netbsd-vax               NetBSD, VAX
solaris-sparc64-cc       Solaris, SPARC V9 64-bit, cc (best)
solaris-sparc64-gcc      Solaris, SPARC V9 64-bit, gcc
solaris-sparcv9-cc       Solaris, SPARC V9 32-bit, cc
solaris-sparcv8-cc       Solaris, SPARC V8 32-bit, cc
solaris-sparc-gcc        Solaris, SPARC 32-bit, gcc
solaris-x86-64-cc        Solaris, x86-64 with SSE2, cc
solaris-x86-64[i]-gcc    Solaris, x86-64 with SSE2, gcc
solaris-x86-sse2-cc      Solaris 9 4/04+, x86 with SSE2, cc
solaris-x86-sse2[i]-gcc  Solaris 9 4/04+, x86 with SSE2, gcc
solaris-x86-mmx-cc       Solaris, x86 with MMX, cc
solaris-x86-mmx-gcc      Solaris, x86 with MMX, gcc
solaris-x86-any-cc       Solaris, x86, cc
solaris-x86-any-gcc      Solaris, x86, gcc
sco-x86-any-gcc          SCO, x86, gcc
sco-x86-any-cc           SCO, x86, cc
tru64-alpha              Tru64 (Digital UNIX, OSF/1), Alpha
aix-ppc32                AIX, PowerPC 32-bit
macosx-x86-64            Mac OS X 10.5+, Xcode 3.0+, x86-64 with SSE2 (best)
macosx-x86-64-opencl     Mac OS X 10.5+, Xcode 3.0+, x86-64 with SSE2, OpenCL support
macosx-x86-sse2          Mac OS X, x86 with SSE2
macosx-ppc32-altivec     Mac OS X, PowerPC w/AltiVec (best)
macosx-ppc32             Mac OS X, PowerPC 32-bit
macosx-ppc64             Mac OS X 10.4+, PowerPC 64-bit
macosx-universal         Mac OS X, Universal Binary (x86 + x86-64 + PPC)
hpux-pa-risc-gcc         HP-UX, PA-RISC, gcc
hpux-pa-risc-cc          HP-UX, PA-RISC, ANSI cc
irix-mips64-r10k         IRIX, MIPS 64-bit (R10K) (best)
irix-mips64              IRIX, MIPS 64-bit
irix-mips32              IRIX, MIPS 32-bit
dos-djgpp-x86-mmx        DOS, DJGPP, x86 with MMX
dos-djgpp-x86-any        DOS, DJGPP, x86
win32-cygwin-x86-sse2[i] Win32, Cygwin, x86 with SSE2 (best)
win32-cygwin-x86-mmx     Win32, Cygwin, x86 with MMX
win32-cygwin-x86-any     Win32, Cygwin, x86
win32-mingw-x86-sse2[i]  Win32, MinGW, x86 with SSE2 (best)
win32-mingw-x86-mmx      Win32, MinGW, x86 with MMX
win32-mingw-x86-any      Win32, MinGW, x86
beos-x86-sse2            BeOS, x86 with SSE2 (best)
beos-x86-mmx             BeOS, x86 with MMX
beos-x86-any             BeOS, x86
generic                  Any other Unix-like system with gcc
Maintenant on choisit sur quel système on veut compiler, avec ou sans le support de CUDA et OpenCL, avec l'instruction SSE2... Ici on choisit linux-x86-64-native.

root@localhost:/tmp/john-1.7.9-jumbo-6/src$ make clean linux-x86-64-native

Si aucune erreur n'est survenue pendant la compilation, john se trouve dans le dossier run.

root@localhost:/tmp/john-1.7.9-jumbo-6/run$ ./john
John the Ripper password cracker, ver: 1.7.9-jumbo-6 [linux-x86-64-native]
Copyright (c) 1996-2012 by Solar Designer and others
Homepage: http://www.openwall.com/john/

Usage: john [OPTIONS] [PASSWORD-FILES]
--config=FILE             use FILE instead of john.conf or john.ini
--single[=SECTION]        "single crack" mode
--wordlist[=FILE] --stdin wordlist mode, read words from FILE or stdin
                  --pipe  like --stdin, but bulk reads, and allows rules
--loopback[=FILE]         like --wordlist, but fetch words from a .pot file
--dupe-suppression        suppress all dupes in wordlist (and force preload)
--encoding=NAME           input data is non-ascii (eg. UTF-8, ISO-8859-1).
                          For a full list of NAME use --list=encodings
--rules[=SECTION]         enable word mangling rules for wordlist modes
--incremental[=MODE]      "incremental" mode [using section MODE]
--markov[=options]        "Markov" mode (see doc/MARKOV)
--external=MODE           external mode or word filter
--stdout[=LENGTH]         just output candidate passwords [cut at LENGTH]
--restore[=NAME]          restore an interrupted session [called NAME]
--session=NAME            give a new session the NAME
--status[=NAME]           print status of a session [called NAME]
--make-charset=FILE       make a charset file. It will be overwritten
--show[=LEFT]             show cracked passwords [if =LEFT, then uncracked]
--test[=TIME]             run tests and benchmarks for TIME seconds each
--users=[-]LOGIN|UID[,..] [do not] load this (these) user(s) only
--groups=[-]GID[,..]      load users [not] of this (these) group(s) only
--shells=[-]SHELL[,..]    load users with[out] this (these) shell(s) only
--salts=[-]COUNT[:MAX]    load salts with[out] COUNT [to MAX] hashes
--pot=NAME                pot file to use
--format=NAME             force hash type NAME: afs bf bfegg bsdi crc32 crypt
                          des django dmd5 dominosec dragonfly3-32 dragonfly3-64
                          dragonfly4-32 dragonfly4-64 drupal7 dummy dynamic_n
                          epi episerver gost hdaa hmac-md5 hmac-sha1 hmac-sha224
                          hmac-sha256 hmac-sha384 hmac-sha512 hmailserver ipb2
                          keepass keychain krb4 krb5 lm lotus5 md4-gen md5 md5ns
                          mediawiki mscash mscash2 mschapv2 mskrb5 mssql mssql05
                          mysql mysql-sha1 nethalflm netlm netlmv2 netntlm
                          netntlmv2 nsldap nt nt2 odf office oracle oracle11 osc
                          pdf phpass phps pix-md5 pkzip po pwsafe racf rar
                          raw-md4 raw-md5 raw-md5u raw-sha raw-sha1
                          raw-sha1-linkedin raw-sha1-ng raw-sha224 raw-sha256
                          raw-sha384 raw-sha512 salted-sha1 sapb sapg sha1-gen
                          sha256crypt sha512crypt sip ssh sybasease trip vnc
                          wbb3 wpapsk xsha xsha512 zip
--list=WHAT               list capabilities, see doc/OPTIONS or --list=?
--save-memory=LEVEL       enable memory saving, at LEVEL 1..3
--mem-file-size=SIZE      size threshold for wordlist preload (default 5 MB)
--nolog                   disables creation and writing to john.log file
--crack-status            emit a status line whenever a password is cracked
--max-run-time=N          gracefully exit after this many seconds
--regen-lost-salts=N      regenerate lost salts (see doc/OPTIONS)
--plugin=NAME[,..]        load this (these) dynamic plugin(s)
À l'argument --format on remarque ce que John supporte. 
On peut déplacer le dossier run où l'on souhaite ensuite.


Et enfin pour lancer un benchmark et voir les performances de votre machine de guerre :
root@localhost:/tmp/john-1.7.9-jumbo-6/run$ ./john --test

Pour la suite c'est vous qui voyez :)





Aucun commentaire:

Enregistrer un commentaire