John the Ripper is a tool for getting passwords by bruteforcing. Make sure you don’t apply any of followings more others’ accounts or services. Try your own accounts or services.
Get Password of an Unix-like Machine
Followings are only work with an unix-like machine, and the user had already gained the access of files on it. That is, we need /etc/passwd and /etc/shadow (only /etc/passwd for acient machine).
> unshadow /etc/passwd /etc/shadow > ~/passwd
Use John’s default word list to crack the password:
> john ~/passwd
Use custom wordlist:
> john --wordlist=word.list ~/passwd
where word.list is your custom list.
To show the result:
> john --show ~/passwd
Crack Wifi
Use Wordlist (WPA2)
Use wireshark or airodump-ng to get .cap file of the traffic. Then:
> aircrack-ng –w wordlist.lst -b 00:0c:29:80:9a:85 my_traffic*.cap
where -b option indicates the MAC of your targetting BSSID, and input files are those .cap files.
Try All
Another solution is to try every possible password which is guaranteed to found the password, but it might also take forever.
> john -stdout -incremental | aircrack-ng -b 00:0c:29:80:9a:85 -w - my_traffic*.cap
Session Control
To run a long password testing process, we can make it run in the background:
> john --session=all_rules_session --wordlist=all.lst &
To check the session status:
> john --status=all_rules_session
0g 0:00:00:02 2/3 0g/s 411.5p/s 411.5c/s 411.5C/s
To restore the session:
> john --restore
Password Wordlist
For longer wordlist, one can find it online. However, there are some existing wordlist on Kali for users to apply.
> ls /usr/share/wordlists/
dirb dirbuster dnsmap.txt fasttrack.txt fern-wifi metasploit metasploit-jtr nmap.lst rockyou.txt.gz sqlmap.txt termineter.txt wfuzz
they are wordlist files from different applications:
> file /usr/share/wordlists/*
/usr/share/wordlists/dirb: symbolic link to /usr/share/dirb/wordlists
/usr/share/wordlists/dirbuster: symbolic link to /usr/share/dirbuster/wordlists
...
/usr/share/wordlists/wfuzz: symbolic link to /usr/share/wfuzz/wordlist
Interestingly, the best wordlist is actually hidden in the rockyou.txt.gz, so:
> gzip -dc < rockyou.txt.gz > ~/wordlist.txt
then we got wordlist.txt.
Stainless Steel Wheels | Titanium White Wheels | TiC
ReplyDeleteStainless Steel columbia titanium boots Wheels The titanium plates at TiC are a carbon fiber, non-rust, solid titanium iv chloride steel wickering system babyliss titanium flat iron with strong titanium cartilage earrings aluminum oxide micro touch hair trimmer resistance, $38.99 · In stock