John The Ripper L0phtcrack

: ,

: [1]   Word-189960.doc : 1















: " John The Ripper L0phtcrack


Linux "DES", "salt", - , , , "salt" .

:

/ Etc / passwd

/ Etc / shadow

- / etc / shadow.old / etc / passwd.tmp. / etc /, .passwd , , shadow ( ), passwd :

root: *: 0:0: System Administrator: / root: / bin / csh

rfindd: *: 66:1: Rfind Daemon and Fsdump: / var / rfindd: / bin / sh

! ! :

root: 9IDv/CqdFuqWo: 0:0: System Administrator: / root: / bin / csh

john: 653MWdpUGN3BM: 66:1: John Nikolsen, 2-nd west: / home / john: / bin / sh

, . "john":

john: 653MWdpUGN3BM: 66:1: John Nikolsen, 2-nd west: / home / john: / bin / sh

1.john - ' .

2.653MWdpUGN3BM - DES.

3.66:1 - : ( root 0:0).

4.John Nikolsen, 2-nd west - ( ', ...).

5./ Home / john - .

6./ Bin / csh - shell.

, DES ( shadow passwd), r -------- r - r -----, , root' ( r - r -----).

Free BSD / etc / master.passwd, LINUX, MD5. Open BSD, Blowfish.

John The Ripper


John The Ripper- , . - UNIX . NTLM,Kerberos, .

John the Ripper,, , . , Unix Windows LanMan ( NT, 2000 XP). , i. 13 , Pentium RISC-.

-, . john-1.6.31-dev , /src.

[Root @ hedwig] # tar zxvf john-1.6.31-dev.tar.gz

[Root @ hedwig] # tar zxvf john-1.6.tar.gz

[Root @ hedwig] # cd john-1.6.31-dev

[Root @ hedwig john-1.6.31-dev] # cd src

:make <OSname>.

[Root @ hedwig src] # make win32-cygwin-x86-mmx

. , john-1.6.31-dev/run. . john-1.6.tar.gz /run.

[Root @ hedwig] # cd john-1.6.31-dev/run

[Root @ hedwig run] # cp../../john-1.6/run/all.chr.

[Root @ hedwig run] # cp../../john-1.6/run/alpha.chr.

[Root @ hedwig run] # cp../../john-1.6/run/digits.chr.

[Root @ hedwig run] # cp../../john-1.6/run/lanman.chr.

[Root @ hedwig run] # cp../../john-1.6/run/password.lst.

, . , john-1.6.31-dev/run.-, , , .

[Root @ hedwig run] #. / John-test

Benchmarking: Traditional DES [64/64 BS MMX]...DONE

Many salts: 323175 c / s

Only one salt: 279202 c / s

Benchmarking: BSDI DES (x725) [64/64 BS MMX]...DONE

Many salts: 10950 c / s

Only one salt: 10770 c / s

Benchmarking: FreeBSD MD5 [32/32]...DONE

Raw: 2437 c / s

Benchmarking: OpenBSD Blowfish (x32) [32/32]...DONE

Raw: 169 c / s

Benchmarking: Kerberos AFS DES [48/64 4K MMX]...DONE

Short: 118816 c / s

Long: 305669 c / s

Benchmarking: NT LM DES [64/64 BS MMX]...DONE

Raw: 487689 c / s

:FreeBSD MD5NT LMDES. (c / s) 200 . , FreeBSD 200 , Windows NT! OpenBSD Blowfish . , . , , , Blowfish .



. . , - , , -test., , , . Unix pwdump, , . ' , , ( ).

root:rf5V5.Ce31sOE:0:0::

root:KbmTXiy.OxC.s:11668:0:99999:7: -1: -1:1075919134

root:$ 1 $ M9/GbWfv $ sktn.4pPetd8zAwvhiB6.1:11668:0:99999:7: -1: -1:1075919134

root:$ 2a $ 06 $ v3LIuqqw0pX2M4iUnCVZcuyCTLX14lyGNngtGSH4/dCqPHK8RyAie:0:0 ::::::

Administrator: 500:66bf9d4b5a703a9baad3b435b51404ee:17545362d694f996c37129225df11f4c:::

, ., , , , . , Solaris, Windows- : ; .

Solaris DES from / etc / passwd.

MandrakeLinuxDES from / etc / shadow.

FreeBSD MD5 from / etc / shadow.

OpenBSD Blowfish from / etc / master.password.

Windows 2000 LAN Manager from \ WINNT \ repair \ SAM.

, Unix Windows . ( ) Unix.

Cisco

:enable secret 5 $ 1 $ M9/GbWfv $ sktn.4pPetd8zAwvhiB6.1

:cisco: $ 1 $ M9/GbWfv $ sktn.4pPetd8zAwvhiB6.1::::

Apache. Htaccess-, , DES.Apache SHA-1 MD5, .

. Htaccess:dragon: yJMVYngEA6t9c

:dragon: yJMVYngEA6t9c::::

, DES , WWWBoard.

passwd.txt: WebAdmin:aepTOqxOi4i8U

: WebAdmin:aepTOqxOi4i8U:0:3: www.victim.com::

, ' . : passwd.unix, , DES, passwd.md5, , MD5, passwd.lanman, Windows NT.

[Root @ hedwig run] #. / John passwd.unix

Loaded 189 passwords with 182 different salts

(Traditional DES [64/64 BS MMX])

. - , , CTRL-C, . , . , -show.

[Root @ hedwig run] #. / John-show passwd.unix

2buddha: smooth1: 0:3: wwwboard: /: / sbin / sh

ecs: asdfg1: 11262:0:40:5:: 11853:

informix: abc123: 10864:0:40:5:: 12689:

kr: grant5: 11569:0:35:5:: 11853:

mjs: rocky22: 11569:0:35:5:: 11853:

np: ny0b0y: 11572:0:35:5:: 11853:

john.pot, , . , , . . , . ( , , , - ), ( ), '.

password.lst. , . , Google. ( 15Mb) bigdict.zip.-wordfile, .

[Root @ hedwig run] #. / John-wordfile: password.lst passwd.unix

Loaded 188 passwords with 182 different salts

(Traditional DES [64/64 BS MMX])

guesses: 0 time: 0:00:00:01 100%

c / s: 333074 trying: tacobell - zhongguo

, -rules.

[Root @ hedwig run] #. / John-wordfile: password.lst-rules passwd.unix

Loaded 188 passwords with 182 different salts

(Traditional DES [64/64 BS MMX])

guesses: 0 time: 0:00:00:58 100%

c / s: 327702 trying: Wonderin - Zenithin

-rules, john.conf ( john.ini 1.6). john.conf, ( #).

[List.Rules: Wordlist]

# Try words as they are

:

Lowercase every pure alphanumeric word

-C> 3!? XlQ

# Capitalize every pure alphanumeric word

-C> 2 (? A!? XcQ

# Lowercase and pluralize pure alphabetic words

<*> 2!? Alp

# Lowercase pure alphabetic words and append '1 '

<*> 2!? Al $ 1

, , , . , ('libcrack?)., , ., "letmein" , , "7letmein" . .

# Prepend digits (adds 10 more passes through the wordlist)

[0123456789]

.^, . , . [] , ^.0123456789 , ., "letmein", , "0letmein""9letmein".

- , . . , 1000 10000, 0 9. , , .

[0123456789]..

[!@#$%^&*()]. .

[,.?!]. .

(, , e 3) , .

?V? (a, e, i, o, u).

s? v.? (.).

@ @?V? .

@ @A? a.

sa4? a 4.

se3? e 3.

l *? * , .

u *? * , .

- , , l33t, . , ' , , ., 1GHz, , , .

- . . , . , . , -incremental.

[Root @ hedwig run] #. / John-incremental: LanMan passwd.lanman

Loaded 1152 passwords with no different salts (NT LM DES [64/64 BS MMX])

john.conf .

All. , , , , SHIFT +.

Alpha. .

Digits. 0 9.

LanMan. , All, .

' john. conf., LanMan .

[Incremental: LanMan]. .

File =. / Lanman.chr. .

MinLen = 0. .

MaxLen = 7. .

CharCount = 69. .

ALL .

[Incremental: All]. .

File =. / All.chr., .

MinLen = 0. .

MaxLen = 8. .

CharCount = 95. .

MinLenMaxLen , .MaxLenLanMan .CharCount MaxLen , ., LanMan 7.6 . ALL 6700 ! , incremental: All LanMan, .

Unix, , , . , .

[Incremental: All]

File =. / All.chr

MinLen = 8

MaxLen = 8

CharCount = 95

.

[Root @ hedwig run] #. / John-incremental: All passwd.unix

. -stdout, . .

[Root @ hedwig run] #. / John-incremental: All-stdout

, , john , , Whisker.

[Root @ hedwig run] #. / John-makechars: guessed

Loaded 3820 plaintexts

Generating charsets... 1 2 3 4 5 6 7 8 DONE

Generating cracking order...DONE

Successfully written charset file: guessed (82 characters)



john, . , . john.conf.

# Crash recovery file saving delay in seconds

Save = 600

' restore, , -session.

[Root @ hedwig run] #. / John-incremental: LanMan-session: pdc \

passwd.lanman

Loaded 1152 passwords with no different salts (NT LM DES

[64/64 BS MMX])

restore .

REC2

5

-Incremental: LanMan

-Session: pdc

passwd.lanman

-Format: lm

6

0

47508000

00000000

0

-1

488

0

8

3

2

6

5

2

0

0

0

32- , 32- 64- . , , . restore . restore ' .

REC2

4

-Incremental: LanMan

passwd.lanman

-Format: lm

4

0

00000000

00000000

0

-1

333

0

8

15

16

0

0

0

0

0

0

restore ' .

REC2

4

-Incremental: LanMan

passwd.lanman

-Format: lm

4

0

00000000

0000036f

0

-1

333

0

8

15

16

0

0

0

0

0

0

, . ' LanMan 0000036f00000000. , . "crypt" , .

, , 10 '. 400000 c / s ( ). 30 , LanMan(69 ^ 7 ). . "crypt". , 2 . 10 ' . X "crypt", 10 - . , X, .

.

Tw = (69 ^ 7 / ) / ( )

Tw = (69 ^ 7 / 400,000) / (604800) = 30.8 .

"Crypt" .

X = Tw / (10 )

X = 30.8 / 10 = 3

"crypt" ( , restore):0003000000000000.

"crypt"( ). , .

System 1 = 0

System 2 = "crypt" * X = 00090000 00000000

System 3 = "crypt" * X * 2 = 00120000 00000000

System N = "crypt" * X * (N - 1) = restore value

System 10 = "crypt" * X * 9 = 00510000 00000000

, , . - -external. . john.conf List.External. -external, .

L0phtcrack


L0phtcrack - ' , . : ; ( ); ; (LM- NT- LM- NT- ), 64- Microsoft, Ubuntu . , NTLM - Windows, ... ..

L0phtcrack 6 , . 2005 , Symantec, - , , Symantec.

' , L0phtcrack 5, ., L0phtcrack 6 64- Microsoft, Ubuntu . , NTLM - Windows, .

L0phtcrack , Symantec, 2004 @ stake, L0pht.


- . L0phtcrack.exe ( L0phtcrack95.exe Windows 95/98). , Windows NT 4.0 ( Window 2000), sniffer readsmb.exe, Windows 3.11/95/95 MS-DOS sniffer'a NDIS-, . Ethernet- CSMA-CD. NDIS- "Network" () . "Protocols" () "Add" (). "Have Disk" ( ) , L0phtCrack Oemsetup.inf . sniffer readsmb.exe, Windows.

Windows , Unix. Unix- .

Windows NT 14 , !Mudge Weld Pond L0pht Heavy Industries LanMan. , .

LanMan. , , Unix- / etc / passwd / etc / shadow. , , LanMan ? Windows . LanMan, LM, . - NT-, MD5. . , . LanMan , , DES.

LanMan. 16 .

898f30164a203ca0 14cc8d7feb12c1db

898f30164a203ca0 aad3b435b51404ee

14cc8d7feb12c1db aad3b435b51404ee

8 :aad3b435b51404ee. . : , , . , (14cc8d7feb12c1db) ., , , ( ), , .

14 7 . , LanMan , , .


L0phtCrack- Windows NT Windows 2000 XP. Unix- / etc / passwd / etc / shadow. .Windows Security Accounts Manager (SAM) - , .L0phtCrack : SAM-, , .

SAM- \ WINNT \ system32 \ config \. , .

C: \ WINNT \ system32 \ configcopy SAM c: \ temp

The process cannot access the file because it is being used by

another process.

0 file (s) copied.

.Windows, , SAM \ WINNT \ repair \\ WINNT \ repair \ RegBack\.

L0phtCrack ' Dump Passwords FromRegistry.

ADMIN$. 39 NetBIOSTCP.L0phtCrack , .

C: \> net use \ \ victim \ admin $ * / u: Administrator

Type the password for \ \ localhost \ admin $:

The command completed successfully.

. , ' netuse, . , .

L0phtCrack, john. . Options.

, L0phtCrack john. File / Save As.

john. .

, L0phtCrack .

LastBruteIteration = 0

CharacterSet = 1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ

ElapsedTime = 0 0

Administrator :"":"": A34E6990556D7BA3BA1F6705936BF461:

2B1437DBB1DC57DA3DA1B88BADAB13B2:::

, John theRipper. , , ' (Administrator) . john, , , (SID).

Administrator: 500: A34E6990556D7BA3BA1F6705936BF461:

2B1437DBB1DC57DA3DA1B88BADAB13B2:::

3.0L0phtCrack . ( , , , ). L0phtCrack 2.52 John the Ripper .

3.0.L0phtCrack . Windows 2000 15 . , LanMan. , 2.5. "No Password" LanMan, NTLM, - 15 . 3.0 , 15 . ,

AAD3B435B51404EEAAD3B435B51404EE:FA95F45CC70B670BD865F3748CA3E9FC:::

"". , LanMan AAD3B435B51404EE, LanMan ( ).

L0phtCrack3.0 . . .



: L0phtcrack John the Ripper. .

L0phtcrack ' Windows NT. , . , , . L0phtcrack - John the Ripper ("-"), Windows NT, UNIX, . " ", , UNIX Windows NT - , .

John The Ripper . , . .

L0phtcrack : , , . : , dana Dana99. : ' , ', .

L0phtCrack, The Cult of the Dead Cow; @ stake, Symantec. John the Ripper, , , ( Windows), UNIX- Crack. John , . John , , L0phtCrack (, LC5 - L0phtCrack - , ).

, John Windows (LAN Manager NT LAN Manager, NTLM), - , DES (standard, single, extended), MD5, Blowfish Andrew File System (AFS). John ( , - ) ( , ). John the Ripper :

john

tools/3X5QLPPNFE.php.


L0phtcrack John the Ripper. Windows Unix, . , . . L0phtcrack John the Ripper.


  1. post/49191/default.asp
  2. hack/programs/password.php
  3. https://forum.xaknet.ru/showthread.php?t=4567
  4. Password-Cracking-Software-Saminside-L0phtcrack/dp/1155473574
  5. keyword/password-cracking.php
  6. - . , , . .
: 1