Tagged: password

Blog / CentOS / CISSP / Debian / Fedora / Kali / Linux / Linux / Mint / RedHat / Security / Ubuntu

27/11/2017

How To Change User Password with passwd In Linux and /etc/passwd File

passwd command is used to change password and provides information about Linux accounts. Normal or root user can change passwords. Normal user can only change his own password in the other hand root can change all users passwords. Passwords related information is stored in /etc/passwd file. Only password which is stored as hash is stored in /etc/shadow . Password File As stated previously user account related information is stored in /etc/passwd . There is information...

Blog / Linux / Pentest / Security / Windows

13/08/2017

How To Crack Password with John The Ripper Incremental Mode

This is the most powerful cracking mode. Keep in mind that generally cracking will never end in this mode if there is no password because combinations are too large. Configurations about Incremental Mode can be found in configuration file [Incremental:MODE] section.

$ john --incremental unshadowed

1	$ john --incremental unshadowed

–incremental is used to specify incremental Mode Set Only Numeric Chars for Word List We can set only numeric characters to crack like below.

$ john --incremental=digits unshadowed

1	$ john --incremental=digits unshadowed

digits will fire numeric wordlist. Default...

Blog / Linux / Pentest / Security / Windows

13/08/2017

How To Crack Password John The Ripper with Wordlist

Word list mode is the simplest cracking mode. We need to specify the word list. The specified word list will we mangled according to default rules. Which means the words in the word list will be changed for usage. Word list should not contain duplicates which will bring down efficiency. To make thing more efficient word list can be provided in a sorted manner. Sorting Word List Word list can...

Blog / Linux / Pentest / Security / Windows

13/08/2017

How To Crack Passwords with John The Ripper Single Crack Mode

As we stated before in single crack mode [List.Rules:Single] method of configuration file is used. In this mode login:password are cracked by using default password-list. Single Mode is much faster than Wordlist Mode. Linux Example We will crack linux passwords with Single Mode. First we need the create one file by unshadowing /etc/passwd and /etc/shadow like below

$ unshadow /etc/passwd /etc/shadow > unshadowed

1	$ unshadow /etc/passwd /etc/shadow > unshadowed

After this operation we will get a file named unshadowed like below

root:$6$sRjaayov$u8sCzbiIxzunjyvPgRJurl24RMLfWgCKhuzGU/V0ZOWmH/JeeNMnaPOASdFN898/AEhmdTzNE7I6xDqDxeWbf.:0:0:root:/root:/bin/bash
ismail:$6$osz4Q6Ka$txKB/fjtuZhnFThDJEVKrJ8.E1LbojZYcWPuE6GGLxob.AWDoL3UXZtZ0FH98HR86ebZhGO.bZpl/qrJ2nzOP/:1000:1001::/home/ismail:/bin
/sh

root:$6$sRjaayov$u8sCzbiIxzunjyvPgRJurl24RMLfWgCKhuzGU/V0ZOWmH/JeeNMnaPOASdFN898/AEhmdTzNE7I6xDqDxeWbf.:0:0:root:/root:/bin/bash

ismail:$6$osz4Q6Ka$txKB/fjtuZhnFThDJEVKrJ8.E1LbojZYcWPuE6GGLxob.AWDoL3UXZtZ0FH98HR86ebZhGO.bZpl/qrJ2nzOP/:1000:1001::/home/ismail:/bin

/sh

Now john can help...

Blog / Linux / Pentest / Security / Windows

13/08/2017

How To Crack Passwords with John The Ripper with GUI

Hackers preferred mode for tool usage is cli. John is developed for cli primarily. But there is also a gui part and can be installed like below. We named is johnny

$ apt-get install johnny -y

1	$ apt-get install johnny -y

We can provide login and password hashes like below We can select password hash type manually but john provides auto detect option which is very good detecting password types. We can provide wordlist too from our...

Blog / Linux / Pentest / Security / Windows

13/08/2017

John The Ripper Modes and Configuration

John have a lot of different features and in order to configure these features it provides a lot of configuration options. In this tutorial we will look some of them. Getting Help There is two way to get help abut John. One is the simplest way by using -h .

$ john -h 
John the Ripper password cracker, version 1.8.0.6-jumbo-1-bleeding [linux-x86-64] 
Copyright (c) 1996-2015 by Solar Designer and others 
Homepage: http://www.openwall.com/john/ 
 
Usage: john [OPTIONS] [PASSWORD-FILES] 
--single[=SECTION]        "single crack" mode 
--wordlist[=FILE] --stdin wordlist mode, read words from FILE or stdin 
                  --pipe  like --stdin, but bulk reads, and allows rules 
--loopback[=FILE]         like --wordlist, but fetch words from a .pot file 
--dupe-suppression        suppress all dupes in wordlist (and force preload) 
--prince[=FILE]           PRINCE mode, read words from FILE 
--encoding=NAME           input encoding (eg. UTF-8, ISO-8859-1). See also 
                          doc/ENCODING and --list=hidden-options. 
--rules[=SECTION]         enable word mangling rules for wordlist modes 
--incremental[=MODE]      "incremental" mode [using section MODE] 
--mask=MASK               mask mode using MASK 
--markov[=OPTIONS]        "Markov" mode (see doc/MARKOV) 
--external=MODE           external mode or word filter 
--stdout[=LENGTH]         just output candidate passwords [cut at LENGTH] 
--restore[=NAME]          restore an interrupted session [called NAME] 
--session=NAME            give a new session the NAME 
--status[=NAME]           print status of a session [called NAME] 
--make-charset=FILE       make a charset file. It will be overwritten 
--show[=LEFT]             show cracked passwords [if =LEFT, then uncracked] 
--test[=TIME]             run tests and benchmarks for TIME seconds each 
--users=[-]LOGIN|UID[,..] [do not] load this (these) user(s) only 
--groups=[-]GID[,..]      load users [not] of this (these) group(s) only 
--shells=[-]SHELL[,..]    load users with[out] this (these) shell(s) only 
--salts=[-]COUNT[:MAX]    load salts with[out] COUNT [to MAX] hashes 
--save-memory=LEVEL       enable memory saving, at LEVEL 1..3 
--node=MIN[-MAX]/TOTAL    this node's number range out of TOTAL count 
--fork=N                  fork N processes 
--pot=NAME                pot file to use 
--list=WHAT               list capabilities, see --list=help or doc/OPTIONS 
--format=NAME             force hash of type NAME. The supported formats can 
                          be seen with --list=formats and --list=subformats

$ john -h

John the Ripper password cracker, version 1.8.0.6-jumbo-1-bleeding [linux-x86-64]

Homepage: http://www.openwall.com/john/

Usage: john [OPTIONS] [PASSWORD-FILES]

--single[=SECTION] "single crack" mode

--wordlist[=FILE] --stdin wordlist mode, read words from FILE or stdin

--pipe like --stdin, but bulk reads, and allows rules

--loopback[=FILE] like --wordlist, but fetch words from a .pot file

--dupe-suppression suppress all dupes in wordlist (and force preload)

--prince[=FILE] PRINCE mode, read words from FILE

--encoding=NAME input encoding (eg. UTF-8, ISO-8859-1). See also

doc/ENCODING and --list=hidden-options.

--rules[=SECTION] enable word mangling rules for wordlist modes

--incremental[=MODE] "incremental" mode [using section MODE]

--mask=MASK mask mode using MASK

--markov[=OPTIONS] "Markov" mode (see doc/MARKOV)

--external=MODE external mode or word filter

--stdout[=LENGTH] just output candidate passwords [cut at LENGTH]

--restore[=NAME] restore an interrupted session [called NAME]

--session=NAME give a new session the NAME

--status[=NAME] print status of a session [called NAME]

--make-charset=FILE make a charset file. It will be overwritten

--show[=LEFT] show cracked passwords [if =LEFT, then uncracked]

--test[=TIME] run tests and benchmarks for TIME seconds each

--users=[-]LOGIN|UID[,..] [do not] load this (these) user(s) only

--groups=[-]GID[,..] load users [not] of this (these) group(s) only

--shells=[-]SHELL[,..] load users with[out] this (these) shell(s) only

--salts=[-]COUNT[:MAX] load salts with[out] COUNT [to MAX] hashes

--save-memory=LEVEL enable memory saving, at LEVEL 1..3

--node=MIN[-MAX]/TOTAL this node's number range out of TOTAL count

--fork=N fork N processes

--pot=NAME pot file to use

--list=WHAT list capabilities, see --list=help or doc/OPTIONS

--format=NAME force hash of type NAME. The supported formats can

be seen with --list=formats and --list=subformats

And the other method is by using man page. Man page provides more details.

$ man john

JOHN(8)                                               System Manager's Manual                                              JOHN(8) 
 
NAME 
       john - a tool to find weak passwords of your users 
 
SYNOPSIS 
       john [options] password-files
...

$ man john

JOHN(8) System Manager's Manual JOHN(8)

NAME

john - a tool to find weak passwords of your users

SYNOPSIS

john [options] password-files

...

Modes John have 3 different...

Blog / CentOS / Debian / Fedora / Kali / Linux / Mint / Pentest / RedHat / Security / Ubuntu

13/08/2017

How To Install John The Ripper To Windows and Linux (Ubuntu, Debian,Kali, Fedora, CentOS)

John can be run Unix,Linux,Windows,MacOS Platforms. Source code can be found at github. Debian,Ubuntu:

apt-get install -y  john

1	apt-get install -y john

Fedora:

yum install -y john

1	yum install -y john

Windows: Here is the windows binaries. http://www.openwall.com/john/j/john180j1w.zip

Blog / CentOS / Debian / Fedora / Kali / Linux / Linux / Mint / RedHat / Security / Ubuntu

09/07/2017

Linux Etc Login.defs Configuration with Examples

Linux shadow password suite provides password related utils and configuration. /etc/login.defs or simple login.defs provides configuration about shadow utils. This file provides password, mail, user id, group id, user home related configuration. We will look all of the useful configurations in this tutorial. Login.defs Configuration File login.defs configuration file is located at /etc/login.defs . It is simple text file. We can use any text editor to edit and change values. In this tutorial we...

Blog / Database / MariaDB / MySQL

04/07/2017

Mysql Database Import Tutorial with Examples

Backup and Restore operations are important part of the database administration. mysqlimport command is used to load data in file into Mysql or Mariadb servers. Mysql import is generally used by providing SQLfile. Syntax Syntax of mysqlimport is like below. mysqlimport OPTIONS DBNAME FILE OPTION is used provide detailed configuration DBNAME is the name of the database we want to import FILE is the file which contains the data and schema Import SQL File...

Blog

12/06/2017

Base64 and Default Password Projects

Up to now I have provided informative and technical posts about different IT domains like programming, network, security, linux and windows. In this post I want to talk about may other web projects. Those projects are mainly created for provide some service to the programmers and end users. Base64Encode.info and Base64decode.info Base64 is and encoding format used to change encoding got different type of data. This is generally used to...

Tagged: password

Enjoy this blog? Please spread the word :)