John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.
To install it run:
apt-get install john john-data
then download the word list from OpenWall website.
wget http://download.openwall.net/pub/wordlists/all.gz
This list contains over 5 million words from several languages, there is a paid version of this file but for most purposes the free version is sufficient.
The cracking procedure is very simple but fist we need to combine the passwd and shaddow files:
# unshadow /etc/passwd /etc/shadow > password.list
Once that is done all we need to do is run John the Ripper against that file and specify the user name and the word list:
# john -users:testuser -wordlist:all password.list Created directory: /root/.john Loaded 1 password hash (crypt, generic crypt(3) [?/64]) Press 'q' or Ctrl-C to abort, almost any other key for status password (testuser) 1g 0:00:00:00 100% 3.448g/s 331.0p/s 331.0c/s 331.0C/s 123456..pepper Use the "--show" option to display all of the cracked passwords reliably Session completed
And in this example in less than a second we have the password cracked.
If we want to try and decrypt all passwords listed in the password.list file then we tell John to run this command:
# john --format=crypt -wordlist:all password.list Loaded 3 password hashes with 3 different salts (crypt, generic crypt(3) [?/64]) Remaining 2 password hashes with 2 different salts Press 'q' or Ctrl-C to abort, almost any other key for status
Simples!