man john


File: *manpages*,  Node: john,  Up: (dir)
JOHN(8)                     System Manager's Manual                    JOHN(8)
       john - a tool to find weak passwords of your users
       john [options] password-files
       This  manual page documents briefly the john command.  This manual page
       was written for the Debian GNU/Linux distribution because the  original
       program  does  not  have a manual page.  john, better known as John the
       Ripper, is a tool to find weak passwords of users in a server. John can
       use  a  dictionary or some search pattern as well as a password file to
       check for passwords. John supports different cracking modes and  under‐
       stands  many  ciphertext  formats,  like  several DES variants, MD5 and
       blowfish. It can also be used to extract AFS and Windows NT passwords.
       To use John, you just need to supply it a password file and the desired
       options.  If  no  mode is specified, john will try "single" first, then
       "wordlist" and finally "incremental".
       Once John finds a password, it will be  printed  to  the  terminal  and
       saved  into  a  file  called ~/.john/john.pot. John will read this file
       when it restarts so it doesn't try to crack already done passwords.
       To see the cracked passwords, use
       john -show passwd
       Important: do this under the same  directory  where  the  password  was
       cracked  (when  using  the  cronjob, /var/lib/john), otherwise it won't
       While cracking, you can press any key for status, or  Ctrl+C  to  abort
       the  session,  saving point information to a file ( ~/.john/john.rec by
       default). By the way, if you press Ctrl+C twice John will abort immedi‐
       ately  without  saving.   The  point information is also saved every 10
       minutes (configurable in the configuration  file,  ~/.john/john.ini  or
       ~/.john/john.conf ) in case of a crash.
       To continue an interrupted session, run:
       john -restore
       Now,  you  may notice that many accounts have a disabled shell, you can
       make John ignore these (assume that shell is called /etc/expired ):
       john -show -shells:-/etc/expired passwd
       You might want to mail all the users who got weak  passwords,  to  tell
       them  to  change  the  passwords.  It's  not  always a good idea though
       (unfortunately, lots of people seem to ignore such mail, it can be used
       as  a  hint  for  crackers, etc), but anyway, I'll assume you know what
       you're doing. Get a copy of the 'mailer' script supplied with John,  so
       you  won't change anything that's under /usr/sbin ; edit the message it
       sends, and possibly the mail command inside it (especially if the pass‐
       word  file is from a different box than you got John running on).  Then
        ./mailer passwd
       Anyway, you probably should have a look at  /usr/share/doc/john/OPTIONS
       for    a   list   of   all   the   command   line   options,   and   at
       /usr/share/doc/john/EXAMPLES for more John usage  examples  with  other
       cracking modes.
       All  the  options recognized by john start with a single dash (`-').  A
       summary of options is included below.
              Enables an external mode, using external  functions  defined  in
              ~/john.ini's [List.External:MODE] section.
              Allows  you  to  override  the ciphertext format detection. Cur‐
              rently, valid format names are DES, BSDI, MD5, BF, AFS, LM.  You
              can  use  this  option  when cracking or with '-test'. Note that
              John can't crack password files with different  ciphertext  for‐
              mats at the same time.
              Tells John to load users of the specified group(s) only.
              Enables  the  incremental  mode,  using the specified ~/john.ini
              definition (section [Incremental:MODE], or [Incremental:All]  by
              Generates  a  charset  file, based on character frequencies from
              ~/.john/john.pot, for use with the incremental mode. The  entire
              ~/.john/john.pot  will  be  used for the charset file unless you
              specify some password files. You can also use an  external  fil‐
              ter() routine with this option.
              Continues  an interrupted cracking session, reading point infor‐
              mation from the specified file (~/.john/john.rec by default).
       -rules Enables wordlist rules, that are read from [List.Rules:Wordlist]
              in  /etc/john/john.conf  (or  the alternative configuration file
              you might specify on the command line).
              This option requires the -wordlist option to be passed as well.
              This feature sometimes allows you to achieve better performance.
              For  example  you  can  crack  only  some salts using '-salts:2'
              faster, and then crack the rest using '-salts:-2'. Total  crack‐
              ing time will be about the same, but you will get some passwords
              cracked earlier.
              You might need this option if you don't have enough  memory,  or
              don't  want  John  to  affect  other processes too much. Level 1
              tells John not to waste memory on login names, so you won't  see
              them  while  cracking.  Higher levels have a performance impact:
              you should probably avoid using them unless John doesn't work or
              gets into swap otherwise.
              Allows  you  to specify another point information file's name to
              use for this cracking session. This is useful for running multi‐
              ple instances of John in parallel, or just to be able to recover
              an older session later, not always continue the latest one.
              This option is useful to load accounts with a valid shell  only,
              or  not to load accounts with a bad shell. You can omit the path
              before a shell name, so '-shells:csh' will match both '/bin/csh'
              and  '/usr/bin/csh',  while  ´-shells:/bin/csh'  will only match
       -show  Shows the cracked passwords in a  convenient  form.  You  should
              also  specify  the password files. You can use this option while
              another John is cracking, to see what it did so far.
              Enables   the   "single   crack"   mode,   using   rules    from
              Prints status of an interrupted or running session. To get an up
              to date status information of a detached running  session,  send
              that copy of John a SIGHUP before using this option.
       -stdin These are used to enable the wordlist mode (reading from stdin).
              When used with a cracking mode, except for "single crack", makes
              John print the words it generates to stdout instead of cracking.
              While  applying  wordlist rules, the significant password length
              is assumed to be LENGTH, or unlimited by default.
       -test  Benchmarks all the enabled ciphertext format crackers, and tests
              them for correct operation at the same time.
              This  option does not need any file passed as argument. Its only
              function is to benchmark the system john is running on.
              Allows you to filter a few accounts for cracking,  etc.  A  dash
              before  the  list can be used to invert the check (that is, load
              all the users that aren't listed).
              These are used to enable the wordlist mode, reading  words  from
       John can work in the following modes:
              John  will  simply  use a file with a list of words that will be
              checked against the passwords.  See  RULES  for  the  format  of
              wordlist files.
       Single crack
              In  this  mode,  john  will  try to crack the password using the
              login/GECOS information as passwords.
              This is the most powerful mode. John will try any character com‐
              bination to resolve the password.  Details about these modes can
              be found in the MODES file in  john's  documentation,  including
              how to define your own cracking methods.
              is where you configure how john will behave.
              has  the message sent to users when their passwords are success‐
              fully cracked.
              is used to configure how john will send messages to  users  that
              had their passwords cracked.
       mailer(8), unafs(8), unique(8), unshadow(8),
       The programs and the configuration files are documented fully by John's
       documentation, which should  be  available  in  /usr/share/doc/john  or
       other location, depending on your system.
       This  manual  page  was written by Jordi Mallach <> and
       Jeronimo   Pellegrini  <>,   for   the   Debian
       GNU/Linux system (but may be used by others).
       John  the  Ripper  was  written by Solar Designer <>.
       The complete list of contributors can be found in the CREDITS  file  in
       the documentation directory.
john                             June 09, 2008                         JOHN(8)


Добавить комментарий

Ограниченный HTML

  • Допустимые HTML-теги: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Строки и абзацы переносятся автоматически.
  • Адреса веб-страниц и email-адреса преобразовываются в ссылки автоматически.
А не робот ли вы случайно?
14 + 3 =
Решите эту простую математическую задачу и введите результат. Например, для 1+3, введите 4.