1、JR(Joth the Ripper)简介
·一款密码分析工具,支持字典式的暴力破解
·通过对 shadow 文件的口令分析,可以检测密码
·官方网站:http://www.openwall.com/john/
2、安装 JR 工具
(1)tar 包解压
(2)进到解压后的 src 目录下,执行 make clean
(3)进到解压后的 run 目录下,执行命令
===========================================================
示例:扫描虚拟机内所有账号密码排出弱密码?重点找到john
导入john-1.8.0.tar.gz 包
[root@localhost ~]# ls //查看是否已经导入好JR
john-1.8.0.tar.gz
[root@localhost ~]# tar -zxf john-1.8.0.tar.gz //解压JR包
[root@localhost ~]# ls //查看是否解压好JR包
john-1.8.0 john-1.8.0.tar.gz
[root@localhost ~]# cd john-1.8.0/src //进入src
[root@localhost src]# rpm -q gcc gcc-c++ //检测是否安装了gcc gcc-c++编辑器
未安装软件包 gcc
未安装软件包 gcc-c++
[root@localhost src]# yum -y install gcc gcc-c++ //安装gcc gcc-c++编辑器
[root@localhost src]# make //编译
[root@localhost src]# cd ../run //进入run
[root@localhost run]# cp /etc/shadow ./shadow.txt //复制./shadow.txt 到/etc/shadow下
[root@localhost run]# ls
ascii.chr john.conf mailer password.lst shadow.txt
digits.chr lm_ascii.chr makechr relbench
[root@localhost run]# cd ../
[root@localhost john-1.8.0]# ls
doc README run src
[root@localhost john-1.8.0]# cd
[root@localhost ~]# ls
john-1.8.0 john-1.8.0.tar.gz
[root@localhost ~]# cd john-1.8.0/
[root@localhost john-1.8.0]# ls
doc README run src
[root@localhost john-1.8.0]# cd src
[root@localhost src]# make clean linux-x86-64 //编辑清除linux-x86-64
...........
............
make[1]: 离开目录“/root/john-1.8.0/src”
[root@localhost src]# cd ../run
[root@localhost run]# ls
ascii.chr john lm_ascii.chr makechr relbench unafs unshadow
digits.chr john.conf mailer password.lst shadow.txt unique
[root@localhost run]# cp /etc/shadow ./shadow.txt
cp:是否覆盖"./shadow.txt"? y
[root@localhost run]# ./john shadow.txt //运行shadow.txt文本,必须在run下否则运行执行失败
Loaded 3 password hashes with 3 different salts (crypt, generic crypt(3) [?/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
123123 (roomx)
123123 (root)
0g 0:00:20:52 3/3 0g/s 242.7p/s 242.7c/s 242.7C/s 020867..022465
0g 0:00:20:54 3/3 0g/s 242.7p/s 242.7c/s 242.7C/s 033289..036936
Session aborted
[root@localhost run]# ./john --show shadow.txt // 运行shadow.txt文本root:123123::0:99999:7:::
roomx:123123:18117:0:99999:7:::
2 password hashes cracked, 1 left
==========================================================
字典式暴力破解?
[root@localhost run]# vi password.lst //查看字典内置密码及添加账号liu的密码为liuxiang
#!comment: This list has been compiled by Solar Designer of Openwall Project
#!comment: in 1996 through 2011. It is assumed to be in the public domain.
#!comment:
#!comment: This list is based on passwords most commonly seen on a set of Unix
#!comment: systems in mid-1990's, sorted for decreasing number of occurrences
#!comment: (that is, more common passwords are listed first). It has been
#!comment: revised to also include common website passwords from public lists
#!comment: of "top N passwords" from major community website compromises that
#!comment: occurred in 2006 through 2010.
#!comment:
#!comment: Last update: 2011/11/20 (3546 entries)
#!comment:
#!comment: For more wordlists, see http://www.openwall.com/wordlists/
liuxiang
123456
12345
password
password1
123456789
12345678
1234567890
abc123
computer
tigger
"password.lst" 3559L, 26325C
[root@localhost run]# useradd liu
[root@localhost run]# passwd liu
更改用户liu的密码
新的密码:liuxiang
重新输入新的密码:liuxiang
passwd:所有的身份验证令牌已经成功更新。
[root@localhost run]# ./john --wordlist=./password.lst ./liu.shadow.txt
Loaded 1 password hash (crypt, generic crypt(3) [?/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
liuxiang (liu)
1g 0:00:00:00 100% 2.702g/s 259.4p/s 259.4c/s 259.4C/s liuxiang..pamela
Use the "--show" option to display all of the cracked passwords reliably
Session completed
[root@localhost run]# cat john.pot //查看破解记录
$6$3Yb/XIGe$xt6sg3nZ.EXSpwNmTjcYHOHDGpf1wbo1sXbY/4aYGkmol65rzcZItPwJOoUIfWdgf4YqkRI8YXmsLxlOQVqLr1:123123
$6$/.a9JMSut.7RkRDr$gE4JlVGP/uLDr7Zdd0v.NfVDOPAeKq1MemSCb90o5/ejAUR2FpKVzv7.14apHi1XnBPvd5YVqx3aBC5IPLOZ51:123123
$6$gy1Bp2K/$uPbPWAZ/6LFetymqgsUBxoMzWrDB6R9aa4kQBevp1CyuefwmWlMfyXyRkMzos/gjusr8i9/dK9bdMEdZIwK5i0:liuxiang
[root@localhost run]# :>john.pot //清空破解记录
[root@localhost run]# cat john.pot //查看破解记录